-
Notifications
You must be signed in to change notification settings - Fork 0
Home
AzureFox is a Python CLI for offensive-focused Azure situational awareness. This wiki is the operator guide layer: quick starts, walkthroughs, examples, and interpretation help.
Repo docs remain the source of truth for versioned behavior, output contracts, and roadmap decisions.
Current command-guide coverage in the wiki:
- Core: Inventory
- Identity: Whoami, Principals, Permissions, RBAC, Privesc, Role-Trusts, Cross-Tenant, Lighthouse, Auth-Policies, Managed-Identities
- Config: Arm-Deployments, Env-Vars
- Secrets: Keyvault, Tokens-Credentials
- Storage: Storage
- Resource: Automation, Devops, ACR, API-Mgmt, Databases, Resource-Trusts
- Network: DNS, Endpoints, Application-Gateway, Network-Effective, Network-Ports, Nics
- Compute: Workloads, App-Services, Functions, AKS, VMs, VMSS, Snapshots-Disks
- Orchestration: Chains, chains credential-path, All-Checks
If you are new to AzureFox, start with Command Guides, then follow the reading
order from inventory into identity, config, secrets, storage, resource, network, compute, and
orchestration as the environment dictates.
Install AzureFox:
pip install azurefoxRun a quick identity sanity check:
azurefox whoami --output tableRun a fast environment-shape check:
azurefox inventory --output tableRun a broader grouped sweep:
azurefox all-checks --output tableRun one section when you want a narrower grouped pass:
azurefox all-checks --section identity --output tableRun targeted follow-up when configuration, secrets, or data paths matter most:
azurefox arm-deployments --output table
azurefox env-vars --output table
azurefox keyvault --output table
azurefox tokens-credentials --output table
azurefox storage --output tableRun resource and network follow-up when the interesting path is a named deployment surface, service boundary, or ingress path:
azurefox automation --output table
AZUREFOX_DEVOPS_ORG=<org-name> azurefox devops --output table
azurefox endpoints --output table
azurefox application-gateway --output table
azurefox network-effective --output tableRun compute follow-up when the important question is which workload, cluster, host, or offline disk path matters first:
azurefox workloads --output table
azurefox app-services --output table
azurefox functions --output table
azurefox aks --output table
azurefox vms --output tableRun orchestration follow-up when you want either a targeted grouped path or a broad transitional sweep:
azurefox chains credential-path --output table
azurefox all-checks --section identity --output tableThe examples use portable relative paths so they read cleanly on macOS, Linux, and Windows.
If you want the short version of platform differences before going deeper, start with Platform Notes.
- Wiki: walkthroughs, operator examples, practical investigation flow
- Repo docs: API mappings, output contracts, release process, roadmap
- CLI help: command-specific usage via
azurefox <command> --help
- Axios - Post Exposure Azure Triage: a practical order for moving from scope confirmation into secrets, privilege, trust, and reachable workloads after a suspected exposure event
- Command Guides
- FAQ / Known Limits
- Home
- Getting Started
- Platform Notes
- Running Against The Proof Lab
- Understanding Output
- Command Guides
Core
Identity
Config
Secrets
Storage
Resource
Compute
Investigations
- Axios - Post Exposure Azure Triage
- FAQ / Known Limits (coming soon)