-
Notifications
You must be signed in to change notification settings - Fork 193
Azure Commands
carlosvendramini-bf edited this page Jan 5, 2023
·
22 revisions
Before you can use the Azure commands, you need to:
- Install Azure CLI
- Authenticate with the client:
# az login
To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code [REDACTED] to authenticate.
[
{
"cloudName": "AzureCloud",
"homeTenantId": "[REDACTED]",
"id": "[REDACTED]",
"isDefault": true,
"managedByTenants": [],
"name": "[REDACTED]",
"state": "Enabled",
"tenantId": "[REDACTED]",
"user": {
"name": "[REDACTED]",
"type": "user"
}
},
...omitted for brevity...
To list Azure commands:
# ./cloudfox azure -h
For help with a specific subcommand:
./cloudfox azure [command_name] -h
CloudFox offer a --wrap flag for all subcommands that will adjust the table output to the terminal screen when used. This flag does not have any effect on output files.
The whoami command displays information on the current tenant, subscriptions and resource groups available to your current Azure CLI session.
./cloudfox azure whoami
[๐ฆ cloudfox DEV ๐ฆ ][whoami] Enumerating Azure CLI sessions...
โญโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโฌโโโโโโโโโฌโโโโโโโโโโโโโโโโโโฎ
โ Tenant ID โ Subscription ID โ Subscription Name โ RG Name โ Region โ Domain โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโผโโโโโโโโโผโโโโโโโโโโโโโโโโโโค
โ 11111111-1111-1111-1111-11111111 โ AAAAAAAA-AAAA-AAAA-AAAA-AAAAAAAA โ SubscriptionA โ ResourceGroupA1 โ eastus โ cloudfox1.local โ
โ 11111111-1111-1111-1111-11111111 โ AAAAAAAA-AAAA-AAAA-AAAA-AAAAAAAA โ SubscriptionA โ ResourceGroupA2 โ eastus โ cloudfox1.local โ
โ 11111111-1111-1111-1111-11111111 โ BBBBBBBB-BBBB-BBBB-BBBB-BBBBBBBB โ SubscriptionB โ ResourceGroupB1 โ eastus โ cloudfox1.local โ
โ 11111111-1111-1111-1111-11111111 โ BBBBBBBB-BBBB-BBBB-BBBB-BBBBBBBB โ SubscriptionB โ ResourceGroupB2 โ eastus โ cloudfox1.local โ
โ 22222222-2222-2222-2222-22222222 โ CCCCCCCC-CCCC-CCCC-CCCC-CCCCCCCC โ SubscriptionC โ ResourceGroupC1 โ eastus โ cloudfox2.local โ
โ 22222222-2222-2222-2222-22222222 โ CCCCCCCC-CCCC-CCCC-CCCC-CCCCCCCC โ SubscriptionC โ ResourceGroupC2 โ eastus โ cloudfox2.local โ
โฐโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโโดโโโโโโโโโดโโโโโโโโโโโโโโโโโโฏ
The instances command enumerates the Compute instances' userful information at subscription or tenant level
Example 1: enumerating instances for a specific subscription
./cloudfox azure instances --tenant 11111111-1111-1111-1111-11111111
[๐ฆ cloudfox DEV ๐ฆ ][instances] Enumerating VMs for tenant 11111111-1111-1111-1111-11111111
โญโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโฌโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโฎ
โ Subscription ID โ VM Name โ VM Location โ Private IPs โ Public IPs โ Admin Username โ Resource Group Name โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโผโโโโโโโโโโโโโโผโโโโโโโโโโโโโโผโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโค
โ AAAAAAAA-AAAA-AAAA-AAAA-AAAAAAAA โ TestVM-1 โ us-east-1 โ 192.168.0.1 โ 72.88.100.1 โ admin โ ResourceGroupA1 โ
โ โ โ โ 192.168.0.2 โ 72.88.100.2 โ โ โ
