Security News > 2021 > December > XMGoat: Open-source pentesting tool for Azure

XMGoat: Open-source pentesting tool for Azure
2021-12-08 06:30

XMGoat is an open-source tool that enables penetration testers, red teamers, security consultants, and cloud experts to learn how to abuse different misconfigurations within the Azure environment.

Misconfigurations within Azure environments are common.

"Currently, there aren't a lot of information or tools available to help the cyber community better understand the attack surfaces within Azure. We were able to identify some gaps when it comes to attacking the Azure environment, so we wanted to help the community close these gaps. This mission resulted in XMGoat, an open source tool that familiarizes users with potential misconfigurations within the Azure environment and teaches them how attackers might exploit the misconfigurations, as well as how to defend against them," Zur Ulianitsky, Head of XM Cyber Research, told Help Net Security.

XMGoat is composed of templates, and each template is a vulnerable environment with significant misconfigurations.

Your job is to attack and compromise the environments.

Azure CLI. Azure User with Owner permissions on Subscription and Global Admin privileges in AAD. XMGoat is available on GitHub.


News URL

https://www.helpnetsecurity.com/2021/12/08/xmgoat-pentesting-tool-azure/