search

silverhack / monkey365

Monkey365 provides a tool for security consultants to easily conduct not only Microsoft 365, but also Azure subscriptions and Microsoft Entra ID security configuration reviews.
https://silverhack.github.io/monkey365/
Apache License 2.0
846 stars 92 forks source link

[Bug]: I can't make a sharepoint report #125

Open impalaa opened 2 days ago

impalaa commented 2 days ago

Hi, thakns for this tool !

I would like audit my tenant but, audit of sharepoint doesn't works. I have create a new online user and adding these roles :

Steps to reproduce the behavior:

  1. What command are you running?

I have used the commands same as the documentation :

$param = @{ Instance = 'Microsoft365'; Collect = 'ExchangeOnline','MicrosoftTeams','Purview','SharePointOnline'; PromptBehavior = 'SelectAccount'; IncludeEntraID = $true; ExportTo = 'HTML'; } $assets = Invoke-Monkey365 @param

  1. See error

$assets = Invoke-Monkey365 @param AVERTISSEMENT : [13:22:25:031] - [Connect-MonkeyM365] - Not connected to SharePointOnline - warning - DESKTOP-XXX - Monkey365SharePointError AVERTISSEMENT : [13:22:25:039] - [Connect-MonkeyM365] - Unable to connect SharePoint online. No valid host was found - warning - DESKTOP-XXX - Monkey365SharePointError

From where are you running Monkey365?

Powershel v5.1 on Windows 11

Thank you for support !

silverhack commented 2 days ago

Hi @impalaa,

Glad you like it! :D

According to the error message It seems that monkey365 is unable to get information from Microsoft Graph regarding available SharePoint domains.

As a workaround, you can include the -ScanSites param 


$param = @{
    Instance = 'Microsoft365';
    Collect = 'ExchangeOnline','MicrosoftTeams','Purview','SharePointOnline';
    PromptBehavior = 'SelectAccount';
    IncludeEntraID = $true;
    ExportTo = 'HTML';
    ScanSites = https://**yourdomain**.sharepoint.com;
}
Invoke-Monkey365 @param

That flag is not documented yet, I'll add this to my TODO list and will try to better document the tool.

Thanks,

impalaa commented 2 days ago

Thanks for your fast answer.

I have tried like that :

$param = @{
    Instance = 'Microsoft365';
    Collect = 'ExchangeOnline','MicrosoftTeams','Purview','SharePointOnline';
    PromptBehavior = 'SelectAccount';
    IncludeEntraID = $true;
    ExportTo = 'HTML';
    ScanSites = https://domain-admin.sharepoint.com;
}

I have an error :

The term “https://domain-admin.sharepoint.com” is not recognized as a command applet name.

Do you have an idea ?

Thanks again :)

silverhack commented 1 day ago

Hi,

This is because you're copying and pasting the whole snippet. Try with this one (Please, note the quotes between domain name):


$param = @{
    Instance = 'Microsoft365';
    Collect = 'ExchangeOnline','MicrosoftTeams','Purview','SharePointOnline';
    PromptBehavior = 'SelectAccount';
    IncludeEntraID = $true;
    ExportTo = 'HTML';
    ScanSites = "https://domain.sharepoint.com";
}
Invoke-Monkey365 @param

Please, also note that you must use the regular non-admin SharePoint url, and not the SharePoint admin url (i.e. yourdomain-admin.sharepoint.com is not allowed for ScanSites param). Once the default url is set, Monkey365 will attempt to authenticate to the url passed through the ScanSites parameter, and if the authentication is done, then will try to locate and authenticate as well to the admin blade.

Hope that helps!