-
Notifications
You must be signed in to change notification settings - Fork 0
Using AzureHound
SethBodine edited this page Oct 20, 2023
·
5 revisions
AzureHound is built at container image start-up so may take a few minutes before it's available
cd /opt/AzureHound/ # Execution path
# Paste the following code to perfrom device authentication
azdevcode=$(curl -X POST https://login.microsoftonline.com/common/oauth2/devicecode?api-version=1.0 -H "User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36" -d "client_id=1950a258-227b-4e31-a9cf-717495945fc2&resource=https://graph.microsoft.com")
az_user_code=$(echo ${azdevcode} | jq -rc '.user_code')
az_device_code=$(echo ${azdevcode} | jq -rc '.device_code')
az_verify_url=$(echo ${azdevcode} | jq -rc '.verification_url')
az_message=$(echo ${azdevcode} | jq -rc '.message')
echo -e "\n\n${az_message}\n\nOnce authenticated press enter to complete authentication."
read
aztoken=$(curl -X POST https://login.microsoftonline.com/Common/oauth2/token?api-version=1.0 -H "User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36" -d "client_id=1950a258-227b-4e31-a9cf-717495945fc2&grant_type=urn:ietf:params:oauth:grant-type:device_code&code=${az_device_code}")
az_refresh_token=$(echo ${aztoken} | jq -rc '.refresh_token')
read -p "Tenant Name: " tenantname
AzureHound -r ${az_refresh_token} list --tenant "${tenantname}.onmicrosoft.com" -o output_azurehound_${tenantname}.json