Information Gatheringazurebloodhoundmicrosoftdata-collectionenterprise

AzureHound

AzureHound is the official BloodHound data collector for Microsoft Azure. It collects Azure data for use with BloodHound and BloodHound Enterprise.

Description

AzureHound is a package in Kali Linux that serves as the BloodHound data collector specifically designed for Microsoft Azure environments. It enables users to gather Azure objects and configurations for analysis in BloodHound, a tool for visualizing and auditing Active Directory and Azure environments.

The tool supports both standard BloodHound and BloodHound Enterprise, with commands for listing Azure objects, configuring authentication, and starting data collection services. It is particularly useful for cybersecurity professionals performing reconnaissance and attack path analysis in cloud environments.

Installation is straightforward via Kali's package manager, and it requires minimal dependencies like libc6. Users can authenticate using JWT or refresh tokens, making it adaptable to various Azure access scenarios.

How It Works

AzureHound operates by authenticating to Microsoft Azure using provided credentials such as JWT or refresh tokens specified via flags. It then queries Azure APIs to list and collect data on Azure objects, which can be processed for BloodHound ingestion. The tool supports configuration via a JSON file, proxy settings for network routing, and JSON log output. For BloodHound Enterprise, it can start a data collection service. Internals include graceful shutdown profiling with pprof and shell autocompletion generation.

Installation

bash

sudo apt install azurehound

Flags

-c, --config stringAzureHound configuration file (default: /root/.config/azurehound/config.json)

-h, --helphelp for azurehound

--jsonOutput logs as json

-j, --jwt stringUse an acquired JWT to authenticate into Azure

--log-file stringOutput logs to this file

--pprof stringDuring graceful shutdown, prints the pprof profile with the provided name to stderr

--proxy stringSets the proxy URL for the AzureHound service

-r, --refresh-token stringUse an acquired refresh token to authenticate into Azure

Examples

Display help for the main azurehound command

azurehound -h

Generate the autocompletion script for the specified shell

azurehound completion

Configure AzureHound settings

azurehound configure

Lists Azure Objects

azurehound list

Start Azure data collection service for BloodHound Enterprise

azurehound start

Get more information about a specific command

azurehound [command] --help

Run azurehound using a custom configuration file

azurehound --config /path/to/config.json

Authenticate using a provided JWT token

azurehound -j <jwt-token>

Updated 2026-04-16kali.org ↗