MicroBurst is a PowerShell toolkit from NetSPI focused on assessing Microsoft Azure security by automating discovery, enumeration, and targeted auditing of cloud services and configurations. It bundles many functions to enumerate Azure resources (subscriptions, VMs, storage accounts, container registries, App Services and more), probe common misconfigurations, and harvest sensitive artifacts when available (for example storage blobs, keys, automation account credentials, and other subscription-level secrets). The project exposes both interactive helpers and scripted commands (e.g., Invoke-EnumerateAzureBlobs, Invoke-EnumerateAzureSubDomains, REST-based VM command execution and storage key retrieval routines) so operators can pivot from discovery to validated proof-of-concept actions during authorized penetration tests.
Features
- Comprehensive Azure resource enumeration across subscriptions with output export to CSV/JSON
- REST-based credential and secrets extraction helpers (Automation accounts, Key Vault, Storage keys)
- Subdomain/blob permutation discovery with threaded enumeration and Bing dorking support
- Post-exploitation helpers to run commands on VMs via managed identity/REST flows
- Safe-mode audit runner that performs non-destructive checks and reports potential issues only
- Modular plugin system and a Python companion port for higher-performance, multi-threaded scanning
Project Samples
