Graphpython

It builds upon the capabilities of AADInternals (Killchain.ps1), GraphRunner, and TokenTactics(V2) to provide a comprehensive solution for interacting with the Microsoft Graph API for red team and cloud assumed breach operations.

Graphpython covers external reconnaissance, authentication/token manipulation, enumeration, and post-exploitation of various Microsoft services, including Entra ID (Azure AD), Office 365 (Outlook, SharePoint, OneDrive, Teams), and Intune (Endpoint Management).

The commands are categorised into the following sections:
- Outsider - external domain reconnaissance and user enumeration
- Authentication - authentication and token manipulation
- Post-Auth Enumeration - Entra/o365 enumeration
- Post-Auth Exploitation - Entra/o365 exploitation
- Post-Auth Intune Enumeration - Intune enumeration
- Post-Auth Intune Exploitation - Intune exploitation
- Cleanup - removing malicious accounts/artifacts
- Locators - identifying unknown objects and permission IDs