All Projects → 0xZDH → O365spray

0xZDH / O365spray

Username enumeration and password spraying tool aimed at Microsoft O365.

Programming Languages

python
139335 projects - #7 most used programming language
python3
1442 projects

Projects that are alternatives of or similar to O365spray

Intrec Pack
Intelligence and Reconnaissance Package/Bundle installer.
Stars: ✭ 177 (+33.08%)
Mutual labels:  security-tools, pentest, enumeration
Vulnx
vulnx 🕷️ is an intelligent bot auto shell injector that detect vulnerabilities in multiple types of cms { `wordpress , joomla , drupal , prestashop .. `}
Stars: ✭ 1,009 (+658.65%)
Mutual labels:  security-tools, pentest
Social Analyzer
API, CLI & Web App for analyzing & finding a person's profile across +1000 social media \ websites (Detections are updated regularly by automated systems)
Stars: ✭ 8,449 (+6252.63%)
Mutual labels:  pentest, security-tools
Feroxbuster
A fast, simple, recursive content discovery tool written in Rust.
Stars: ✭ 1,314 (+887.97%)
Mutual labels:  pentest, enumeration
Rapidscan
🆕 The Multi-Tool Web Vulnerability Scanner.
Stars: ✭ 775 (+482.71%)
Mutual labels:  security-tools, enumeration
Xattacker
X Attacker Tool ☣ Website Vulnerability Scanner & Auto Exploiter
Stars: ✭ 897 (+574.44%)
Mutual labels:  security-tools, pentest
Vxscan
python3写的综合扫描工具,主要用来存活验证,敏感文件探测(目录扫描/js泄露接口/html注释泄露),WAF/CDN识别,端口扫描,指纹/服务识别,操作系统识别,POC扫描,SQL注入,绕过CDN,查询旁站等功能,主要用来甲方自测或乙方授权测试,请勿用来搞破坏。
Stars: ✭ 1,244 (+835.34%)
Mutual labels:  security-tools, pentest
Spiderfoot
SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
Stars: ✭ 6,882 (+5074.44%)
Mutual labels:  pentest, security-tools
Hacker Container
Container with all the list of useful tools/commands while hacking and pentesting Kubernetes Clusters
Stars: ✭ 105 (-21.05%)
Mutual labels:  security-tools, pentest
Jwtxploiter
A tool to test security of json web token
Stars: ✭ 130 (-2.26%)
Mutual labels:  security-tools, pentest
Catnip
Cat-Nip Automated Basic Pentest Tool - Designed For Kali Linux
Stars: ✭ 108 (-18.8%)
Mutual labels:  security-tools, pentest
Dumpsterfire
"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.
Stars: ✭ 775 (+482.71%)
Mutual labels:  security-tools, pentest
Interlace
Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.
Stars: ✭ 760 (+471.43%)
Mutual labels:  security-tools, enumeration
Ksubdomain
无状态子域名爆破工具
Stars: ✭ 976 (+633.83%)
Mutual labels:  security-tools, enumeration
Diamorphine
LKM rootkit for Linux Kernels 2.6.x/3.x/4.x/5.x (x86/x86_64 and ARM64)
Stars: ✭ 725 (+445.11%)
Mutual labels:  security-tools, pentest
Cloakify
CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection
Stars: ✭ 1,136 (+754.14%)
Mutual labels:  security-tools, pentest
Sippts
Set of tools to audit SIP based VoIP Systems
Stars: ✭ 116 (-12.78%)
Mutual labels:  security-tools, pentest
Habu
Hacking Toolkit
Stars: ✭ 635 (+377.44%)
Mutual labels:  security-tools, pentest
Jok3r
Jok3r v3 BETA 2 - Network and Web Pentest Automation Framework
Stars: ✭ 645 (+384.96%)
Mutual labels:  security-tools, pentest
Wsmanager
Webshell Manager
Stars: ✭ 99 (-25.56%)
Mutual labels:  security-tools, pentest

o365spray

This is a username enumeration and password spraying tool aimed at Microsoft O365. For educational purposes only.

This tool reimplements a collection of enumeration and spray techniques researched and identified by those mentioned in Acknowledgments.

