Restore enumeration commands in Azure network doc

Author: carlospolop

src/pentesting-cloud/azure-security/az-services/vms/az-azure-network.md

@@ -85,6 +85,7 @@ az network nsg show --name <NSGName> --resource-group <ResourceGroupName> --quer
 ```bash
 # List NSGs
 Get-AzNetworkSecurityGroup | Select-Object Name, Location
+Get-AzNetworkSecurityGroup -Name <NSGName> -ResourceGroupName <ResourceGroupName>
 
 # Get NSG rules
 Get-AzNetworkSecurityGroup -Name <NSGName> -ResourceGroupName <ResourceGroupName> |
@@ -175,7 +176,10 @@ Azure **Route Tables (UDR)** let you override default routing by defining destin
 # List Route Tables
 az network route-table list --query "[].{name:name, resourceGroup:resourceGroup, location:location}" -o table
 
-# List routes for a table
+# List routes for a table (summary)
+az network route-table route list --resource-group <ResourceGroupName> --route-table-name <RouteTableName> --query "[].{name:name, addressPrefix:addressPrefix, nextHopType:nextHopType, nextHopIpAddress:nextHopIpAddress}" -o table
+
+# List routes for a table (full)
 az network route-table route list --resource-group <ResourceGroupName> --route-table-name <RouteTableName>
 ```
 
@@ -299,6 +303,9 @@ Service Endpoints **do not require private IP addresses** for the services and i
 {{#tab name="az cli" }}
 
 ```bash
+# List Virtual Networks with Service Endpoints
+az network vnet list --query "[].{name:name, location:location, serviceEndpoints:serviceEndpoints}" -o table
+
 # List Subnets with Service Endpoints
 az network vnet subnet list --resource-group <ResourceGroupName> --vnet-name <VNetName> --query "[].{name:name, serviceEndpoints:serviceEndpoints}"
 
@@ -310,6 +317,9 @@ az network vnet subnet show --resource-group <ResourceGroupName> --vnet-name <VN
 {{#tab name="PowerShell" }}
 
 ```bash
+# List Virtual Networks with Service Endpoints
+Get-AzVirtualNetwork
+
 # List Subnets with Service Endpoints
 (Get-AzVirtualNetwork -ResourceGroupName <ResourceGroupName> -Name <VNetName>).Subnets
 ```
@@ -364,6 +374,12 @@ az afd profile list --query "[].{name:name, location:location, resourceGroup:res
 
 # List AFD endpoints
 az afd endpoint list --profile-name <ProfileName> --resource-group <ResourceGroupName> --query "[].{name:name, hostName:hostName, state:resourceState}" -o table
+
+# Classic Azure Front Door (v1) profiles
+az network front-door list --query "[].{name:name, resourceGroup:resourceGroup, location:location}" -o table
+
+# Classic Azure Front Door WAF policies
+az network front-door waf-policy list --query "[].{name:name, resourceGroup:resourceGroup, location:location}" -o table
 ```
 
 {{#endtab }}
@@ -375,6 +391,42 @@ Get-AzFrontDoorCdnProfile | Select-Object Name, Location, ResourceGroupName
 
 # List AFD endpoints
 Get-AzFrontDoorCdnEndpoint -ProfileName <ProfileName> -ResourceGroupName <ResourceGroupName> | Select-Object Name, HostName, ResourceState
+
+# Classic Azure Front Door (v1) profiles
+Get-AzFrontDoor
+
+# Classic Azure Front Door WAF policies
+Get-AzFrontDoorWafPolicy -Name <policyName> -ResourceGroupName <resourceGroupName>
+```
+
+{{#endtab }}
+{{#endtabs }}
+
+## Azure Application Gateway and Azure Application Gateway WAF
+
+Azure Application Gateway is a **web traffic load balancer** that enables you to manage traffic to your **web** applications. It offers **Layer 7 load balancing, SSL termination, and web application firewall (WAF) capabilities** in the Application Delivery Controller (ADC) as a service. Key features include URL-based routing, cookie-based session affinity, and secure sockets layer (SSL) offloading, which are crucial for applications that require complex load-balancing capabilities like global routing and path-based routing.
+
+**Example:**
+
+Consider a scenario where you have an e-commerce website that includes multiple subdomains for different functions, such as user accounts and payment processing. Azure Application Gateway can **route traffic to the appropriate web servers based on the URL path**. For example, traffic to `example.com/accounts` could be directed to the user accounts service, and traffic to `example.com/pay` could be directed to the payment processing service.\
+And **protect your website from attacks using the WAF capabilities.**
+
+### **Enumeration**
+
+{{#tabs }}
+{{#tab name="az cli" }}
+
+```bash
+# List the Web Application Firewall configurations for your Application Gateways
+az network application-gateway waf-config list --gateway-name <AppGatewayName> --resource-group <ResourceGroupName> --query "[].{name:name, firewallMode:firewallMode, ruleSetType:ruleSetType, ruleSetVersion:ruleSetVersion}" -o table
+```
+
+{{#endtab }}
+{{#tab name="PowerShell" }}
+
+```bash
+# List the Web Application Firewall configurations for your Application Gateways
+(Get-AzApplicationGateway -Name <AppGatewayName> -ResourceGroupName <ResourceGroupName>).WebApplicationFirewallConfiguration
 ```
 
 {{#endtab }}
@@ -399,16 +451,28 @@ A large enterprise with multiple departments (Finance, HR, IT) can create a **Hu
 {{#tab name="az cli" }}
 
 ```bash
+# List all VNets in your subscription
+az network vnet list --query "[].{name:name, location:location, addressSpace:addressSpace}" -o table
+
 # List VNet Peerings
 az network vnet peering list --resource-group <ResourceGroupName> --vnet-name <VNetName> --query "[].{name:name, remoteVnetId:remoteVirtualNetwork.id, allowForwardedTraffic:allowForwardedTraffic, allowGatewayTransit:allowGatewayTransit}"
+
+# List Shared Resources (e.g., Azure Firewall) in the Hub
+az network firewall list --query "[].{name:name, location:location, resourceGroup:resourceGroup}" -o table
 ```
 
 {{#endtab }}
 {{#tab name="PowerShell" }}
 
 ```bash
+# List all VNets in your subscription
+Get-AzVirtualNetwork
+
 # List VNet Peerings
 Get-AzVirtualNetworkPeering -ResourceGroupName <ResourceGroupName> -VirtualNetworkName <VNetName>
+
+# List Shared Resources (e.g., Azure Firewall) in the Hub
+Get-AzFirewall
 ```
 
 {{#endtab }}