git-adm/entra-id-recon.py
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update README.md

Browse Source 
Changed some wording.
This commit is contained in:
GJRM
2026-03-12 18:47:01 +00:00
parent 3e873f03a8
commit dbd5b4d318
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
README.md
View File

@@ -138,7 +138,7 @@ The script automatically queries the azmap.dev API for domain discovery. This us
python3 entra-id-recon.py entra-external-recon -d example.com python3 entra-id-recon.py entra-external-recon -d example.com
``` ```
**How It Works**: The azmap.dev API uses an unauthenticated method that works cross-tenant. osint.aadinternals.com uses the same method but requires authentication only to prevent abuse - you can authenticate with ANY tenant (e.g., your own winternals.dev) and still query domains for other tenants (e.g., pentestpartners.com) because the underlying method is unauthenticated. **How It Works**: The azmap.dev API uses an unauthenticated method that works cross-tenant. osint.aadinternals.com uses the same method but requires authentication only to prevent abuse - you can authenticate with ANY tenantand still query domains for other tenants (e.g., google.com) because the underlying method is unauthenticated.
##### Use MS Graph API with access token (for tenant metadata only) ##### Use MS Graph API with access token (for tenant metadata only)
```bash ```bash
@@ -281,7 +281,7 @@ The enumeration command provides:
- **How It Works**: - **How It Works**:
- Uses an unauthenticated method that works cross-tenant - Uses an unauthenticated method that works cross-tenant
- **osint.aadinternals.com uses the same underlying method** - it requires authentication only to prevent abuse/rate limiting, not because the method itself requires authentication - **osint.aadinternals.com uses the same underlying method** - it requires authentication only to prevent abuse/rate limiting, not because the method itself requires authentication
- You can authenticate to osint.aadinternals.com with ANY tenant (e.g., your own winternals.dev account) and still query domains for other tenants (e.g., pentestpartners.com) because the underlying method is unauthenticated - You can authenticate to osint.aadinternals.com with ANY tenant and still query domains for other tenants (e.g., google.com) because the underlying method is unauthenticated
- azmap.dev provides the same functionality without requiring authentication - azmap.dev provides the same functionality without requiring authentication
- **Advantages**: - **Advantages**:
- No authentication required (unlike osint.aadinternals.com which requires login for abuse prevention) - No authentication required (unlike osint.aadinternals.com which requires login for abuse prevention)