Offensive Security Tool: o365sprayer

by | Oct 20, 2023 | Tools

Premium Content

Patreon

Reading Time: 2 Minutes

Description

o365sprayer by securebinary, is a tool used to enumerate and spray passwords for Office 365 accounts on both Managed and Federated AD (Active Directory) services. It has the ability to distinguish managed O365 and Federated Microsoft Office 365 accounts for a target domain.

It can help during security assessments by testing Microsoft Office 365 environments for security vulnerabilities or misconfigurations.

See Also: So you want to be a hacker?
Offensive Security and Ethical Hacking Course

Features

Here are some of the abilities you can do:

  • Enumerates emails for valid O365 accounts
  • Sprays passwords to check for valid credentials
  • Provide custom delay between each request
  • Provide number of attempts which triggers account lockout
  • Provide cool down time for account lockout
  • Provide maximum number of account lockouts to tolerate while spraying

 

The fact that you can customize the attack vectors such as the custom delay and so on, allows you to evade a lot of policies that are set when it’s performing the fuzzing and brute-forcing part which are designed to trigger account lockouts, bypassing them.

 

Installation

O365 Sprayer was built using go1.18.4. Make sure you use the latest version of Go to install successfully. Run the following command to install the latest version:

go install -v github.com/securebinary/o365sprayer@latest

 

Usage

This will display help for the CLI tool. Here are all the required arguments it supports.

Clone the repo from here: GitHub Link

 

Merch

Recent Tools

Offensive Security & Ethical Hacking Course

Begin the learning curve of hacking now!


Information Security Solutions

Find out how Pentesting Services can help you.


Join our Community

Share This