AI Summary: Power Pwn is a comprehensive offensive and defensive security toolset designed for the Microsoft 365 Power Platform and AI services. It includes multiple features such as tenant scanning with PowerDump, backdoor deployment, malware creation without coding, and tools for phishing and misconfiguration testing, providing users with extensive capabilities for security assessment and exploitation in Power Platform environments. Additionally, it offers utilities for enumerating custom GPTs and publicly exposed AI services, enhancing its utility for security professionals.

README

Overview

Power Pwn is an offensive and defensive security toolset for Microsoft 365 Power Platform and AI services.

Key Features, among others:

• 💾 PowerDump: Comprehensive tenant scanning and data collection
• 🚪 BackDoor: Deploy backdoor flows for persistent access to Power Platform environments
• 🦠 NoCodeMalware: Create and deploy malicious Power Platform artifacts without writing code
• 🎣 PowerPhishing: Abuse Power Platform for phishing campaigns and credential harvesting
• 🤖 Copilot Studio Hunter: Discover and test misconfigured Copilot Studio bots exposed to unauthenticated users
• 🤖 Custom GPT Hunter: Enumerate and analyze custom GPTs
• 🤖 Agent Builder Hunter: Discover publicly available Agent Builder deployments and enumerate their capabilities
• 🔎 LLM Hound: Discover publicly exposed MCPs & AI middleware across the internet using Shodan
• 🎯 Copilot M365: Test Microsoft 365 Copilot for unauthorized data retrieval
• 📄 Power Pages: Identify misconfigured Power Pages that leak Dataverse tables

Please review the tools documentation for the full list of features:

Check out our Wiki for comprehensive documentation, guides, and related talks!

A review of Power Pwn’s PowerDump module is available here:

Installation

For standard usage, install with:

pip install powerpwn

For developers and advanced usage, see our comprehensive Installation Guide which covers:

• Full automated installation (Python + external tools)
• Module-specific dependencies (ffuf, subfinder, Node.js, Puppeteer)
• Platform-specific instructions (macOS, Linux, Windows)
• Troubleshooting and verification steps

Some modules require additional tools. Please review the following Wiki pages for module-specific requirements:

• Powerdump
• Copilot Studio Hunter - deep-scan
• Copilot Studio Hunter - tools-recon
• Copilot Studio Hunter - enum
• CopilotM365

Quick Guide for Developers

Option 1: Full Installation (Recommended)

Install Python packages and external tools (ffuf, subfinder, Node.js):

python init_repo.py --install-external-tools
source .venv/bin/activate  # Linux/macOS
# or
.\.venv\Scripts\activate  # Windows

Supported on macOS and Linux. Windows requires manual tool installation.

Option 2: Python Only

Install Python packages only (manual tool installation needed later):

python init_repo.py
source .venv/bin/activate  # Linux/macOS

Verify Installation

pip install .
powerpwn --help

For detailed installation options, troubleshooting, and platform-specific guides, see INSTALLATION.md

Development Tips

1. Editable Mode: If local changes aren’t reflected when testing, reinstall in editable mode:

   pip install -e .
   

2. Python Version: Use Python 3.11 for GUI modules (PowerDump) to avoid compatibility issues.

3. PYTHONPATH Setup (if needed):

   • Linux/macOS: export PYTHONPATH=/[your_powerpwn_directory]/src:$PYTHONPATH
   • Windows PowerShell: $env:PYTHONPATH = "C:\[your_powerpwn_directory]\src;" + $env:PYTHONPATH

4. Code Formatting: Before submitting PRs, run:

   black -C -l 150 {file_path}
   

Usage

Quick Start

🎯 Common Use Cases

1. Tenant Security Assessment

Start with PowerDump to scan your Microsoft 365 tenant for security issues and collect comprehensive data.

2. Test M365 Copilot Security

Evaluate your M365 Copilot deployment for unauthorized data retrieval:

• Copilot M365 - whoami: Identify user context and permissions
• Copilot M365 - dump: Test data exfiltration scenarios

3. Hunt for Exposed Copilot Studio Bots

Test for misconfigured Copilot Studio bots accessible to unauthenticated users:

• Copilot Studio Hunter - deep-scan: Deep security analysis
• Copilot Studio Hunter - tools-recon: Discover bot capabilities
• Copilot Studio Hunter - enum: Enumerate available bots

4. Test Power Pages Security

Identify misconfigured Power Pages that could leak Dataverse tables.

📚 Full Documentation

Please review the Wiki for a complete module list, detailed usage instructions, and advanced scenarios.