It consists of three separate parts:

A PowerShell noscript where the majority of modules are located
An HTML GUI that can leverage an access token to navigate and pillage a user's account
A simple PHP redirector for harvesting authentication codes during an OAuth flow
Main Features

Search and export email
Search and export SharePoint and OneDrive files accessible to a user
Search all Teams chats and channels visible to the user and export full conversations
Deploy malicious apps
Discover misconfigured mailboxes that are exposed
Clone security groups to carry out watering hole attacks
Find groups that can be modified directly by your user or where membership rules can be abused to gain access
Search all user attributes for specific terms
Leverage a GUI built on the Graph API to pillage a user's account
Dump conditional access policies
Dump app registrations and external apps including consent and scope to identify potentially malicious apps
Tools to complete OAuth flow during consent grant attacks
GraphRunner doesn't rely on any third-party libraries or modules
Works with Windows and Linux
Continuously refresh your token package