nicolasblank

nicolasblank / privileged-app-path-auditor

Public

Audit Entra ID for privilege escalation paths through application permissions, role assignments, and app ownership

19
3
100% credibility
Found Mar 21, 2026 at 19 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
PowerShell
AI Summary

A PowerShell script that audits Microsoft Entra ID tenants to detect privilege escalation paths via app registrations, service principals, and related security misconfigurations.

How It Works

1
🔍 Discover the security checker

You hear about this free tool that spots hidden risks in your company's Microsoft login setup, where regular users might sneak into top admin powers.

2
📥 Get the tool

Download the zip file from GitHub and unzip it to a folder on your computer – no fancy setup needed.

3
🔧 Prepare to connect

Make sure you have the latest PowerShell open and the needed free add-ons installed if you don't already.

4
🔗 Sign in and start

Run the tool, sign in with your work reader account through a browser pop-up, and pick a check like full scan – it safely reads your company's app ownerships.

5
▶️ Watch it scan

The tool quietly checks apps, users, and permissions for dangerous paths, taking just minutes depending on your company size.

6
📋 Review the findings

Get a clear console report or optional folder of spreadsheets with risks highlighted, direct links to your Microsoft portal, and fix-it tips.

7
🛠️ Fix the risks

Click the links to review owners of powerful apps, remove extras, trim permissions, or disable unused ones as guided.

Safer setup achieved

Re-run the tool to confirm risks are gone, and enjoy peace of mind knowing your company's admin powers are better protected.

Sign up to see the full architecture

6 more

Sign Up Free

Star Growth

See how this repo grew from 19 to 19 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is privileged-app-path-auditor?

This PowerShell tool audits Entra ID tenants for privilege escalation paths through app registrations, service principals, and ownership chains. It flags risks like regular users owning apps with Global Admin-equivalent permissions, role-based service principal control by App Admins, unowned privileged apps, and hidden SP-level credentials not visible in the portal—all via Microsoft Graph queries. Run modes like Full or AttackPath to get console output or CSVs with direct Entra portal links, with no files written by default.

Why is it gaining traction?

Unlike basic permission listers or paid E5 tools, it maps full attack paths (user owns app → adds secret → escalates silently), detects consent policy gaps, stale high-privilege apps, and credential hygiene issues like multiple secrets. Zero-cost, dependency-light (just Graph SDK), and tenant-focused classification skips Microsoft first-party apps while prioritizing home/third-party ones. Developers dig the actionable CSVs for entra audit logs review, bulk triage, and verification runs.

Who should use this?

Entra ID admins auditing tenants for app ownership risks or privilege paths. Security engineers in Microsoft shops checking entra audit tool outputs against audit entraid logs retention or consent weaknesses. SecOps teams securing applications for GitHub Actions workflows or reviewing github audit log equivalents in Entra.

Verdict

Grab it for Entra tenants—excellent docs and CLI make it dead simple despite 19 stars and 1.0% credibility signaling early maturity. Run Full mode weekly; pair with PIM for production hardening.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.