detecting-suspicious-oauth-application-consent
CommunityDetect risky OAuth consent in Azure AD.
AuthorYukiIto1999
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Illicit OAuth consent grants in Azure AD / Entra ID can grant attackers broad access. This skill enumerates OAuth2 permission grants, analyzes scopes for high-risk access, and correlates with service principals and audit logs to identify potentially malicious consent events.
Core Features & Use Cases
- Enumerate OAuth2 permission grants via Microsoft Graph API
- Analyze granted scopes against risk profiles and publisher verification
- Correlate with service principals and directory audit logs to surface suspicious consent patterns
Quick Start
Authenticate to Azure AD Graph API using a tenant, client id, and client secret, then run the full audit to generate risk findings and remediation recommendations.
Dependency Matrix
Required Modules
msalrequests
Components
scriptsreferences
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: detecting-suspicious-oauth-application-consent Download link: https://github.com/YukiIto1999/ctf-sleuth/archive/main.zip#detecting-suspicious-oauth-application-consent Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.