Add AzureHound examples

This commit is contained in:
CravateRouge 2022-11-04 15:09:39 +01:00 committed by GitHub
parent 2d3f02a795
commit 18c656f756
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -90,11 +90,27 @@
``` ```
* [**BloodHoundAD/AzureHound**](https://github.com/BloodHoundAD/AzureHound) - Azure Data Exporter for BloodHound * [**BloodHoundAD/AzureHound**](https://github.com/BloodHoundAD/AzureHound) - Azure Data Exporter for BloodHound
```powershell ```powershell
# First, retrieve a refresh token (-r) if username/password isn't supported.
# An access token (-j) isn't recommended because it can expire before the end of azurehound execution
Install-Module AADInternals -Scope CurrentUser
Import-Module AADInternals
$rt = (Get-AADIntAccessToken -ClientId "1950a258-227b-4e31-a9cf-717495945fc2" -Resource "https://graph.microsoft.com" -PRTToken (Get-AADIntUserPRTToken) -IncludeRefreshToken $true)[1]
# Second, launch azurehound collector
## Connects on your Azure account using the refresh token provided and the tenant of the account
## and collects every possible objects in contoso.microsoft.com. Results are stored in json
./azurehound -r $rt --tenant "contoso.onmicrosoft.com" list -o azurehound-scan.json --tenant "contoso.microsoft.com"
## Sets configuration file with connection variables and other things (not required)
./azurehound configure ./azurehound configure
## Collects every objects on all accessible tenants using username/password and prints it to stdout
./azurehound -u "MattNelson@contoso.onmicrosoft.com" -p "MyVerySecurePassword123" --tenant "contoso.onmicrosoft.com" list ./azurehound -u "MattNelson@contoso.onmicrosoft.com" -p "MyVerySecurePassword123" --tenant "contoso.onmicrosoft.com" list
## Collects every objects on a specific tenant using username/password and stores it in json
./azurehound -u "phisheduser@contoso.onmicrosoft.com" -p "Password1" list -o initial-scan.json --tenant "contoso.onmicrosoft.com" ./azurehound -u "phisheduser@contoso.onmicrosoft.com" -p "Password1" list -o initial-scan.json --tenant "contoso.onmicrosoft.com"
## Collects every objects on all tenants accessible using Service Principal secret
./azurehound -a "6b5adee8-..." -s "<secret>" --tenant "contoso.onmicrosoft.com" list ./azurehound -a "6b5adee8-..." -s "<secret>" --tenant "contoso.onmicrosoft.com" list
## Collects AzureAD info (all except AzureRM info) using JWT access token
./azurehound -j "ey..." --tenant "contoso.onmicrosoft.com" list az-ad ./azurehound -j "ey..." --tenant "contoso.onmicrosoft.com" list az-ad
## Collects every users using refresh token
./azurehound -r "0.ARwA6Wg..." --tenant "contoso.onmicrosoft.com" list users ./azurehound -r "0.ARwA6Wg..." --tenant "contoso.onmicrosoft.com" list users
# List of collections # List of collections