PowerZure is a framework designed to perform reconnaissance and exploitation of the Azure cloud platform, Azure Active Directory, and associated resources.

The project [1] is maintained by Ryan Hausknecht, who recently released a new version (2.0) of the framework. The tool is now equipped with the following attack components and its functions:

  • Operational functions with backdoor/payload creation and execution
  • Information gathering on users, groups, applications, and resources
  • Credential dumping of key vault secrets, applications, certificates, and automation accounts
  • Data exfiltration of storage accounts, account keys, runbooks, storage containers, file shares, and virtual machine disk contents


  1. https://github.com/hausec/PowerZure