Updates:

- The office.com enumeration module has been implemented and set to default for Managed realms.
- The ActiveSync enumeration and password spraying modules have been reimplemented in an
  attempt to handle the recent updates from Microsoft that are causing invalid results. The
  ActiveSync enumeration module still returns some false positives - this is why the office.com
  enumeration module has been moved to the default process.
- When a Federated realm is identified, the user is prompted to switch enumeration to OneDrive
  (otherwise disabled due to invalid results from different modules) and to switch spraying to
  ADFS (otherwise sprays against the user selected spray-type).

WARNING: ActiveSync user enumeration is performed by submitting a single authentication attempt per user. If ActiveSync enumeration is run with password spraying, the tool will automatically reset the lockout timer prior to the password spray -- if enumeration is run alone, the user should be aware of the authentication attempts and reset the lockout timer manually.

OneDrive user enumeration relies on the target user(s) to have previously logged into OneDrive. If a valid user has not yet used OneDrive, their account will show as 'invalid'. This appears to be a viable solution for user enumeration against federated realms.

Usage

Validate domain is using O365:
python3 o365spray.py --validate --domain test.com

Perform username enumeration:
python3 o365spray.py --enum -U usernames.txt --domain test.com

Perform password spray:
python3 o365spray.py --spray -U usernames.txt -P passwords.txt --count 2 --lockout 5 --domain test.com

usage: o365spray.py [-h] [-d DOMAIN] [--validate] [--enum] [--spray]
                    [-u USERNAME] [-p PASSWORD] [-U USERFILE] [-P PASSFILE]
                    [--paired PAIRED] [-c COUNT] [-l LOCKOUT]
                    [--validate-type {openid-config,getuserrealm}]
                    [--enum-type {office,activesync,onedrive}]
                    [--spray-type {activesync,autodiscover,msol,adfs}]
                    [--adfs ADFS] [--rate RATE] [--safe SAFE]
                    [--timeout TIMEOUT] [--proxy PROXY] [--output OUTPUT]
                    [--version] [--debug]

Microsoft O365 User Enumerator and Password Sprayer -- v1.3.7

optional arguments:
  -h, --help            show this help message and exit

  -d DOMAIN, --domain DOMAIN
                        Target domain

  --validate            Perform domain validation only.
  --enum                Perform username enumeration.
  --spray               Perform password spraying.

  -u USERNAME, --username USERNAME
                        Username(s) delimited using commas.

  -p PASSWORD, --password PASSWORD
                        Password(s) delimited using commas.

  -U USERFILE, --userfile USERFILE
                        File containing list of usernames.

  -P PASSFILE, --passfile PASSFILE
                        File containing list of passwords.

  --paired PAIRED       File containing list of username:password format.

  -c COUNT, --count COUNT
                        Number of password attempts to run before resetting
                        lockout timer. Default: 1

  -l LOCKOUT, --lockout LOCKOUT
                        Lockout policy reset time (in minutes). Default: 15
                        minutes

  --validate-type {openid-config,getuserrealm}
                        Specify which validation module to use. Default:
                        getuserrealm

  --enum-type {office,activesync,onedrive}
                        Specify which enum module to use. Default: Office

  --spray-type {activesync,autodiscover,msol,adfs}
                        Specify which spray module to use. Default: ActiveSync

  --adfs ADFS           URL of target ADFS login page for password spraying.

  --rate RATE           Number of concurrent connections during enumeration
                        and spraying. Default: 10

  --safe SAFE           Terminate scan if `N` locked accounts are observed.
                        Default: 10

  --timeout TIMEOUT     Request timeout in seconds. Default: 25

  --proxy PROXY         Proxy to pass traffic through (e.g.
                        http://127.0.0.1:8080).

  --output OUTPUT       Output directory for results. Default: Current
                        directory

  --version             Print the tool version.
  --debug               Debug output

Modules

Validation

  • openid-config
  • getuserrealm

Enumeration

  • office
  • activesync
  • onedrive
  • autodiscover -- No longer working - Removed

Spraying

  • activesync
  • autodiscover
  • msol
  • adfs

Acknowledgments

Office.com Code/References

ActiveSync Code/References

Autodiscover Code/References

  • @Raikia
  • User enumeration via Autodiscover without authentication

MSOL Code/References

OneDrive Code/References

ADFS Code/References

Other Code References

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].