Display comprehensive help information about all available Azure penetration testing tools and usage examples

Discover which Azure locations have resources deployed. Quick scan to identify active regions before deep scanning. Checks resource groups, VMs, storage accounts, and AKS clusters.

Scan multiple Azure locations for resources. Supports: vms, storage, nsgs, aks, sql, keyvaults, public_ips, all. Specify custom locations OR use presets ('common'=10 locations, 'all'=45+ locations).

Enumerate all Azure subscriptions accessible with current credentials. Returns subscription ID, name, state, and tenant ID.

Enumerate all resource groups in a specific subscription. Returns name, location, ID, and tags. Supports location filtering.

Enumerate all resources in a subscription or resource group. Can filter by resource type and location. Returns resource name, type, location, ID, and tags.

Get detailed configuration and properties of a specific Azure resource. Useful for analyzing security settings, network configs, encryption status, etc.

ENHANCED v1.14.0 Comprehensive storage security analysis. Checks: public blob access, firewall rules, encryption, secure transfer (HTTPS), private endpoints, minimum TLS version, SAS token security, immutable storage (WORM), lifecycle management. NEW: Detects overly permissive SAS tokens, tokens without expiry, validates retention policies for compliance (SEC 17a-4, FINRA). Returns prioritized security findings with risk levels (CRITICAL/HIGH/MEDIUM/LOW).

ENHANCED v1.14.0 Automated Network Security Group (NSG) security analysis with service endpoints and load balancer integration validation. Identifies: open management ports (RDP 3389, SSH 22, WinRM 5985/5986), database ports (SQL 1433, MySQL 3306, PostgreSQL 5432, MongoDB 27017), wildcard source rules (0.0.0.0/0, Internet, Any), overly permissive rules, service endpoint security, load balancer backend pool NSG associations. Returns findings with risk severity and remediation recommendations.

Enumerate all public IP addresses in a subscription to map internet-exposed attack surface. Returns: IP address, DNS name, allocation method (Static/Dynamic), associated resource (VM, Load Balancer, App Gateway, etc.), resource group, location. Critical for identifying external entry points.

Enumerate Role-Based Access Control (RBAC) assignments to identify who has access to what. Returns: principal name and type (User/ServicePrincipal/Group), role definition (Owner/Contributor/Reader/Custom), scope (Subscription/ResourceGroup/Resource), principal ID. Useful for identifying privileged accounts, service principals with excessive permissions, and potential privilege escalation paths.

ENHANCED v1.14.0 Comprehensive database security scanner supporting SQL Server, PostgreSQL, MySQL, and Azure Cache for Redis. Checks: TDE/SSL encryption status, firewall rules (detects 0.0.0.0-255.255.255.255 allow-all), Azure AD authentication vs SQL/password auth, auditing enabled, public endpoint exposure, threat detection, Redis access keys, Redis SSL enforcement. Returns CRITICAL/HIGH/MEDIUM findings with CWE references and attack vectors.

Key Vault security assessment. Checks: soft delete disabled (data loss risk), purge protection disabled, public network access enabled, RBAC vs Access Policies, secret/certificate expiration, diagnostic logging. Returns risk-scored findings (CRITICAL/HIGH/MEDIUM/LOW) with remediation guidance.

Cosmos DB security analyzer. Checks: public network access enabled, firewall rules (IP restrictions), encryption at rest, automatic failover, backup retention policy, virtual network rules. Returns security findings with compliance mapping.

Virtual Machine security scanner. Checks: OS disk encryption (BitLocker/dm-crypt), data disk encryption, security extensions (Microsoft Defender, Azure Monitor Agent), boot diagnostics storage access, patch management status, Just-in-Time VM access. Returns vulnerability findings with exploitation paths.

Comprehensive Azure Container Registry (ACR) security scanner. Checks: admin user enabled (high risk), public network access, vulnerability scanning (Defender for Containers), content trust (image signing), network rules, anonymous pull access, registry poisoning risks (vulnerable images, weak access policies, mutable tags).

