Enumerate functions

Based on: https://medium.com/xm-cyber/10-ways-of-gaining-control-over-azure-function-apps-7e7b84367ce6

What is Functions?

Function app sites are actually serverless websites. They work even without any functions installed.

These functions offer the following levels of authorization:

Anonymous: No key is required.
Function: A function-specific key or a host key is required.
Admin: The Master key is required.

The following commands needs to be executed as a authenticated user to the tenant.

Enumerate all the function app sites within the subscription

https://management.azure.com/subscriptions/<SUBSCRIPTION ID>}/providers/Microsoft.Web/sites?api-version=2019–08–01

Lists all the functions within the function app site, focusing on two parameters:

Invoke_url_template
script_href

https://management.azure.com/subscriptions/<SUBSCRIPTION ID>/providers/Microsoft.Web/sites/<FUNCTION NAME>/functions?api-version=2019–08–01

Lists the Master key of that function app site:

https://management.azure.com/subscriptions/<SUBSCRIPTION ID>/providers/Microsoft.Web/sites/<FUNCTION NAME>/host/default/listkeys?api-version=2019–08–01