This repository contains a framework of curated Azure penetration testing tools that are specifically designed to help you identify and mitigate security vulnerabilities in Azure cloud environments. The toolkit is regularly updated to include the latest tools, so you can always stay up-to-date with the latest security trends and techniques. Whether you are a security professional or an Azure cloud user, this framework is an invaluable resource for anyone interested in conducting penetration testing in Azure cloud environments.

Azure is one of the most popular cloud computing platforms, and like any other cloud computing platform, it is vulnerable to various types of cyber-attacks. In this context, penetration testing plays a vital role in identifying and mitigating these vulnerabilities. Penetration testing is an effective method for evaluating the security of a system by simulating attacks against it. One of the essential requirements for successful penetration testing is having the right set of tools to perform various testing activities.

Kali Linux is a well-known penetration testing operating system that provides a vast collection of pre-installed tools for conducting penetration testing activities. Inspired by Kali Linux, I created a script that installs a curated list of tools for Azure cloud penetration testing. The primary goal was to develop a framework of tools that focus on Azure cloud environments.

Since Azure is a Microsoft product, I chose to create a toolkit that leverages the power of the Windows operating system to perform Azure penetration testing. I observed that Kali's version of PowerShell may be incompatible with some of the tools in the script. Therefore, I decided to develop a custom toolkit that includes all the necessary dependencies and tools required for conducting Azure penetration testing.

I created a custom Azure penetration testing toolkit that downloads 30 Azure penetration testing tools, including their associated dependencies (138 in total), Python, and 7-Zip. I then categorized the tools into four different phases of the penetration testing process, which borrows from the Penetration Testing Execution Standard (PTES). Each of these tools is downloaded into a Reconnaissance folder, Vulnerability Assessment folder, Exploitation folder, and Post-Exploitation folder.

My penetration testing process includes six phases: Pre-Engagement, Reconnaissance, Vulnerability Assessment, Exploitation, Post-Exploitation, and Reporting. The toolkit includes tools that cover four of these phases. With the help of this toolkit, you can perform a comprehensive penetration testing assessment of Azure cloud environments.

Once the script is executed, it may take anywhere from 40 to 50 minutes to download all the tools and their dependencies, depending on the speed of the computer. However, this is a one-time process, and the toolkit can be used multiple times for conducting Azure penetration testing.

This script requires for you to install Chocolatey, pip, and Git. Once installed on your Windows machine, run the Azure Pentest Toolkit script and it will handle the rest.

Note: You must disable antivirus and/or Windows Defender before running the script. You'll need to run the script on PowerShell as an Administrator for the script to work. You should have at least 60GB of free space before downloading all of the tools.

1. AADInternals
2. CloudFox
3. Azure-AccessPermissions
4. ScubaGear
5. Prowler
6. ScoutSuite
7. SkyArk
8. CrowdStrike Reporting Tool for Azure (CRT)
9. Sparrow
10. MicroBurst
11. Monkey365
12. AzureADAssessment
13. omigood
14. adconnectdump
15. azucar
16. BlobHunter
17. cloud_enum
18. Hawk
19. o365creeper
20. o365enum
21. o365recon
22. ROADtools
23. AzureHound
24. TeamFiltration Zip file
25. CloudBrute
26. lava
27. MFASweep
28. PowerZure
29. AzureADLateralMovement
30. AzureAD