ENHANCED v1.14.0 Enumerate service principals with Azure RBAC role assignments (cloud infrastructure focus). Analyzes: role assignments on subscriptions/resource groups, privilege escalation risks (Owner/Contributor roles), multi-subscription access patterns, orphaned role assignments. NEW: Credential hygiene validation (expiry warnings), over-privileged principal detection, cross-subscription access analysis. Returns security findings with risk prioritization.

ENHANCED v1.14.0 Enumerate all managed identities (system-assigned and user-assigned) across subscription with federated identity credentials and cross-subscription access analysis. Returns: identity type, associated resources, role assignments, scope of access, cross-subscription permissions, federated credential configurations. Essential for understanding passwordless authentication patterns, workload identity federation risks, and potential privilege escalation paths.

Deep scan of storage account containers and blobs. Lists all containers, checks container-level public access, enumerates blobs, detects sensitive files (backups, configs, keys: *.bak, web.config, appsettings.json, *.key, *.pem, *.sql). Identifies SAS tokens, checks blob encryption, finds orphaned blobs. CRITICAL for data exposure assessment.

ENHANCED v1.14.0 Generate comprehensive security assessment report from scan results. NEW: fullScan parameter now runs ALL 40 security tools (was 34)! Quick scan (default) runs 4 core tools. Comprehensive scan (fullScan: true) runs ALL 40 tools including: Storage (with SAS+WORM), NSG (with service endpoints+LB), SQL (PostgreSQL/MySQL/Redis), KeyVault, VMs, CosmosDB, ACR, AKS, RBAC, Service Principals (RBAC-based), Managed Identities (with federation), Function Apps (with Event Grid/Service Bus), Backup Security (with ASR), VNet Peering, Private Endpoints, Diagnostic Settings, Defender Coverage, Policy Compliance, and more. Produces executive summary, risk prioritization, findings by severity (CRITICAL/HIGH/MEDIUM/LOW), remediation matrix, compliance mapping (CIS/NIST). Supports PDF, HTML, CSV, JSON export.

Identify and map attack paths from public exposure to sensitive resources. Analyzes: privilege escalation chains (RBAC roles → resources), lateral movement opportunities (VM → managed identity → secrets), exposed credentials to resource access, public IP → NSG → VM → identity → data flows. Returns exploitation scenarios with step-by-step attack chains.

Extract AKS cluster credentials and kubeconfig for kubectl access. Returns: cluster FQDN, API server endpoint, admin credentials (if available), service principal details, managed identity info. OFFENSIVE USE: Obtain cluster access for manual kubectl exploitation, RBAC testing, pod deployment, secret extraction.

Azure DevOps security scanner. Enumerates: organizations, projects, repositories, pipelines, service connections, variable groups, PAT tokens. Checks for: exposed secrets in repos, over-privileged service connections, insecure pipeline configurations, leaked credentials. OFFENSIVE USE: Find deployment credentials, API keys in source code, service principal secrets in pipelines.

ENHANCED v1.14.0 Azure Functions security analysis: authentication settings, managed identity, VNet integration, CORS configuration, application settings for secrets, runtime version vulnerabilities, Event Grid trigger security, Service Bus queue/topic permissions, integration authentication validation. Returns: trigger exposure risks, Event Grid subscription configurations, Service Bus SAS policies, dead letter queue security.

App Service security analysis: HTTPS-only, minimum TLS version, authentication, managed identity, VNet integration, IP restrictions, remote debugging status

Azure Firewall and NSG rule analysis: overly permissive rules, any-to-any rules, management port exposure, threat intelligence integration

Logic Apps security analysis: authentication, access control, managed identity usage, exposed endpoints, workflow triggers security

Deep RBAC analysis for privilege escalation paths: role assignment permissions, custom role vulnerabilities, subscription-level access, management group permissions

Identify Azure persistence mechanisms: automation accounts, runbooks, Logic Apps triggers, scheduled tasks, webhook endpoints, custom script extensions

🚀 COMPREHENSIVE AKS SECURITY SCAN - Flexible AKS security analysis with multiple scan modes: 'full' (all checks), 'live' (K8s API analysis), 'imds' (IMDS exploitation), 'pod_identity' (identity analysis), 'admission' (admission controller bypass). Covers cluster security, RBAC, secrets, service accounts, IMDS access, identity risks, and policy violations.

