MSFTRecon is a specialized reconnaissance tool designed for red teamers and security professionals to map and analyze Microsoft 365 and Azure tenant infrastructures.
Its primary focus is on identifying potential security misconfigurations and attack vectors without requiring authentication, making it an invaluable asset for penetration testing and security assessments.
--gov
) and China-specific Azure instances (--cn
).To install MSFTRecon:
bash# Clone the repository
git clone https://github.com/Arcanum-Sec/msftrecon.git
cd msftrecon
# Set up virtual environment
python3 -m venv venv
source venv/bin/activate
# Install dependencies
pip install -r requirements.txt
chmod +x msftrecon.py
./msftrecon.py -d example.com
./msftrecon.py -d example.com -j
./msftrecon.py -d example.gov --gov
./msftrecon.py -d example.cn --cn
text[+] Target Organization:
Tenant Name: Contoso
Tenant ID: 1234abcd-1234-abcd-1234-1234abcd1234
[+] Federation Information:
Namespace Type: Managed
Brand Name: Contoso
Cloud Instance: microsoftonline.com
[+] Identity Insights:
* Cloud-only authentication detected.
MSFTRecon is intended strictly for legal security assessments. Users must obtain proper authorization before using this tool. The authors disclaim responsibility for misuse or damages caused by its application.
By providing detailed insights into Microsoft 365 and Azure infrastructures, MSFTRecon empowers security professionals to proactively identify vulnerabilities and enhance organizational defenses.
Overview WhatsMyName is a free, community-driven OSINT tool designed to identify where a username exists…
Managing disk usage is a crucial task for Linux users and administrators alike. Understanding which…
Efficient disk space management is vital in Linux, especially for system administrators who manage servers…
Knowing how to check directory sizes in Linux is essential for managing disk space and…
Managing user accounts is a core responsibility for any Linux administrator. Whether you’re securing a…
Linux offers powerful command-line tools for system administrators to view and manage user accounts. Knowing…