Stormspotter is a tool that generates an "attack graph" to visualize the attack surface and pivot opportunities within an Azure subscription. It is particularly useful for red teams and penetration testers to assess and understand potential security vulnerabilities and attack paths within an Azure tenant. Additionally, Stormspotter can assist defenders in quickly orienting and prioritizing their incident response efforts by providing a clear overview of the security posture within the Azure environment.
Installation
With Docker:
Creates three containers: Stormspotter Frontend,Stormspotter Backend, Neo4j v4. The UI is exposed on port 9091.
Running Stormspotter:
Backend:
Web App:
Running Stormcollector:
Using Provided Package:
Alternative Installation:
Additional Information
· Stormspotter is in beta; not all resource typesare implemented for display.
· Supports local container deployment.
· Default Neo4j credentials: neo4j/password.
