AzDevRecon is a web-based enumeration tool designed for offensive security professionals, red teamers, and penetration testers targeting Azure DevOps. It helps identify misconfigurations, exposed secrets, and security gaps by leveraging token-based authentication for reconnaissance and data extraction.
- Token-Based Enumeration – Extract insights using Azure DevOps Access tokens or PAT.
- Project & Repository Discovery – Identify accessible projects and repositories.
- Pipeline & Build Enumeration – Analyze Azure Pipelines for security flaws.
- Secrets & Credential Hunting – Detect hardcoded secrets and exposed tokens.
- User & Permission Analysis – Map roles, permissions, and escalation paths.
- Web-Based UI – Easy-to-use interface for efficient enumeration.
-
Clone the repository:
git clone https://github.com/TROUBLE-1/AzDevRecon.git cd AzDevRecon
-
Install dependencies:
pip install -r requirements.txt
-
Run the application:
python app.py
-
Access the Web UI:
Open your browser and go to:http://localhost
- Enter a valid Azure DevOps personal Access Token or PAT.
- Select the Project for enumeration.
- View discovered repositories, pipelines, commits, and secrets.
- Analyze results and download repo files for further assessment.
- Python 3.x
- Required dependencies (installed via
requirements.txt
)
- Check out the wiki for more information of the tool.
AzDevRecon is intended for educational and authorized security testing purposes only. Unauthorized use against systems without permission is illegal and strictly prohibited. Use responsibly!
Pull requests are welcome! Feel free to submit issues or feature requests.
This project is licensed under the MIT License. See the LICENSE
file for details.