https://github.com/shkudw/entraenum

EntraEnum is PowerShell based tool designed for enumerating and interacting with Azure Active Directory (Entra ID) environments. With support for device code phishing, token management, and enumeration features.
https://github.com/shkudw/entraenum

azure entra-id penetration-testing powershell-script redteam

Last synced: 7 months ago
JSON representation

EntraEnum is PowerShell based tool designed for enumerating and interacting with Azure Active Directory (Entra ID) environments. With support for device code phishing, token management, and enumeration features.

• Host: GitHub
• URL: https://github.com/shkudw/entraenum
• Owner: ShkudW
• Created: 2024-10-21T22:44:18.000Z (12 months ago)
• Default Branch: main
• Last Pushed: 2025-01-05T07:52:27.000Z (9 months ago)
• Last Synced: 2025-03-16T11:41:43.730Z (7 months ago)
• Topics: azure, entra-id, penetration-testing, powershell-script, redteam
• Language: PowerShell
• Homepage:
• Size: 99.6 KB
• Stars: 10
• Watchers: 1
• Forks: 1
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# EntraEnum

```powershell

  _____       _             _____                       

 | ____|_ __ | |_ _ __ __ _| ____|_ __  _   _ _ __ ___  

 |  _| | '_ \| __| '__/ _` |  _| | '_ \| | | | '_ ` _ \ 

 | |___| | | | |_| | | (_| | |___| | | | |_| | | | | | |

 |_____|_| |_|\__|_|  \__,_|_____|_| |_|\__,_|_| |_| |_|

======================================================= 

```

**EntraEnum** is a PowerShell-based tool designed to map various resources in Azure Active Directory environments (Entra ID).

The tool allows penetration testers and system administrators to interact with Azure APIs, with support for device code (Phishing), using Faily Of Client IDs to request Access Tokens for various resources in the Azure environment.

## Features

  

- **Device Code Phishing:**

  - Generate device codes to phish access tokens from users.

- **FOCI Abuse:**

  - Obtaining an access token and refresh token for various resources using FOCI

## Usage

```powershell

Import-Module Invoke-EntraEnum.psm1

```

## Nice to know:

If you see this error: 'API call failed: The remote server returned an error'.

It means you sent too many requests, Wait 30 seconds and resend the request.

## PoC

![image](https://github.com/user-attachments/assets/d978d0e5-9b0e-455d-825a-c75eaff49e8b)

![image](https://github.com/user-attachments/assets/b9604c9f-cb86-4b4f-8752-ce2c3aa13676)

![image](https://github.com/user-attachments/assets/9a6dfb8a-7b06-4b58-8022-9050474ffbe0)

![image](https://github.com/user-attachments/assets/113749cb-d2ba-4fd7-aed0-5fb46ade84a9)