AzurEnum: Enumerate some Entra ID (formerly Azure AD) stuff fast
AzurEnum
Enumerate some Entra ID (formerly Azure AD) stuff fast, including:
- General information such as number of users, groups, apps, Entra ID license, tenant ID …
- General security settings such as group creation, consent policy, guest access …
- Administrative Entra ID roles
- PIM assignments
- Sync the status of administrative users
- MFA status of administrative users
- Administrative units
- Dynamic groups
- Named locations
- Conditional access policies
- Credentials in object attributes
You can find a quite detailed blog post about the tool here
Requisites
- python3
- msal python library
- A valid Azure credential set
Not a requisite, but running AzurEnum on Linux is recommended.
The amount of output of the tool will depend on the privileges of your Azure user and the configuration of the target tenant. Although AzurEnum can run as any user, you will get the most out of it when running with global reader privileges or greater reader access.
Installation
git clone https://github.com/SySS-Research/azurenum.git
In case msal is not installed already
pip3 install msal
Usage
Known issues
- “Users with no MFA methods” sometimes get to 100 % (erroneously)
- “No MFA Methods” checks for administrative users always return no MFA when running as a low privilege user
Future work
- JSON output was included as an experimental feature to include machine-readable output of findings with an assigned severity. This is however not the main goal of AzurEnum and thus is not maintained as much as the text output. This feature will either get removed or improved later on.
- Add arguments to set the FOCI client to authenticate to and access or refresh the token to run with.
- Enumerate interesting owner relationships
- Unfold group members in administrative roles and PIM assignments
- Explicitly mark modifiable groups that have Entra ID roles or PIM assignments
Copyright (c) 2024 Enrique Hernández, SySS GmbH