โ AAAAAAAA-AAAA-AAAA-AAAA-AAAAAAAA โ TestVM-3 โ us-east-2 โ 192.168.0.5 โ 72.88.100.5 โ admin โ ResourceGroupA1 โ
โ AAAAAAAA-AAAA-AAAA-AAAA-AAAAAAAA โ TestVM-2 โ us-west-2 โ 192.168.0.3 โ 72.88.100.3 โ admin โ ResourceGroupA2 โ
โ โ โ โ 192.168.0.4 โ 72.88.100.4 โ โ โ
โฐโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโดโโโโโโโโโโโดโโโโโโโโโโโโโโดโโโโโโโโโโโโโโดโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโโโโโโฏ
[instances] Output written to [cloudfox-output/azure/tenants/11111111-1111-1111-1111-11111111/table/instances.txt]
[instances] Output written to [cloudfox-output/azure/tenants/11111111-1111-1111-1111-11111111/csv/instances.csv]
Example 2: enumerating instances for a specific tenant
./cloudfox azure instances --subscription AAAAAAAA-AAAA-AAAA-AAAA-AAAAAAAA
[๐ฆ cloudfox DEV ๐ฆ ][instances] Enumerating VMs for subscription AAAAAAAA-AAAA-AAAA-AAAA-AAAAAAAA
โญโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโฌโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโฎ
โ Subscription ID โ VM Name โ VM Location โ Private IPs โ Public IPs โ Admin Username โ Resource Group Name โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโผโโโโโโโโโโโโโโผโโโโโโโโโโโโโโผโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโค
โ AAAAAAAA-AAAA-AAAA-AAAA-AAAAAAAA โ TestVM-1 โ us-east-1 โ 192.168.0.1 โ 72.88.100.1 โ admin โ ResourceGroupA1 โ
โ โ โ โ 192.168.0.2 โ 72.88.100.2 โ โ โ
โ AAAAAAAA-AAAA-AAAA-AAAA-AAAAAAAA โ TestVM-3 โ us-east-2 โ 192.168.0.5 โ 72.88.100.5 โ admin โ ResourceGroupA1 โ
โ AAAAAAAA-AAAA-AAAA-AAAA-AAAAAAAA โ TestVM-2 โ us-west-2 โ 192.168.0.3 โ 72.88.100.3 โ admin โ ResourceGroupA2 โ
โ โ โ โ 192.168.0.4 โ 72.88.100.4 โ โ โ
โฐโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโดโโโโโโโโโโโดโโโโโโโโโโโโโโดโโโโโโโโโโโโโโดโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโโโโโโฏ
[instances] Output written to [cloudfox-output/azure/subscriptions/AAAAAAAA-AAAA-AAAA-AAAA-AAAAAAAA/table/instances.txt]
[instances] Output written to [cloudfox-output/azure/subscriptions/AAAAAAAA-AAAA-AAAA-AAAA-AAAAAAAA/csv/instances.csv]
The rbac command maps the Azure RBAC role assignments at subscription or tenant level
Example 1: enumerating Azure RBAC role assignment at subscription level
./cloudfox azure rbac --subscription AAAAAAAA-AAAA-AAAA-AAAA-AAAAAAAA
[๐ฆ cloudfox DEV ๐ฆ ][rbac] Enumerating RBAC permissions for subscription AAAAAAAA-AAAA-AAAA-AAAA-AAAAAAAA
โญโโโโโโโโโโโโฌโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฎ
โ User Name โ Role Name โ Role Scope โ
โโโโโโโโโโโโโผโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ User 1 โ Reader โ /subscriptions/AAAAAAAA-AAAA-AAAA-AAAA-AAAAAAAA โ
โ User 2 โ Contributor โ /subscriptions/AAAAAAAA-AAAA-AAAA-AAAA-AAAAAAAA โ
โฐโโโโโโโโโโโโดโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฏ
[rbac] Output written to [cloudfox-output/azure/subscriptions/AAAAAAAA-AAAA-AAAA-AAAA-AAAAAAAA/table/rbac.txt]
[rbac] Output written to [cloudfox-output/azure/subscriptions/AAAAAAAA-AAAA-AAAA-AAAA-AAAAAAAA/csv/rbac.csv]
Example 2: enumerating Azure RBAC role assignment at tenant level
./cloudfox azure rbac --tenant 11111111-1111-1111-1111-11111111
