End-to-end workflow for a SecurityAuditScripts engagement: pre-flight → run → report → brief.
Complete before arriving on-site or starting a remote session.
- Python 3.10+ available (
python3 --version) - pip dependencies installed (
pip install -r requirements.txtfrom repo root) - AWS credentials configured if doing AWS (
aws sts get-caller-identity) - Client domain name confirmed (e.g.
acme.ie)
- PowerShell 7+ (
pwsh --version) - Az module:
Install-Module Az -Scope CurrentUser -Force - Microsoft.Graph module:
Install-Module Microsoft.Graph -Scope CurrentUser -Force - ExchangeOnlineManagement module (for exchange auditor):
Install-Module ExchangeOnlineManagement -Scope CurrentUser -Force - Authenticated to Azure:
Connect-AzAccount(use Global Admin or Security Reader) - Authenticated to Graph:
Connect-MgGraph -Scopes "User.Read.All","Policy.Read.All","DeviceManagementManagedDevices.Read.All","RoleManagement.Read.Directory","Application.Read.All" - Exchange connected (if running exchange auditor):
Connect-ExchangeOnline - Client's LAN CIDR range noted (ask IT manager: "What subnet are your office machines on?" — typically
192.168.1.0/24or10.0.0.0/24) - Running as local administrator if auditing on-prem Windows hosts
These auditors need only the client's domain. Run them from your Linux/Mac machine while waiting for credentials.
cd ~/Claude/SecurityAuditScripts
python3 audit.py --client "Acme Corp" --email --ssl --http-headers \
--domain acme.ie --output ./reports/Produces: email_report, ssl_report, http_headers_report. Takes ~30 seconds.
Good opener: shows the external posture before you touch anything inside the tenant.
Run this on the Windows machine with the Az + Graph modules authenticated.
cd \path\to\SecurityAuditScripts
# Azure + M365 + Windows on-prem (everything except netexpose)
.\Run-Audit.ps1 -Client "Acme Corp" -All -AllSubscriptions -Open
# Azure only
.\Run-Audit.ps1 -Client "Acme Corp" -Azure -AllSubscriptions
# M365 only
.\Run-Audit.ps1 -Client "Acme Corp" -M365
# Windows on-prem only (run as administrator)
.\Run-Audit.ps1 -Client "Acme Corp" -WindowsOutput lands in .\acme_corp_YYYYMMDD\.
.\OnPrem\Windows\netexpose-auditor\netexpose_auditor.ps1 `
-Target 192.168.1.0/24 `
-Output .\acme_corp_YYYYMMDD\netexpose_reportAdjust -TimeoutMs 500 on fast LANs, -ThrottleLimit 25 if the network is congested.
# Full AWS audit
python3 audit.py --client "Acme Corp" --aws \
--profile acme-prod --regions eu-west-1 \
--output ./reports/
# Linux on-prem (run directly on target host)
python3 audit.py --client "Acme Corp" --linux --output ./reports/-
Copy the client folder from the Windows machine to your Linux machine:
# Example via scp (adjust path) scp -r user@windowshost:C:/SecurityAuditScripts/acme_corp_20260407/ \ ./reports/Acme-Corp-2026-04-07/Or use a USB drive, shared folder, or OneDrive. The folder just needs to contain all
*_report.jsonfiles in one directory. -
Generate the executive summary:
python3 tools/exec_summary.py \ --input-dir ./reports/Acme-Corp-2026-04-07/ \ --output ./reports/Acme-Corp-2026-04-07/exec_summary.html \ --client-name "Acme Corp"Or if you ran
Run-Audit.ps1with Python available on the Windows machine, the summary is generated automatically (pass-Opento open it in the browser immediately).
The executive summary HTML is self-contained — open it in any browser, no internet required. Walk the client through:
- Overall score and grade — frame as "this is where you are today; here's what B looks like"
- CRITICAL findings first — each has a remediation step written for an IT manager, not a security engineer
- Quick wins table — "here are 5 things your IT person can fix this afternoon"
- Pillar cards — show which areas are clean vs need attention
Avoid reading finding detail verbatim. Translate: "RDP exposed on 3 hosts" → "anyone on your Wi-Fi could try to log into those servers directly."
| Auditor group | Auth required | Module |
|---|---|---|
| Azure (all) | Az context | Az |
| Entra / M365 (users, CA, MFA) | Graph | Microsoft.Graph |
| Exchange Online | Exchange session | ExchangeOnlineManagement |
| Windows on-prem | Local admin | (built-in PS cmdlets) |
| AWS | CLI profile | aws CLI |
| Email / SSL / HTTP headers | None | (DNS + TCP only) |
| netexpose | None (LAN access) | (built-in .NET TCP) |