AzureHound

Please go to BloodHound after gathering information with AzureHound.

Custom queries for finding interesting stuff https://hausec.com/2020/11/23/azurehound-cypher-cheatsheet/.

Prerequisites

Install PowerShell Azure Module Install-Module -Name Az

Usage

Import the .ps1

. .\AzureHound.ps1

Connect to AzureAD.

Connect-AZAccount

Run AzureHound

Invoke-AzureHound -Install

Examples

PS C:\Users\ops > . .\AzureHound.ps1
PS C:\Users\ops > Connect-AZAccount

Account                        SubscriptionName    TenantId                             Environment
-------                        ----------------    --------                             -----------
[email protected]             example-prd         1cd4303[...]2d6530b           AzureCloud

PS C:\Users\ops > Invoke-AzureHound -Install

Untrusted repository
You are installing the modules from an untrusted repository. If you trust this repository, change its InstallationPolicy value by running the Set-PSRepository cmdlet. Are you sure you want to install the modules from 'PSGallery'?
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "N"): A

[...]
Writing JSON chunk 1/1
Done processing application to service principal relations
Processing Application Admins
Writing output for applicationadmins
Chunking output in 250 item sections
Done processing Application Admins
Processing Cloud Application Admins
Writing output for cloudappadmins
Chunking output in 250 item sections
Done processing Cloud Application Admins
Compressing files
Zip file created: C:\Users\ops\2021112345634-azurecollection.zip
Done! Drag and drop the zip into the BloodHound GUI to import data.
Account                Environment      TenantId                          TenantDomain                      AccountType
-------                -----------      --------                          ------------                      -----------
[email protected]     AzureCloud       1cd4303[...]2d6530         1cd4303[...]2d6530         AccessToken

URL list