Domain Enumeration

Check if company is utilizing Azure AD

We can visit the url below to see if a company is utilizing Azure AD. Replace "COMPANY' with the domain name.

https://login.microsoftonline.com/[email protected]&xml=1

We can see below that the domain (rottadev) is utilizing Azure AD

Enumerate Subdomains

We can utilize the tool MicroBurst to perform subdomain enumeration.

PS> Invoke-EnumerateAzureSubDomains -Base rottadev -verbose

rottadevimages.sharepoint.com                SharePoint
images-rottadev.sharepoint.com               SharePoint
imagesrottadev.sharepoint.com                SharePoint
internal-dist-rottadev.sharepoint.com        SharePoint
internal-distrottadev.sharepoint.com         SharePoint
rottadev-internal-dist.sharepoint.com        SharePoint
internalrottadev.sharepoint.com              SharePoint
rottadevinternal.sharepoint.com              SharePoint

PreviousInformation Gathering / Reconnaissance NextUser Enumeration

Last updated 9 months ago