Skip to content

Modules: Copilot Studio Hunter ‐ Deep Scan

Jump to bottom Edit New page
AvishaiEZen edited this page Oct 7, 2024 · 2 revisions

Description

Conducts deep scanning to find open Copilot Studio bots based on domains or tenant IDs using an automation which utilizes different Copilot Studio & Power Platform mechanics and the Power Platform API, FFUF and Puppeteer.

Additional Installation Notes

  1. Requires FFUF and Puppeteer to be installed and to exist within the path as a prerequisite. Please see the attached links for the installations.
  2. Note that Puppeteer might need to be installed locally via the local Puppeteer project directory:
    • Locate the internal Puppeteer directory (under the src -> powerpwn -> copilot_studio -> tools -> pup_is_webchat_live directory)
    • Run npm install
  3. For Windows machines running this module, it's recommended to have a Chrome installation in the default location (C:\Program Files\Google\Chrome\Application\chrome.exe).

Usage

powerpwn cli

  • Run the following command to perform a deep scan of accessible Copilot Studio demo websites based on a domain:
    copilot-studio-hunter deep-scan -d {domain} -t {no. of FFUF threads} -r {no. of FFUF requests per second} -mode {verbose or silent mode to be used in FFUF} -tp {environment solution prefix scan timeout in seconds} -tb {bots scan timeout in seconds}

  • Run the following command to perform a deep scan of accessible Copilot Studio demo websites based on a tenant ID:
    copilot-studio-hunter deep-scan -i {tenant ID} -t {no. of FFUF threads} -r {no. of FFUF requests per second} -mode {verbose or silent mode to be used in FFUF} -tp {environment solution prefix scan timeout in seconds} -tb {bots scan timeout in seconds}

Command Parameters

  • domain: The domain to query for tenant ID and run FFUF on
  • tenant_id: The tenant ID to run FFUF on
  • rate: Rate limit in seconds between FFUF requests
  • threads: Number of concurrent FFUF threads
  • timeout_prefix: The timeout for the solution prefix scan to have, in seconds (default is 5 minutes)
  • timeout_bots: The timeout for each of the bot scans (one-word/two-word/three-word) to have, in seconds (default is 5 minutes)
  • mode: Choose between verbose (-v) and silent (-s) mode for FFUF
Add a custom footer
Add a custom sidebar
Clone this wiki locally