[๐ฆ cloudfox DEV ๐ฆ ][rbac] Enumerating RBAC permissions for tenant 11111111-1111-1111-1111-11111111
โญโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฎ
โ User Name โ Role Name โ Role Scope โ
โโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ User 1 โ Reader โ /subscriptions/AAAAAAAA-AAAA-AAAA-AAAA-AAAAAAAA โ
โ User 2 โ Contributor โ /subscriptions/AAAAAAAA-AAAA-AAAA-AAAA-AAAAAAAA โ
โ User 1 โ Data Labeling - Labeler โ /subscriptions/BBBBBBBB-BBBB-BBBB-BBBB-BBBBBBBB โ
โ User 3 โ Data Labeling - Labeler โ /subscriptions/BBBBBBBB-BBBB-BBBB-BBBB-BBBBBBBB โ
โ User 1 โ Reader โ /subscriptions/AAAAAAAA-AAAA-AAAA-AAAA-AAAAAAAA โ
โ User 2 โ Contributor โ /subscriptions/AAAAAAAA-AAAA-AAAA-AAAA-AAAAAAAA โ
โ User 1 โ Data Labeling - Labeler โ /subscriptions/BBBBBBBB-BBBB-BBBB-BBBB-BBBBBBBB โ
โ User 3 โ Data Labeling - Labeler โ /subscriptions/BBBBBBBB-BBBB-BBBB-BBBB-BBBBBBBB โ
โฐโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฏ
[rbac] Output written to [cloudfox-output/azure/tenants/11111111-1111-1111-1111-11111111/table/rbac.txt]
[rbac] Output written to [cloudfox-output/azure/tenants/11111111-1111-1111-1111-11111111/csv/rbac.csv]
The storage command is still under development. Currently it only displays limited data about the storage accounts as shown in the examples below.
Example 1: enumerating storage accounts at subscription level
./cloudfox az storage --tenant 11111111-1111-1111-1111-11111111
[๐ฆ cloudfox DEV ๐ฆ ][storage] Enumerating storage accounts for tenant 11111111-1111-1111-1111-11111111
โญโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโฎ
โ Subscription ID โ Storage Account Name โ Kind โ Public Blob Allowed โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโค
โ AAAAAAAA-AAAA-AAAA-AAAA-AAAAAAAA โ Storage-12345 โ KindBlobStorage โ true โ
โ AAAAAAAA-AAAA-AAAA-AAAA-AAAAAAAA โ Storage-678910 โ KindStorageV2 โ false โ
โ BBBBBBBB-BBBB-BBBB-BBBB-BBBBBBBB โ Storage-1112131415 โ KindStorageV2 โ true โ
โ BBBBBBBB-BBBB-BBBB-BBBB-BBBBBBBB โ Storage-16171819 โ KindStorageV2 โ false โ
โฐโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโโโโโโฏ
[storage] Output written to [cloudfox-output/azure/tenants/11111111-1111-1111-1111-11111111/table/storage.txt]
[storage] Output written to [cloudfox-output/azure/tenants/11111111-1111-1111-1111-11111111/csv/storage.csv]
Example 2: enumerating storage accounts at tenant level
./cloudfox az storage --subscription BBBBBBBB-BBBB-BBBB-BBBB-BBBBBBBB
[๐ฆ cloudfox DEV ๐ฆ ][storage] Enumerating storage accounts for subscription BBBBBBBB-BBBB-BBBB-BBBB-BBBBBBBB
โญโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโฎ
โ Subscription ID โ Storage Account Name โ Kind โ Public Blob Allowed โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโค
โ BBBBBBBB-BBBB-BBBB-BBBB-BBBBBBBB โ Storage-1112131415 โ KindStorageV2 โ true โ
โ BBBBBBBB-BBBB-BBBB-BBBB-BBBBBBBB โ Storage-16171819 โ KindStorageV2 โ false โ
โฐโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโโโโโโฏ
[storage] Output written to [cloudfox-output/azure/subscriptions/BBBBBBBB-BBBB-BBBB-BBBB-BBBBBBBB/table/storage.txt]
[storage] Output written to [cloudfox-output/azure/subscriptions/BBBBBBBB-BBBB-BBBB-BBBB-BBBBBBBB/csv/storage.csv]