Discover public resources (blob, apps, etc…)
Using cloud_enum: https://github.com/initstring/cloud_enum
Using azsubenum: https://github.com/yuyudhn/AzSubEnum
python3 azsubenum.py -b companyname -t 10 -p permutations.txtOr default options
python3 azsubenum.py -b companyname --thread 10
Enumerate tenant information
Federation info
curl -s 'https://login.microsoftonline.com/getuserrealm.srf?login=domain.com' | jqGet tenantID and OpenID configuration info
curl -s https://login.microsoftonline.com/domain.com/.well-known/openid-configuration | jqWith AADInternals
Install-Module AADInternals
Import-Module AADInternals
Get-AADIntLoginInformation -Domain domain.comJust tenantID
Get-AADIntTenantID -Domain domain.com
Public configuration enumeration
Invoke-AADIntReconAsOutsider -DomainName megabigtech.comDetermine Azure Region
curl --silent 'https://azservicetags.azurewebsites.net/api/iplookup?ipAddresses=20.75.112.13' | jq