Land #15900, Update Azure AD Login Scanner Docs

documentation/modules/auxiliary/scanner/http/azure_ad_login.md

@@ -1,10 +1,10 @@
 ## Vulnerable Application
 
-The Microsoft Azure AD service has a vulnerable endpoint that delivers an error-code based response
-to specific authentication requests in XML. The endpoint, when passed the correct credentials,
-will respond with a DesktopSsoToken that can be used to authenticate to Azure AD. When
-the authentication is unsuccessful, the error code that is returned can be used to discover the
-validity of usernames in the target tenant.
+The Microsoft Azure AD SSO service has a vulnerable endpoint that delivers an error-code based
+response to specific authentication requests in XML. The endpoint, when passed the correct
+credentials, will respond with a DesktopSsoToken that can be used to authenticate to Azure AD.
+When the authentication is unsuccessful, the error code that is returned can be used to discover
+the validity of usernames in the target tenant.
 This module also reports credentials to the credentials database when they are discovered.
 
 ## Verification Steps
@@ -44,10 +44,14 @@ A file with passwords, one per line.
     
 
 ## Scenarios
+
+### Azure AD Tenants with SSO Enabled
 If a tenant's domain is known, you can use this module for username and password brute-forcing.
 
 Specific target output replaced with *s so as not to disclose information
-```msf6 > use auxiliary/scanner/http/azure_ad_login
+
+```
+msf6 > use auxiliary/scanner/http/azure_ad_login
 msf6 auxiliary(scanner/http/azure_ad_login) > set USER_FILE /home/kali/users.txt
 USER_FILE => /home/kali/users.txt
 msf6 auxiliary(scanner/http/azure_ad_login) > set PASS_FILE /home/kali/pass.txt
@@ -69,11 +73,13 @@ msf6 auxiliary(scanner/http/azure_ad_login) > run
 [+] Login example.com\****:****** is valid!
 [+] Desktop SSO Token: *******************************************
 [*] Scanned 1 of 1 hosts (100% complete)
-[*] Auxiliary module execution completed```
+[*] Auxiliary module execution completed
+```
 
 If a tenant's domain is known, you can enumerate their usernames
     
-```msf6 > use auxiliary/scanner/http/azure_ad_login
+```
+msf6 > use auxiliary/scanner/http/azure_ad_login
 msf6 auxiliary(scanner/http/azure_ad_login) > set USER_FILE /home/kali/users.txt
 USER_FILE => /home/kali/users.txt
 msf6 auxiliary(scanner/http/azure_ad_login) > set PASSWORD password
@@ -86,11 +92,5 @@ msf6 auxiliary(scanner/http/azure_ad_login) > run
 [-] example.com\k0pak4 is not a valid user
 [+] Password password is invalid but example.com\**** is valid!
 [*] Scanned 1 of 1 hosts (100% complete)
-[*] Auxiliary module execution completed```
-
-## Version and OS
-Tested against current Azure AD tenants.
-
-## References
-- https://arstechnica.com/information-technology/2021/09/new-azure-active-directory-password-brute-forcing-flaw-has-no-fix/
-- https://github.com/treebuilder/aad-sso-enum-brute-spray
+[*] Auxiliary module execution completed
+```

modules/auxiliary/scanner/http/azure_ad_login.rb

@@ -21,6 +21,7 @@ class MetasploitModule < Msf::Auxiliary
       ],
       'License' => MSF_LICENSE,
       'References' => [
+        [ 'URL', 'https://raxis.com/blog/metasploit-azure-ad-login'],
         [ 'URL', 'https://arstechnica.com/information-technology/2021/09/new-azure-active-directory-password-brute-forcing-flaw-has-no-fix/'],
         [ 'URL', 'https://github.com/treebuilder/aad-sso-enum-brute-spray'],
       ],