-
Notifications
You must be signed in to change notification settings - Fork 123
Home
Power Pwn is an offensive and defensive security toolset for Microsoft 365 Power Platform and AI services. Developed and maintained by Zenity, it empowers security professionals to identify and test vulnerabilities across Microsoft's low-code/no-code and AI ecosystem.
Power Pwn provides a comprehensive suite of security testing tools designed to:
- Assess Microsoft 365 tenant security and identify misconfigurations
- Discover exposed AI agents and bots accessible to unauthorized users
- Test Copilot deployments for data leakage and unauthorized access
- Enumerate and analyze Power Platform resources and AI assistants
Whether you're conducting a penetration test, red team engagement, or security assessment of your own organization, Power Pwn offers the tools you need to evaluate Microsoft 365 and Power Platform security posture.
| Module | Description |
|---|---|
| PowerDump | Comprehensive tenant scanning and data collection for Microsoft 365 environments |
| Copilot Studio Hunter | Discover and test misconfigured Copilot Studio bots exposed to unauthenticated users |
| Custom GPT Hunter | Enumerate and analyze custom GPTs and agent builders |
| LLM Hound | Discover publicly exposed AI agents across the internet using Shodan |
| Copilot M365 | Test Microsoft 365 Copilot for unauthorized data retrieval |
| Power Pages | Identify misconfigured Power Pages that leak Dataverse tables |
New to Power Pwn? Head to the Getting Started guide to set up your environment and run your first scan.
For detailed documentation on each module, use the navigation menu on the right panel to browse all available guides and reference materials.
Open Chatgpt