Enumeration
Azure Enumeration Tools
o365creeper - Enumerate valid email addresses
CloudBrute - Tool to find a cloud infrastructure of a company on top Cloud providers
cloud_enum - Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud
Azucar
Azucar - Security auditing tool for Azure environments
git clone https://github.com/nccgroup/azucar.gitPS> Get-ChildItem -Recurse c:\Azucar_V10 | Unblock-FilePS> .\Azucar.ps1 -AuthMode UseCachedCredentials -Verbose -WriteLog -Debug -ExportTo PRINT
PS> .\Azucar.ps1 -ExportTo CSV,JSON,XML,EXCEL -AuthMode Certificate_Credentials -Certificate C:\AzucarTest\server.pfx -ApplicationId 00000000-0000-0000-0000-000000000000 -TenantID 00000000-0000-0000-0000-000000000000
PS> .\Azucar.ps1 -ExportTo CSV,JSON,XML,EXCEL -AuthMode Certificate_Credentials -Certificate C:\AzucarTest\server.pfx -CertFilePassword MySuperP@ssw0rd! -ApplicationId 00000000-0000-0000-0000-000000000000 -TenantID 00000000-0000-0000-0000-000000000000PS> .\Azucar.ps1 -ResolveTenantUserName [email protected]CrowdStrike Reporting Tool for Azure (CRT) - Query Azure AD/O365 tenants for hard to find permissions and configuration settings
ScoutSuite - Multi-cloud security auditing tool. Security posture assessment of different cloud environments.
BlobHunter - A tool for scanning Azure blob storage accounts for publicly opened blobs
Grayhat Warfare - Open Azure blobs and AWS bucket search
Office 365 User Enumeration - Enumerate valid usernames from Office 365 using ActiveSync, Autodiscover v1 or office.com login page
CloudFox - Automating situational awareness for cloud penetration tests
Monkey365 - Conduct Microsoft 365, Azure subscriptions and Azure Active Directory security configuration reviews
Azure-AccessPermissions - PowerShell script to enumerate access permissions in an Azure AD environment
Prowler - Perform AWS and Azure security best practices assessments, audits, incident response, continuous monitoring, hardening and forensics readiness
Last updated