Detect Open Policy Agent (OPA) and Kyverno policy bypass vulnerabilities including constraint violations, policy exceptions abuse, and enforcement gaps. Analyzes Gatekeeper constraints, Kyverno policies, audit modes, and webhook configurations for security weaknesses.

Detect Azure Container Apps vulnerabilities including ingress exposure, secret management flaws, authentication bypass, environment variable leakage, Dapr misconfigurations, and scale rule exploits

Detect Azure GitOps (Flux) vulnerabilities including source repository exposure, kustomization injection, Helm release manipulation, secret leakage, and Git credential exposure in AKS clusters

Detect Azure CDN and Front Door misconfigurations including origin exposure, caching exploits, WAF bypass, routing manipulation, custom domain validation bypass, and DDoS protection gaps

NEW in v1.14.0 Analyze Azure Backup and Site Recovery (ASR) security configurations. Checks: backup vault encryption, soft delete enabled/disabled, cross-region restore, backup policies, retention periods, immutable vault (ransomware protection), ASR replication policies, failover readiness, recovery vault access control. Returns: vault security posture, backup coverage gaps, replication health, compliance with 3-2-1 backup rule.

NEW in v1.14.0 Analyze VNet peering security and network topology. Checks: peering state (connected/disconnected), allow forwarded traffic (security risk), allow gateway transit (privilege escalation), remote gateway usage, peering across subscriptions/tenants, hub-spoke topology validation, network isolation boundaries. Returns: peering security risks, network segmentation validation, cross-tenant peering warnings, topology visualization.

NEW in v1.14.0 Validate Private Endpoint and Private Link security configurations. Checks: approved/pending connections, network policies enforcement, DNS integration (private DNS zones), public access bypass, subnet delegation, private endpoint policies, service-specific configurations (Storage, SQL, KeyVault, CosmosDB). Returns: private endpoint coverage, pending approval risks, DNS misconfiguration warnings, public access exposure.

NEW in v1.14.0 Validate diagnostic settings and logging compliance across Azure resources. Checks: diagnostic settings enabled, log destinations (Log Analytics, Storage, Event Hub), retention policies, critical log categories enabled (Security, Audit, Administrative), platform metrics collection, workspace connectivity. Returns: logging coverage gaps, compliance with NIST/CIS logging requirements, resource types without diagnostics, retention policy violations.

NEW in v1.14.0 Assess Microsoft Defender for Cloud coverage and security posture. Checks: Defender plans enabled (VMs, Storage, SQL, App Service, Key Vault, Containers, etc.), pricing tier (Standard vs Free), auto-provisioning agents, secure score, recommendations count by severity, regulatory compliance status (Azure Security Benchmark, PCI-DSS, ISO 27001), active security alerts. Returns: coverage gaps, security score breakdown, critical recommendations, compliance posture.

NEW in v1.14.0 Validate Azure Policy compliance and governance controls. Checks: policy assignments (scope: subscription/resource group/resource), compliance state (compliant/non-compliant/conflict/exempt), policy effects (deny, audit, append, modify), built-in vs custom policies, policy initiative (set) assignments, exemptions and exceptions, audit log retention. Returns: policy violations by severity, non-compliant resources, governance gaps, exemption review, compliance trends.

Enumerate Azure RBAC role definitions including custom roles. Identifies dangerous wildcard permissions (Actions: ['*']), overly broad custom roles, and privilege escalation paths via PassRole/roleAssignments-write. Checks all role definitions scoped to the subscription.

Analyze Azure Application Gateway and WAF (Web Application Firewall) security configuration. Checks: WAF enabled/disabled, WAF mode (Detection vs Prevention), OWASP rule set version, disabled rule groups, SSL/TLS policy version (TLSv1.0/1.1 = CRITICAL), HTTP-only listeners (no HTTPS redirect), backend authentication certificates, request routing rules. Identifies misconfigurations leading to WAF bypass and MitM attacks.

Scan Azure Managed Disks for security misconfigurations. Checks: encryption type (platform-managed vs customer-managed key), public network access enabled (allows arbitrary download), orphaned disks (unattached — data exposure risk), disk state, OS vs data disk classification. CRITICAL: publicNetworkAccess=Enabled on unattached disks is a direct data exfiltration path.