Skip to content

Instantly share code, notes, and snippets.

@m8r1us
Last active February 27, 2024 09:21
Show Gist options
  • Save m8r1us/ae8d45ecb0a973ec599a46a61a41a2d9 to your computer and use it in GitHub Desktop.
Save m8r1us/ae8d45ecb0a973ec599a46a61a41a2d9 to your computer and use it in GitHub Desktop.
AzureHound scope run
$workdir = "C:\AzureAssessment\azurehound" # Dir with azurehound.exe
$tenant = "" # Tenant ID
#$refreshtoken = "" # Uncomment if you have a valid refreshtoken
# Define the scopes for Azure AD
$azAdScopes = "apps", "app-owners", "app-role-assignments", "devices", "device-owners", "groups", "group-members", "group-owners", "roles", "role-assignments", "service-principals", "service-principal-owners", "tenants", "users"
$jwtazAd = "graph.microsoft.com access token"
# Define the scopes for Azure Resource Manager
$azRmScopes = "automation-accounts", "automation-account-role-assignments", "container-registries", "container-registry-role-assignments", "function-apps", "function-app-role-assignments", "key-vaults", "key-vault-access-policies", "key-vault-contributors", "key-vault-kvcontributors", "key-vault-owners", "key-vault-role-assignments", "key-vault-user-access-admins", "logic-apps", "logic-app-role-assignments", "managed-clusters", "managed-cluster-role-assignments", "management-groups", "management-group-descendants", "management-group-owners", "management-group-role-assignments", "management-group-user-access-admins", "resource-groups", "resource-group-owners", "resource-group-role-assignments", "resource-group-user-access-admins", "storage-accounts", "storage-account-role-assignments", "storage-containers", "subscriptions", "subscription-owners", "subscription-role-assignments", "subscription-user-access-admins", "virtual-machines", "virtual-machine-admin-logins", "virtual-machine-avere-contributors", "virtual-machine-contributors", "virtual-machine-owners", "virtual-machine-role-assignments", "virtual-machine-user-access-admins", "virtual-machine-vmcontributors", "vm-scale-sets", "vm-scale-set-role-assignments", "web-apps", "web-app-role-assignments"
$jwtazRm = "management.azure.com access token"
set-location $workdir
$ErrorActionPreference = "SilentlyContinue" # Workaround for non-existent %userprofile%\.config\azurehound\config.json :D
foreach ($azAdScope in $azAdScopes)
{
$date = Get-Date
if($refreshtoken)
{
& ".\azurehound.exe" list $($azAdScope) -o azurehound_$($azAdScope)-$($date.ToString("yyyyMMddHHmm")).json --tenant $tenant -r $($refreshtoken)
}
else
{
& ".\azurehound.exe" list $($azAdScope) -o azurehound_$($azAdScope)-$($date.ToString("yyyyMMddHHmm")).json --tenant $tenant -j $($jwtazAd)
}
}
foreach ($azRmScope in $azRmScopes)
{
$date = Get-Date
if($refreshtoken)
{
& ".\azurehound.exe" list $($azRmScope) -o azurehound_$($azRmScope)-$($date.ToString("yyyyMMddHHmm")).json --tenant $tenant -r $($refreshtoken)
}
else
{
& ".\azurehound.exe" list $($azRmScope) -o azurehound_$($azRmScope)-$($date.ToString("yyyyMMddHHmm")).json --tenant $tenant -j $($jwtazRm)
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment