AZDEVRECON
Abstract
AzDevRecon is a web-based enumeration tool designed for offensive security professionals, red teamers, and penetration testers to assess Azure DevOps security. It enables security teams to uncover misconfigurations, exposed secrets, and security gaps by leveraging Personal Access Tokens (PATs) and Access Tokens (with aud=499b84ac-1321-427f-aa17-267ca6975798, including those obtained via Managed Identity).
This tool allows testers to enumerate projects, repositories, pipelines, builds, and user permissions, providing critical insights into potential attack vectors. With a user-friendly web interface, AzDevRecon streamlines the reconnaissance process, enabling efficient identification of security flaws such as hardcoded credentials, privilege escalation paths, and misconfigured access controls.
By utilizing AzDevRecon, penetration testers can efficiently enumerate Azure DevOps environments even in scenarios where a GUI is not available.