Skip to content

Using AzureHound

SethBodine edited this page Oct 20, 2023 · 5 revisions

Updates

AzureHound is built at container image start-up so may take a few minutes before it's available

Prepare the environment

cd /opt/AzureHound/                 # Execution path

Authenticate

# Paste the following code to perfrom device authentication

azdevcode=$(curl -X POST https://login.microsoftonline.com/common/oauth2/devicecode?api-version=1.0 -H "User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36" -d "client_id=1950a258-227b-4e31-a9cf-717495945fc2&resource=https://graph.microsoft.com")
az_user_code=$(echo ${azdevcode} | jq -rc '.user_code')
az_device_code=$(echo ${azdevcode} | jq -rc '.device_code')
az_verify_url=$(echo ${azdevcode} | jq -rc '.verification_url')
az_message=$(echo ${azdevcode} | jq -rc '.message')

echo -e "\n\n${az_message}\n\nOnce authenticated press enter to complete authentication."
read

aztoken=$(curl -X POST https://login.microsoftonline.com/Common/oauth2/token?api-version=1.0 -H "User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36" -d "client_id=1950a258-227b-4e31-a9cf-717495945fc2&grant_type=urn:ietf:params:oauth:grant-type:device_code&code=${az_device_code}")
az_refresh_token=$(echo ${aztoken} | jq -rc '.refresh_token')

Export Data via AzureHound

read -p "Tenant Name: " tenantname
AzureHound -r ${az_refresh_token} list --tenant "${tenantname}.onmicrosoft.com" -o output_azurehound_${tenantname}.json

Additional Information