hacktricks-cloud/pentesting-cloud/azure-security/az-enumeration-tools.md

# Az - Enumeration Tools

{% hint style="success" %}
Learn & practice AWS Hacking:<img src="../../.gitbook/assets/image (1) (1) (1) (1).png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="../../.gitbook/assets/image (1) (1) (1) (1).png" alt="" data-size="line">\
Learn & practice GCP Hacking: <img src="../../.gitbook/assets/image (2) (1).png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="../../.gitbook/assets/image (2) (1).png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)

<details>

<summary>Support HackTricks</summary>

* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks_live)**.**
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.

</details>
{% endhint %}

## Install PowerShell in Linux

{% hint style="success" %}
In linux you will need to install PowerShell Core:

```bash
sudo apt-get update
sudo apt-get install -y wget apt-transport-https software-properties-common

# Ubuntu 20.04
wget -q https://packages.microsoft.com/config/ubuntu/20.04/packages-microsoft-prod.deb

# Update repos
sudo apt-get update
sudo add-apt-repository universe

# Install & start powershell
sudo apt-get install -y powershell
pwsh

# Az cli
curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash
```
{% endhint %}

## Install PowerShell in MacOS

Instructions from the [**documentation**](https://learn.microsoft.com/en-us/powershell/scripting/install/installing-powershell-on-macos?view=powershell-7.4):

1. Install `brew` if not installed yet:

```bash
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
```

2. Install the latest stable release of PowerShell:

```sh
brew install powershell/tap/powershell
```

3. Run PowerShell:

```sh
pwsh
```

4. Update:

```sh
brew update
brew upgrade powershell
```

## Main Enumeration Tools

### az cli

[**Azure Command-Line Interface (CLI)**](https://learn.microsoft.com/en-us/cli/azure/install-azure-cli) is a cross-platform tool written in Python for managing and administering (most) Azure and Entra ID resources. It connects to Azure and executes administrative commands via the command line or scripts.

Follow this link for the [**installation instructions¡**](https://learn.microsoft.com/en-us/cli/azure/install-azure-cli#install).

Commands in Azure CLI are structured using a pattern of: `az <service> <action> <parameters>`

#### Debug | MitM az cli

Using the parameter **`--debug`** it's possible to see all the requests the tool **`az`** is sending:

```bash
az account management-group list --output table --debug
```

In order to do a **MitM** to the tool and **check all the requests** it's sending manually you can do:

{% tabs %}
{% tab title="Bash" %}
```bash
export ADAL_PYTHON_SSL_NO_VERIFY=1
export AZURE_CLI_DISABLE_CONNECTION_VERIFICATION=1
export HTTPS_PROXY="http://127.0.0.1:8080"
export HTTP_PROXY="http://127.0.0.1:8080"

# If this is not enough
# Download the certificate from Burp and convert it into .pem format
# And export the following env variable
openssl x509 -in ~/Downloads/cacert.der -inform DER -out ~/Downloads/cacert.pem -outform PEM
export REQUESTS_CA_BUNDLE=/Users/user/Downloads/cacert.pem
```
{% endtab %}

{% tab title="PS" %}
```bash
$env:ADAL_PYTHON_SSL_NO_VERIFY=1
$env:AZURE_CLI_DISABLE_CONNECTION_VERIFICATION=1
$env:HTTPS_PROXY="http://127.0.0.1:8080"
$env:HTTP_PROXY="http://127.0.0.1:8080"
```
{% endtab %}
{% endtabs %}

### Az PowerShell

Azure PowerShell is a module with cmdlets for managing Azure resources directly from the PowerShell command line.

Follow this link for the [**installation instructions**](https://learn.microsoft.com/en-us/powershell/azure/install-azure-powershell).

Commands in Azure PowerShell AZ Module are structured like: `<Action>-Az<Service> <parameters>`

#### Debug | MitM Az PowerShell

Using the parameter **`-Debug`** it's possible to see all the requests the tool is sending:

```bash
Get-AzResourceGroup -Debug
```

In order to do a **MitM** to the tool and **check all the requests** it's sending manually you can set the env variables `HTTPS_PROXY` and `HTTP_PROXY` according to the [**docs**](https://learn.microsoft.com/en-us/powershell/azure/az-powershell-proxy).

### Microsoft Graph PowerShell

Microsoft Graph PowerShell is a cross-platform SDK that enables access to all Microsoft Graph APIs, including services like SharePoint, Exchange, and Outlook, using a single endpoint. It supports PowerShell 7+, modern authentication via MSAL, external identities, and advanced queries. With a focus on least privilege access, it ensures secure operations and receives regular updates to align with the latest Microsoft Graph API features.

Follow this link for the [**installation instructions**](https://learn.microsoft.com/en-us/powershell/microsoftgraph/installation).

Commands in Microsoft Graph PowerShell are structured like: `<Action>-Mg<Service> <parameters>`

#### Debug Microsoft Graph PowerShell

Using the parameter **`-Debug`** it's possible to see all the requests the tool is sending:

```bash
Get-MgUser -Debug
```

### ~~**AzureAD Powershell**~~

The Azure Active Directory (AD) module, now **deprecated**, is part of Azure PowerShell for managing Azure AD resources. It provides cmdlets for tasks like managing users, groups, and application registrations in Entra ID.

{% hint style="success" %}
This is replaced by Microsoft Graph PowerShell
{% endhint %}

Follow this link for the [**installation instructions**](https://www.powershellgallery.com/packages/AzureAD).