MSFTRecon is a specialized reconnaissance tool designed for red teamers and security professionals to map and analyze Microsoft 365 and Azure tenant infrastructures.
Its primary focus is on identifying potential security misconfigurations and attack vectors without requiring authentication, making it an invaluable asset for penetration testing and security assessments.
--gov
) and China-specific Azure instances (--cn
).To install MSFTRecon:
bash# Clone the repository
git clone https://github.com/Arcanum-Sec/msftrecon.git
cd msftrecon
# Set up virtual environment
python3 -m venv venv
source venv/bin/activate
# Install dependencies
pip install -r requirements.txt
chmod +x msftrecon.py
./msftrecon.py -d example.com
./msftrecon.py -d example.com -j
./msftrecon.py -d example.gov --gov
./msftrecon.py -d example.cn --cn
text[+] Target Organization:
Tenant Name: Contoso
Tenant ID: 1234abcd-1234-abcd-1234-1234abcd1234
[+] Federation Information:
Namespace Type: Managed
Brand Name: Contoso
Cloud Instance: microsoftonline.com
[+] Identity Insights:
* Cloud-only authentication detected.
MSFTRecon is intended strictly for legal security assessments. Users must obtain proper authorization before using this tool. The authors disclaim responsibility for misuse or damages caused by its application.
By providing detailed insights into Microsoft 365 and Azure infrastructures, MSFTRecon empowers security professionals to proactively identify vulnerabilities and enhance organizational defenses.
SpyAI is a sophisticated form of malware that leverages advanced technologies to capture and analyze…
The Proxmark3 is a versatile, open-source tool designed for radio-frequency identification (RFID) security analysis, research,…
The "Awesome Solana Security" collection is a comprehensive resource designed to help developers build more…
The "IngressNightmare" vulnerabilities, disclosed in March 2025, represent a critical set of security issues affecting…
AdaptixC2 is an advanced post-exploitation and adversarial emulation framework designed specifically for penetration testers. It…
Bincrypter is a powerful Linux binary runtime crypter written in BASH. It is designed to…