Azure AD / Entra ID pentesting links.
because someone asked for a list. If you have a better list, please link to it in an issue or propose something or pull request it.
- https://github.com/fox-it/adconnectdump - Azure AD Connect password extraction
- https://github.com/dirkjanm/ROADtools - Azure AD framework
- https://github.com/CrowdStrike/CRT
- https://github.com/AzureAD/AzureADAssessment
- https://gist.github.com/xpn/f12b145dba16c2eebdd1c6829267b90c
- https://github.com/dafthack/MSOLSpray
- https://github.com/MartinIngesen/MSOLSpray
- https://github.com/fox-it/adconnectdump
- https://github.com/alaanasser00/entraid-bench
- https://github.com/vectra-ai-research/Halberd
- https://github.com/vectra-ai-research/MAAD-AF
- https://github.com/jsa2/caOptics
- https://github.com/hausec/PowerZure
- https://github.com/cisagov/ScubaGear
- https://github.com/rvrsh3ll/TokenTactics
- https://github.com/f-bader/TokenTacticsV2
- https://github.com/netwrix/pingcastle
- https://github.com/nccgroup/ScoutSuite
- https://github.com/Azure/Stormspotter
- https://github.com/infosecn1nja/AD-Attack-Defense?tab=readme-ov-file#azure-active-directory
- https://github.com/PacktPublishing/Penetration-Testing-Azure-for-Ethical-Hackers / https://static.packt-cdn.com/downloads/9781839212932_ColorImages.pdf
- https://danielchronlund.com/2022/01/07/the-attackers-guide-to-azure-ad-conditional-access/
- https://github.com/Kyuu-Ji/Awesome-Azure-Pentest?tab=readme-ov-file#articles
- https://emptydc.com/2020/12/10/privilege-escalation-in-azure-ad/
- https://github.com/NetSPI/MicroBurst (config dumping, post exploitation)
- https://github.com/Gerenios/AADInternals (for administering)
- https://github.com/csandker/Azure-AccessPermissions