-
Notifications
You must be signed in to change notification settings - Fork 0
Whoami
whoami is the first command to run in any AzureFox session.
It confirms which identity, tenant, subscription, and credential context AzureFox is actually using before you trust any later output.
- Which principal is AzureFox using right now?
- Which tenant and subscription am I operating in?
- Does the current session scope look broader or narrower than expected?
- Does anything about the credential source or active context look surprising?
azurefox whoami --output tableIf you want a saved structured artifact for later review:
azurefox whoami --output json| subscription | principal | type | token | scope |
|---|---|---|---|---|
azurefox-lab-sub |
azurefox-lab-sp |
ServicePrincipal |
fixture |
azurefox-lab-sub |
- at the start of every new session
- after
az login - after switching subscriptions
- after changing environment-based credentials
- any time later results do not match what you expected to see
- the current principal and principal type
- active tenant and subscription
- token source or session context
- scope cues that show how broad the current session is
- mismatches between the context you expected and the context AzureFox is actually using
Most bad Azure analysis starts with a bad starting assumption.
If you are in the wrong tenant, the wrong subscription, or the wrong credential context, every
later table can still be accurate while leading you to the wrong conclusion. whoami gives you a
fast truth check so you do not build the rest of the investigation on the wrong session.
- the current principal, tenant, and subscription
- how broad the active scope appears to be
- the token source or session context when AzureFox can read it
- any mismatch between expected and active context
- If you see
principal_type=ServicePrincipal, go next to Permissions because it shows whether this session already carries high-impact Azure roles. - If you see
scope_type=subscription, go next to Inventory because it shows which service families dominate that scope before you choose a deeper lane.
- If the context is wrong, fix the session first and rerun
whoami. - If the context is right, move into Principals and Permissions to understand who matters in the visible scope.
- If the current identity already looks powerful, move quickly into Privesc and RBAC.
whoami is a context command.
It should confirm ground truth for the current session. It is not a token dump, claims-analysis surface, or a full privilege review.
- Home
- Getting Started
- Platform Notes
- Running Against The Proof Lab
- Understanding Output
- Command Guides
Core
Identity
Config
Secrets
Storage
Resource
Compute
Orchestration
Chain Families
Grouped Sweeps
Investigations
- Axios - Post Exposure Azure Triage
- From EvilTokens to AzureFox: Why Token Theft Can Become Azure Control
- FAQ / Known Limits (coming soon)