Rogue Office 365 and Azure AD (active) Directory tools - ROADtools is a framework to interact with Azure AD. It currently consists of a library (roadlib) and the ROADrecon Azure AD exploration tool.


python3 -m pip install roadrecon


roadrecon [-h] {auth,gather,dump,gui,plugin} ...


ROADrecon - The Azure AD exploration tool.
By @_dirkjan -

To get started, use one of the subcommands. Each command has a help feature (roadrecon <command> -h).

1. Authenticate to Azure AD
roadrecon auth <options>

2. Gather all information
roadrecon gather <options>

3. Explore the data or export it to a specific format using a plugin
roadrecon gui
roadrecon plugin -h

positional arguments:
    auth                Authenticate to Azure AD
    gather (dump)       Gather Azure AD information
    gui                 Launch the web-based GUI
    plugin              Run a ROADrecon plugin

optional arguments:
  -h, --help            show this help message and exit


Authentication username / password based

$ roadrecon auth -u [email protected]

Tokens were written to .roadtools_auth

Authentication with device code (when MFA required)

$ roadrecon auth --device-code
To sign in, use a web browser to open the page and enter the code D2DYVPQWC to authenticate.
Tokens were written to .roadtools_auth

Gather information

$ roadrecon gather -f .roadtools_auth

Starting data gathering phase 1 of 2 (collecting objects)
Starting data gathering phase 2 of 2 (collecting properties and relationships)
ROADrecon gather executed in 82.96 seconds and issued 4148 HTTP requests.

Start analysis tool

Requirement: roadrecon.db needs to be in the same folder as the GUI is started

$ roadrecon gui

 * Serving Flask app "roadtools.roadrecon.server" (lazy loading)
 * Environment: production
   WARNING: This is a development server. Do not use it in a production deployment.
   Use a production WSGI server instead.
 * Debug mode: off
 * Running on (Press CTRL+C to quit)


URL list