Halberd is an open-source security testing tool to proactively assess cloud threat detection by executing a comprehensive array of attack techniques across multiple surfaces.
Leveraging Halberd, security teams can very quickly & easily execute attack techniques to generate telemetry and validate their detection & response capabilities via a simple intuitive web application.Evaluate defenses across multiple attack surfaces, including Entra ID, M365, Azure and AWS.
Halberd works on Linux, macOS & Windows and can be setup easily in just a few steps.
$ git clone https://github.com/vectra-ai-research/Halberd.git
$ cd Halberd
$ python3 -m venv venv
$ source venv/bin/activate
$ pip install -r requirements.txt
$ python3 Halberd.py
Checkout detailed instructions in deployment guide.
Once setup start testing by accessing the Halberd web app in your browser.
Visit: http://127.0.0.1:8050/
Module details & usage elaborates on specific executable techniques and interesting capabalities of Halberd.
Checkout Testing Use Cases for examples.
- Entra ID Techniques
- M365 Techniques
- Azure Techniques
- AWS Techniques
- Advanced Recon Widgets
- Access Manager
- Reporting
- Technique Execution via Intutive Web-App
Note: Halberd is continuously evolving and getting better with more testing techniques, new capabilities & fixes. Try to use the latest version available whenever possible.
Once Halberd is deployed & running, start testing by accessing http://127.0.0.1:8050/ in your browser.
Allows management of access-tokens/clients/sessions and review of current access information for various targets.
Allows selection and execution of attack techniques. From the Attack view, select Attack Surface > Tactic > Technique > Execute.
Provides numerous advanced reconnaissance dashboards enabling fast and easy information gathering by automatically executing sequence of reconnaissance in the environment.
Example: Navigate to Recon > Entity Map > Generate Entity Map to generate an interactive graph of access & privileges in the cloud environment.
Displays log of all executed techniques and allows downloading report.
Note: Different techniques require varying access & privileges for successful execution. Start by establishing relevant access using Initial Access tactic under each attack surface.
Checkout usage for more information on testing with Halberd.
- Thanks for considering contributing to Halberd! Your contributions will make security testing easier & better.
- Submit bugs & issues here
If you are interested in contributing to Halberd, checkout development focus areas & guidance on contributions.
If you found this tool useful, want to share interesting use-cases or ideas - reach out & share them!
- Author : Arpan Sarkar
- Maintainer : Arpan Sarkar
Halberd is inspired from many amazing ideas and work produced by several talented members/groups of the security community. Checkout some of them here.