Thanks to visit codestin.com
Credit goes to github.com

Skip to content

List tenants in az-ad collection uses different audience than the rest of the objects #128

New issue
New issue
Open
Open
List tenants in az-ad collection uses different audience than the rest of the objects#128
@lawndoc

Description

@lawndoc
lawndoc
opened on May 13, 2025

Summary

The az-ad collection tries to list tenants:

AzureHound/cmd/list-azure-ad.go

Lines 101 to 102 in abfd482

// Enumerate Tenants
pipeline.Tee(ctx.Done(), listTenants(ctx, client), tenants)

But the ListAzureADTenants function uses the resourceManager audience for its request:

AzureHound/client/tenants.go

Lines 61 to 69 in abfd482

// ListAzureADTenants https://learn.microsoft.com/en-us/rest/api/subscription/tenants/list?view=rest-subscription-2020-01-01
func (s *azureClient) ListAzureADTenants(ctx context.Context, includeAllTenantCategories bool) <-chan AzureResult[azure.Tenant] {
var (
out = make(chan AzureResult[azure.Tenant])
path = "/tenants"
params = query.RMParams{ApiVersion: "2020-01-01", IncludeAllTenantCategories: includeAllTenantCategories}
)
go getAzureObjectList[azure.Tenant](s.resourceManager, ctx, path, params, out)

This leads to an error when using JWT auth because the az-ad collection needs the Graph API audience.

2025-05-13T10:52:37-05:00 INF collecting azure ad objects...
2025-05-13T10:52:37-05:00 ERR unable to continue processing tenants error="invalid audience"

The rest of the collection steps in az-ad work as expected because they all have the Graph API audience.

Steps to reproduce

$env:GRAPH_JWT = (Get-AzAccessToken -ResourceUrl "https://graph.microsoft.com").Token
./AzureHound.exe --jwt $env:GRAPH_JWT --list az-ad --tenant "contoso.onmicrosoft.com" -o "./entraid.json"

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions