Halberd is an open-source security testing tool to proactively assess cloud threat detection by executing a comprehensive array of attack techniques across multiple surfaces.

Evaluate defenses across multiple attack surfaces, including Entra ID, M365, Azure and AWS.

Halberd works on Linux, macOS & Windows and can be setup easily in just a few steps.

$ git clone https://github.com/vectra-ai-research/Halberd.git
$ cd Halberd
$ python3 -m venv venv
$ source venv/bin/activate
$ pip install -r requirements.txt
$ python3 Halberd.py

Checkout detailed instructions in deployment guide.

Once setup start testing by accessing the Halberd web app in your browser.

Visit: http://127.0.0.1:8050/

Module details & usage elaborates on specific executable techniques and interesting capabalities of Halberd.

Checkout Testing Use Cases for examples.

• Entra ID Techniques
• M365 Techniques
• Azure Techniques
• AWS Techniques
• Advanced Recon Widgets
• Access Manager
• Reporting
• Technique Execution via Intutive Web-App

Note: Halberd is continuously evolving and getting better with more testing techniques, new capabilities & fixes. Try to use the latest version available whenever possible.

Once Halberd is deployed & running, start testing by accessing http://127.0.0.1:8050/ in your browser.

Allows management of access-tokens/clients/sessions and review of current access information for various targets.

Allows selection and execution of attack techniques. From the Attack view, select Attack Surface > Tactic > Technique > Execute.

Provides numerous advanced reconnaissance dashboards enabling fast and easy information gathering by automatically executing sequence of reconnaissance in the environment.

Example: Navigate to Recon > Entity Map > Generate Entity Map to generate an interactive graph of access & privileges in the cloud environment.

Displays log of all executed techniques and allows downloading report.

Note: Different techniques require varying access & privileges for successful execution. Start by establishing relevant access using Initial Access tactic under each attack surface.

Checkout usage for more information on testing with Halberd.

• Thanks for considering contributing to Halberd! Your contributions will make security testing easier & better.
• Submit bugs & issues here

If you are interested in contributing to Halberd, checkout development focus areas & guidance on contributions.

If you found this tool useful, want to share interesting use-cases or ideas - reach out & share them!

• Author : Arpan Sarkar
• Maintainer : Arpan Sarkar

Halberd is inspired from many amazing ideas and work produced by several talented members/groups of the security community. Checkout some of them here.