Avoid BlackBox testing when conducting a Azure Penetration Test against your applications or your organization.

The following scripts and programs are to help security professionals scope their organizations Azure footprint prior to penetration testing to avoid BlackBox testing scenarios that can lead to inadvertent cross organization creep in a multi tenant service like Azure.

If you are new to Azure Penetration testing please review the following Article, while Microsoft is permissive of pen testing types especially port scanning / fuzzing. If going beyond basics it is always best to notify Microsoft via Pen Test Form and wait for acknowledgment and approval before proceeding.

Finally I highly recommend checking out the book Pentesting Azure Applications by Matt Burrough. Within the chapters Matt goes into other concepts beyond just the network focusing on identity planes and authentication and authorization in Azure.

Please also see Azure Management Groups to gain Read level access across Azure Subscriptions current and future ones that need to be reported on.

Happy PenTesting !