Automic VaultAutomic Vault

brew

Install azurehound with Homebrew, Nix

Azure Data Exporter for BloodHound. Version 2.12.2 via Homebrew; verified 2026-06-15.

install

Additional install commands

macOS

Homebrewverified · 100%
brew install azurehound

local Homebrew formula metadata

Linux

Nixverified · 92%
nix profile install nixpkgs#azurehound

nixpkgs package indexes · pkgs/by-name/az/azurehound/package.nix · source: api.github.com

overview

Package summary

Azure Data Exporter for BloodHound

Commands and aliases

  • azurehound

history

Project history and usage

AzureHound is SpecterOps' Microsoft Azure data collector for BloodHound. It gathers Azure and Microsoft Entra ID relationship data so BloodHound users can reason about identity attack paths in cloud and hybrid environments.

Project history

AzureHound comes from the BloodHound/SpecterOps ecosystem, extending BloodHound collection beyond traditional Active Directory graph data into Azure tenant data. The official README identifies it as the BloodHound data collector for Microsoft Azure and the official tool for collecting Azure data for BloodHound Community Edition and BloodHound Enterprise.

The public repository provides Go source, release binaries, a rolling release tied to the main branch, and command help for listing tenant data or running a collection service.

Adoption history

Adoption follows BloodHound's security-operator audience rather than general Azure administration. The input package facts list Homebrew and Nix packages, which is typical for offensive-security and assessment tooling that needs reproducible workstation installs.

The README shows Azure CLI token reuse via `az account get-access-token`, making it convenient for operators who already authenticate with Microsoft's Azure CLI and want to export graph data without a separate browser flow.

How it is used

Common usage is `azurehound list` with username/password, tenant, JWT, or refresh token options, optionally writing JSON output for BloodHound ingestion. `azurehound configure` and `azurehound start` support service-style collection for BloodHound Enterprise.

The command exposes a `--config` flag with a default config path under the user's config directory. Credential material is supplied through flags, tokens, certificates, or config rather than a separately documented universal credentials file.

Why package nerds care

For package nerds, AzureHound is a compact Go security CLI with release binaries and a rolling-release channel. It is notable less for broad package coverage than for being a high-signal dependency in BloodHound workflows where exact versioning and tenant-data compatibility matter.

It also illustrates a common packaging boundary in security tools: the package can install a binary, but the meaningful output is sensitive tenant graph data that belongs outside package-manager state.

Timeline

  • 2022: The AzureHound repository exposes a rolling release for binaries built from the main branch.
  • 2020s: SpecterOps documents AzureHound as the Azure collector for BloodHound Community Edition and Enterprise.
  • 2020s: Homebrew and Nix package entries make AzureHound easy to install on assessment workstations.

Related projects

  • BloodHound Community Edition and BloodHound Enterprise consume the data AzureHound collects.
  • Azure CLI can provide Microsoft Graph access tokens reused by AzureHound.
  • SharpHound is the related BloodHound collector for Active Directory environments.

Sources

  • SpecterOps BloodHound AzureHound docs
  • SpecterOps/AzureHound README and releases
  • source_facts.package-manager

security posture

Risk level: green

narrow executable package without higher-risk signals.

Risk classifier

green risk · low confidence · appliance

Why

  • narrow executable package without higher-risk signals

Signals

  • metadata:no-higher-risk-signals

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 6 platform targets.
  • Build metadata lists 1 build dependencies.

Recommended review

Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.

local files

Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.

Configuration files

Config paths the tool may read or write during local use.

Unix
~/.config/azurehound/config.json

Credential files

Credential-bearing paths to review before unattended agent runs.

Windows
C:\Users\Administrator.ROOT\.config\azurehound\key.pemC:\Users\Administrator.ROOT\.config\azurehound\cert.pem

executables

Installed executables

CommandKindExposureNote
azurehoundcliglobal executable

freshness

Version and freshness

These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.

page generated2026-07-08
manager version2.12.2
manager updated2026-06-15
local dataok
upstreamcurrent
latest detectedv2.12.2

https://github.com/SpecterOps/AzureHound

  • okNo freshness warnings were generated.

install metadata

Package metadata

Package keybrew:azurehound
Version2.12.2
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/azurehound
Homepagehttps://github.com/SpecterOps/AzureHound
Repositoryhttps://github.com/SpecterOps/AzureHound
Upstream docshttps://bloodhound.specterops.io/collect-data/ce-collection/azurehound
LicenseGPL-3.0-or-later
Source archivehttps://github.com/SpecterOps/AzureHound/archive/refs/tags/v2.12.2.tar.gz
Last updated2026-06-15T19:10:06Z
Pulseupdated
Build dependenciesgo
Bottleavailable (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Nameazurehound
Version Scheme0
Revision0
Head VersionHEAD
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • head
  • stable

source database matches

Other package-manager records

Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.

Nix95%

azurehound

nix profile install nixpkgs#azurehound
  • normalized package name match
  • Matched by: Azurehound
nixpkgs package indexes · api.github.com · nixpkgs package indexes: pkgs/by-name/az/azurehound/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1

source trail

Generated from repository data

This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.

Used sources

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated configuration and credential file locations
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment