AzDevRecon - Azure DevOps Enumeration Tool

AzDevRecon is a web-based enumeration tool designed for offensive security professionals, red teamers, and penetration testers targeting Azure DevOps. It helps identify misconfigurations, exposed secrets, and security gaps by leveraging token-based authentication for reconnaissance and data extraction.

Features

• Token-Based Enumeration – Extract insights using Azure DevOps Access tokens or PAT.
• Project & Repository Discovery – Identify accessible projects and repositories.
• Pipeline & Build Enumeration – Analyze Azure Pipelines for security flaws.
• Secrets & Credential Hunting – Detect hardcoded secrets and exposed tokens.
• User & Permission Analysis – Map roles, permissions, and escalation paths.
• Web-Based UI – Easy-to-use interface for efficient enumeration.

---

Installation

Prerequisites

• Python 3.8 or higher
• Git

Setup Instructions

1. Clone the repository:

   git clone https://github.com/TROUBLE-1/AzDevRecon.git
   cd AzDevRecon

2. Create and activate a virtual environment:

   On Windows:

   python -m venv venv
   venv\Scripts\activate

   On macOS/Linux:

   python3 -m venv venv
   source venv/bin/activate

3. Install dependencies:

   pip install --upgrade pip
   pip install -r requirements.txt

4. Run the application:

   python app.py

5. Access the Web UI:
   Open your browser and go to:

   http://localhost:5000
   

Deactivating the Virtual Environment

When you're done working on the project, deactivate the virtual environment:

deactivate

---

Usage

1. Enter a valid Azure DevOps personal Access Token or PAT.
2. Select the Project for enumeration.
3. View discovered repositories, pipelines, commits, and secrets.
4. Analyze results and download repo files for further assessment.

---

Requirements

• Python 3.8 or higher
• Virtual Environment (recommended for isolated dependency management)
• Required dependencies (installed via requirements.txt)

Why Use a Virtual Environment?

• Isolation: Prevents conflicts with other Python projects
• Clean Dependencies: Only installs what's needed for this project
• Easy Cleanup: Simply delete the venv folder to remove all dependencies
• Reproducible Environment: Ensures consistent setup across different machines

---

More Info

• Check out the wiki for more information of the tool.

---

Disclaimer

AzDevRecon is intended for educational and authorized security testing purposes only. Unauthorized use against systems without permission is illegal and strictly prohibited. Use responsibly!

---

Contribution

Pull requests are welcome! Feel free to submit issues or feature requests.

---

License

This project is licensed under the MIT License. See the LICENSE file for details.