# Install azurehound with Homebrew, Nix

Azure Data Exporter for BloodHound. Version 2.12.2 via Homebrew; verified 2026-06-15.

## Install

```sh
sudo av install brew:azurehound
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install azurehound
```

  Evidence: local Homebrew formula metadata

### Linux

- Nix (92%):

```sh
nix profile install nixpkgs#azurehound
```

  Evidence: nixpkgs package indexes: pkgs/by-name/az/azurehound/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1

## Package facts

- **Package key:** brew:azurehound
- **Package manager:** Homebrew
- **Package manager page:** <https://formulae.brew.sh/formula/azurehound>
- **Version:** 2.12.2
- **Source summary:** Azure Data Exporter for BloodHound
- **Homepage:** <https://github.com/SpecterOps/AzureHound>
- **Repository:** <https://github.com/SpecterOps/AzureHound>
- **Upstream docs:** <https://bloodhound.specterops.io/collect-data/ce-collection/azurehound>
- **License:** GPL-3.0-or-later
- **Source archive:** <https://github.com/SpecterOps/AzureHound/archive/refs/tags/v2.12.2.tar.gz>
- **Last updated:** 2026-06-15T19:10:06Z
- **Generated:** 2026-07-08T07:18:31+00:00

## Executables

- azurehound (cli)
- azurehound (alias)

## Build dependencies

- go

## Install behavior

- Post-install hook: not defined
- Bottle: available on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux

## Freshness

- Page generated: 2026-07-08
- Package-manager version: 2.12.2
- Package-manager updated: 2026-06-15
- Local data: ok
- Upstream repository: https://github.com/SpecterOps/AzureHound
- Upstream latest detected: v2.12.2 (current)
## Project history and usage

AzureHound is SpecterOps' Microsoft Azure data collector for BloodHound. It gathers Azure and Microsoft Entra ID relationship data so BloodHound users can reason about identity attack paths in cloud and hybrid environments.

### Project history

AzureHound comes from the BloodHound/SpecterOps ecosystem, extending BloodHound collection beyond traditional Active Directory graph data into Azure tenant data. The official README identifies it as the BloodHound data collector for Microsoft Azure and the official tool for collecting Azure data for BloodHound Community Edition and BloodHound Enterprise.

The public repository provides Go source, release binaries, a rolling release tied to the main branch, and command help for listing tenant data or running a collection service.

### Adoption history

Adoption follows BloodHound's security-operator audience rather than general Azure administration. The input package facts list Homebrew and Nix packages, which is typical for offensive-security and assessment tooling that needs reproducible workstation installs.

The README shows Azure CLI token reuse via `az account get-access-token`, making it convenient for operators who already authenticate with Microsoft's Azure CLI and want to export graph data without a separate browser flow.

### How it is used

Common usage is `azurehound list` with username/password, tenant, JWT, or refresh token options, optionally writing JSON output for BloodHound ingestion. `azurehound configure` and `azurehound start` support service-style collection for BloodHound Enterprise.

The command exposes a `--config` flag with a default config path under the user's config directory. Credential material is supplied through flags, tokens, certificates, or config rather than a separately documented universal credentials file.

### Why package nerds care

For package nerds, AzureHound is a compact Go security CLI with release binaries and a rolling-release channel. It is notable less for broad package coverage than for being a high-signal dependency in BloodHound workflows where exact versioning and tenant-data compatibility matter.

It also illustrates a common packaging boundary in security tools: the package can install a binary, but the meaningful output is sensitive tenant graph data that belongs outside package-manager state.

### Timeline

- 2022: The AzureHound repository exposes a rolling release for binaries built from the main branch.
- 2020s: SpecterOps documents AzureHound as the Azure collector for BloodHound Community Edition and Enterprise.
- 2020s: Homebrew and Nix package entries make AzureHound easy to install on assessment workstations.

### Related projects

- BloodHound Community Edition and BloodHound Enterprise consume the data AzureHound collects.
- Azure CLI can provide Microsoft Graph access tokens reused by AzureHound.
- SharpHound is the related BloodHound collector for Active Directory environments.

### Sources

- SpecterOps BloodHound AzureHound docs
- SpecterOps/AzureHound README and releases
- source_facts.package-manager


## Security Notes

narrow executable package without higher-risk signals.

- **Geiger risk:** green / low
- narrow executable package without higher-risk signals


## Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.


## Configuration files

- Unix: ~/.config/azurehound/config.json

## Credential files

- Windows: C:\Users\Administrator.ROOT\.config\azurehound\key.pem, C:\Users\Administrator.ROOT\.config\azurehound\cert.pem
## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** azurehound
- **Version Scheme:** 0
- **Revision:** 0
- **Head Version:** HEAD
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** head, stable

## Other Package-Manager Records

- Nix - azurehound: normalized package name match | nixpkgs package indexes: pkgs/by-name/az/azurehound/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1


## Related links

- [Cloud CLI packages](https://www.automicvault.com/pkg/cloud-clis/) - Belongs to a cloud or infrastructure command family.
- [Source-control packages](https://www.automicvault.com/pkg/source-control-tools/) - Belongs to a source-control command family.
- [Terminal utility packages](https://www.automicvault.com/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Networking and protocol packages](https://www.automicvault.com/pkg/networking-protocol-tools/) - Matched network, protocol, or remote-service metadata.
- [go](https://www.automicvault.com/pkg/brew/go/) - Build dependency declared by Homebrew.
- [aide](https://www.automicvault.com/pkg/brew/aide/) - Shares av.db curated category or tags: cli, security.
- [aircrack-ng](https://www.automicvault.com/pkg/brew/aircrack-ng/) - Shares av.db curated category or tags: cli, security.
- [amass](https://www.automicvault.com/pkg/brew/amass/) - Shares av.db curated category or tags: cli, security.
- [anubis](https://www.automicvault.com/pkg/brew/anubis/) - Shares av.db curated category or tags: cli, security.
- [authoscope](https://www.automicvault.com/pkg/brew/authoscope/) - Shares av.db curated category or tags: cli, security.
- [bagel](https://www.automicvault.com/pkg/brew/bagel/) - Shares av.db curated category or tags: cli, security.
- [bandit](https://www.automicvault.com/pkg/brew/bandit/) - Shares av.db curated category or tags: cli, security.
- [bbot](https://www.automicvault.com/pkg/brew/bbot/) - Shares av.db curated category or tags: cli, security.
- [checkpwn](https://www.automicvault.com/pkg/brew/checkpwn/) - Security-sensitive metadata or terminology overlaps. Shared terms: cli, data, security.
- [cliam](https://www.automicvault.com/pkg/brew/cliam/) - Security-sensitive metadata or terminology overlaps. Shared terms: azure, cli, security.
- [git-hound](https://www.automicvault.com/pkg/brew/git-hound/) - Security-sensitive metadata or terminology overlaps. Shared terms: cli, data, security.

## Combined YAML source

View the package source record on GitHub. [combined/azurehound.yml](https://github.com/automic-vault/db/blob/main/combined/azurehound.yml)


## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated configuration and credential file locations
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- external package-manager database matches
- cross-ecosystem install command graph
