Az - Enumeration Tools

Reading time: 4 minutes

tip

Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Install PowerShell in Linux

tip

In linux you will need to install PowerShell Core:

bash
sudo apt-get update
sudo apt-get install -y wget apt-transport-https software-properties-common

# Ubuntu 20.04
wget -q https://packages.microsoft.com/config/ubuntu/20.04/packages-microsoft-prod.deb

# Update repos
sudo apt-get update
sudo add-apt-repository universe

# Install & start powershell
sudo apt-get install -y powershell
pwsh

# Az cli
curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash

Install PowerShell in MacOS

Instructions from the documentation:

  1. Install brew if not installed yet:
bash
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
  1. Install the latest stable release of PowerShell:
sh
brew install powershell/tap/powershell
  1. Run PowerShell:
sh
pwsh
  1. Update:
sh
brew update
brew upgrade powershell

Main Enumeration Tools

az cli

Azure Command-Line Interface (CLI) is a cross-platform tool written in Python for managing and administering (most) Azure and Entra ID resources. It connects to Azure and executes administrative commands via the command line or scripts.

Follow this link for the installation instructions¡.

Commands in Azure CLI are structured using a pattern of: az <service> <action> <parameters>

Debug | MitM az cli

Using the parameter --debug it's possible to see all the requests the tool az is sending:

bash
az account management-group list --output table --debug

In order to do a MitM to the tool and check all the requests it's sending manually you can do:

bash
export ADAL_PYTHON_SSL_NO_VERIFY=1
export AZURE_CLI_DISABLE_CONNECTION_VERIFICATION=1
export HTTPS_PROXY="http://127.0.0.1:8080"
export HTTP_PROXY="http://127.0.0.1:8080"

# If this is not enough
# Download the certificate from Burp and convert it into .pem format
# And export the following env variable
openssl x509 -in ~/Downloads/cacert.der -inform DER -out ~/Downloads/cacert.pem -outform PEM
export REQUESTS_CA_BUNDLE=/Users/user/Downloads/cacert.pem

Az PowerShell

Azure PowerShell is a module with cmdlets for managing Azure resources directly from the PowerShell command line.

Follow this link for the installation instructions.

Commands in Azure PowerShell AZ Module are structured like: <Action>-Az<Service> <parameters>

Debug | MitM Az PowerShell

Using the parameter -Debug it's possible to see all the requests the tool is sending:

bash
Get-AzResourceGroup -Debug

In order to do a MitM to the tool and check all the requests it's sending manually you can set the env variables HTTPS_PROXY and HTTP_PROXY according to the docs.

Microsoft Graph PowerShell

Microsoft Graph PowerShell is a cross-platform SDK that enables access to all Microsoft Graph APIs, including services like SharePoint, Exchange, and Outlook, using a single endpoint. It supports PowerShell 7+, modern authentication via MSAL, external identities, and advanced queries. With a focus on least privilege access, it ensures secure operations and receives regular updates to align with the latest Microsoft Graph API features.

Follow this link for the installation instructions.

Commands in Microsoft Graph PowerShell are structured like: <Action>-Mg<Service> <parameters>

Debug Microsoft Graph PowerShell

Using the parameter -Debug it's possible to see all the requests the tool is sending:

bash
Get-MgUser -Debug

AzureAD Powershell

The Azure Active Directory (AD) module, now deprecated, is part of Azure PowerShell for managing Azure AD resources. It provides cmdlets for tasks like managing users, groups, and application registrations in Entra ID.

tip

This is replaced by Microsoft Graph PowerShell

Follow this link for the installation instructions.