Darknet - Hacking Tools, Hacker News & Cyber Security

Darknet is your best source for the latest hacking tools, hacker news, cyber security best practices, ethical hacking & pen-testing.

Monkey365 – PowerShell Security Scanner for Microsoft 365, Azure, and Entra ID

Views: 1,756

Monkey365 is a PowerShell module designed for security consultants and DevSecOps teams to automate configuration audits across Microsoft 365, Azure, and Entra ID. It runs over 160 CIS benchmark checks and produces structured HTML, CSV, JSON, or CLIXML reports.

Monkey365 - PowerShell Security Scanner for Microsoft 365, Azure, and Entra ID

The tool is collector-based, harvesting metadata via PowerShell commands, evaluating it against built-in rules, and generating assessments without requiring complex cloud API setups.

With Monkey365 you can scan for potential misconfigurations and security issues in public cloud accounts according to security best practices and compliance standards, across Azure, Microsoft Entra ID, and Microsoft 365 core applications.

Core Features

  • Multi-Cloud Coverage
    Scans across Microsoft 365 (Exchange, Teams, SharePoint), Azure subscriptions, and Entra ID in one module.
  • 160+ CIS Benchmark Rules
    Implements CIS Azure Foundations and Microsoft 365 checks out of the box, with plans to support NIST, HIPAA, GDPR, and PCI‑DSS benchmarks
  • Flexible Output Formats
    Exports results in HTML, JSON, CSV, or CLIXML. Ideal for automation or manual review.
  • Custom Rules Support
    Allows configuration via JSON rule files or MkDocs plugins for tailored environments.
  • CI/CD Friendly Mode
    Available as a GitHub Action, enabling integration into pipelines to detect misconfigurations early.

Install and Get Started

Install from PowerShell Gallery:

Install-Module -Name monkey365 -Scope CurrentUser
Import-Module monkey365

Check available commands:

Get-Command -Module monkey365
Get-Help Invoke-Monkey365 -Detailed

Run a basic Azure scan:

Invoke-Monkey365 -Instance Azure 
  -Collect VirtualMachines,KeyVault,StorageAccounts 
  -IncludeEntraID `
  -ExportTo HTML

The output includes a dashboard-style HTML with pass/fail indicators for each compliance check.

Community & Maintenance

  • Stars: ~1 000, Forks: 109, actively maintained with regular updates and beta releases.
  • Discussions track features requests, such as updating to CIS v3 and improving output formatting.

Final Thoughts

Monkey365 fills a niche for teams that need a portable, scriptable, and benchmark-driven security scanner across Microsoft cloud environments. Its flexibility, compliance focus, and avoidance of commercial dependencies make it a strong candidate for consultants, DevOps teams, and auditors.

You can read more or download Monkey365 here: https://github.com/silverhack/monkey365

Related Posts:

Share
Tweet
Share
Buffer
WhatsApp
Email

Filed Under: Cloud Security