Enumeration

- Enumerate valid email addresses

- Tool to find a cloud infrastructure of a company on top Cloud providers

- Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud

Azucar

- Security auditing tool for Azure environments

git clone https://github.com/nccgroup/azucar.git

PS> Get-ChildItem -Recurse c:\Azucar_V10 | Unblock-File

PS> .\Azucar.ps1 -AuthMode UseCachedCredentials -Verbose -WriteLog -Debug -ExportTo PRINT
PS> .\Azucar.ps1 -ExportTo CSV,JSON,XML,EXCEL -AuthMode Certificate_Credentials -Certificate C:\AzucarTest\server.pfx -ApplicationId 00000000-0000-0000-0000-000000000000 -TenantID 00000000-0000-0000-0000-000000000000
PS> .\Azucar.ps1 -ExportTo CSV,JSON,XML,EXCEL -AuthMode Certificate_Credentials -Certificate C:\AzucarTest\server.pfx -CertFilePassword MySuperP@ssw0rd! -ApplicationId 00000000-0000-0000-0000-000000000000 -TenantID 00000000-0000-0000-0000-000000000000

PS> .\Azucar.ps1 -ResolveTenantUserName [email protected]

- Query Azure AD/O365 tenants for hard to find permissions and configuration settings

- Multi-cloud security auditing tool. Security posture assessment of different cloud environments.

- A tool for scanning Azure blob storage accounts for publicly opened blobs

- Open Azure blobs and AWS bucket search

- Enumerate valid usernames from Office 365 using ActiveSync, Autodiscover v1 or office.com login page

- Automating situational awareness for cloud penetration tests

- Conduct Microsoft 365, Azure subscriptions and Azure Active Directory security configuration reviews