Halberd is a powerful, multi-cloud security testing tool. Born out of the need for a unified, easy-to-use tool, Halberd enables you to proactively assess your cloud defenses by executing a comprehensive array of attack techniques across Entra ID, M365, Azure, and AWS. With its intuitive web interface, you can simulate real-world attacks, generate valuable telemetry, and validate your security controls with ease & speed.
Halberd lets you:
Clone that repo:
git clone https://github.com/vectra-ai-research/Halberd.git
Set up your playground:
cd Halberd
python3 -m venv venv
source venv/bin/activate # On Windows: venv\Scripts\activate
pip install -r requirements.txt
Install Azure CLI:
curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash
brew update && brew install azure-cli
Launch Halberd:
python3 Halberd.py
Point your browser to http://127.0.0.1:8050/
and start testing
Checkout usage for more information on testing with Halberd.
Pro tip: Start with "Initial Access" under each attack surface. You can't hack what you can't reach!
Got ideas? Found a bug? Want to add that one cool feature? We're all ears! Check out our contribution guidelines and let's make Halberd even more awesome together.
Halberd is the brainchild of Arpan Sarkar, a cloud security enthusiast with a penchant for making life harder for attackers (and easier for defenders).
We didn't reinvent the wheel โ we just made it roll smoother. Check out our inspirations and show some love to the amazing security tools that paved the way.
Now go forth and hack responsibly! ๐