A Python implementation of dafthack's MSOLSpray. A password spraying tool for Microsoft Online accounts (Azure/O365). The script logs if a user cred is valid, if MFA is enabled on the account, if a tenant doesn't exist, if a user doesn't exist, if the account is locked, or if the account is disabled.
☆95Jun 6, 2024Updated 2 years ago
Alternatives and similar repositories for MSOLSpray
Users that are interested in MSOLSpray are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Helper script for BloodHound to automatically add relationships between multiple accounts owned by the same individual☆14Jul 13, 2022Updated 3 years ago
- Scripts to interact with Microsoft Graph APIs☆46Nov 7, 2024Updated last year
- A password spraying tool for Microsoft Online accounts (Azure/O365). The script logs if a user cred is valid, if MFA is enabled on the ac…☆1,087Mar 19, 2024Updated 2 years ago
- Proof of Concept in Go from Secureworks' research on Azure Active Directory Brute-Force Attacks. Inspired by @treebuilder's POC on PowerS…☆14Feb 23, 2022Updated 4 years ago
- Azure JWT Token Manipulation Toolset☆731Dec 6, 2024Updated last year
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- Enumerate valid usernames from Office 365 using ActiveSync, Autodiscover v1, or office.com login page.☆298May 2, 2024Updated 2 years ago
- Password attacks and MFA validation against various endpoints in Azure and Office 365☆151Feb 10, 2023Updated 3 years ago
- A small POC of using Azure Functions to relay communications. Feel free to add additional functionality beyond this POC!☆80Mar 30, 2023Updated 3 years ago
- Fast multithreaded multiplatform password spraying tool designed for easy use. Supports webhooks, jitter, delay, files, rotation, backend…☆41Sep 9, 2024Updated last year
- User enumeration with Microsoft Teams API☆174Jul 9, 2021Updated 4 years ago
- C# port of the Get-AppLockerPolicy PS cmdlet☆99Dec 8, 2022Updated 3 years ago
- Modular cross-platform Microsoft Graph API (Entra, o365, and Intune) enumeration and exploitation toolkit☆166Dec 7, 2024Updated last year
- Multi-thread AzureAD Autologon SSO Password Sprayer.☆37Oct 9, 2021Updated 4 years ago
- Python3 tool to perform password spraying against Microsoft Online service using various methods☆88Mar 12, 2023Updated 3 years ago
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- Wordlist generator☆16Aug 18, 2020Updated 5 years ago
- Quick and dirty dynamic redirect.rules generator☆171Oct 12, 2022Updated 3 years ago
- Office 365 and Exchange domain federation enumeration tool☆13Sep 6, 2023Updated 2 years ago
- Dump Azure AD Connect credentials for Azure AD and Active Directory☆792Aug 26, 2025Updated 9 months ago
- Web Inventory tool, takes screenshots of webpages using Pyppeteer (headless Chrome/Chromium) and provides some extra bells & whistles to …☆763Sep 23, 2024Updated last year
- onedrive user enumeration - pentest tool to enumerate valid o365 users☆755Jul 29, 2025Updated 10 months ago
- Implementation of b4rtiks's SharpMiniDump using NTFS transactions to avoid writting the minidump to disk and exfiltrating it via HTTPS us…☆71Nov 14, 2020Updated 5 years ago
- Reproducible and extensible BloodHound playbooks☆44Jan 20, 2020Updated 6 years ago
- Bash script to take the powerkatz.dll files, encode them using base64 and then replace the old binaries with the new in the Invoke-Mimika…☆16Oct 8, 2016Updated 9 years ago
- Open source password manager - Proton Pass • AdSecurely store, share, and autofill your credentials with Proton Pass, the end-to-end encrypted password manager trusted by millions.
- Kerberos Resource-Based Constrained Delegation Attack from Outside using Impacket☆640Aug 15, 2025Updated 9 months ago
- TREVORspray is a modular password sprayer with threading, clever proxying, loot modules, and more!☆1,342May 21, 2026Updated 3 weeks ago
- Iterative AD discovery toolkit for offensive operations☆86Mar 16, 2020Updated 6 years ago
- ☆127Jun 19, 2020Updated 5 years ago
- A stealthier approach to WMI-based command execution using Impacket without touching the disk.☆83Mar 15, 2026Updated 2 months ago
- Low and slow password spraying tool, designed to spray on an interval over a long period of time☆221Jan 30, 2026Updated 4 months ago
- Ansible role to install Cobalt Strike and optionally configure as Teamserver☆33Mar 17, 2021Updated 5 years ago
- scan for NTLM directories☆391Aug 13, 2025Updated 9 months ago
- Dump NTDS with golden certificates and UnPAC the hash☆651Mar 20, 2024Updated 2 years ago
- Wordpress hosting with auto-scaling - Free Trial Offer • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- LDAP library for auditing MS AD☆496Feb 11, 2026Updated 4 months ago
- Ludus role for deploying a Cobalt Strike Teamserver onto Linux servers☆19Mar 19, 2025Updated last year
- A script that greps composite key-like strings from a KeePassXC process dump, then uses a customized version of pykeepass library to unlo…☆33Nov 12, 2022Updated 3 years ago
- Log converter from CS log to Ghostwriter CSV☆31Nov 23, 2020Updated 5 years ago
- Scripts to make password spraying attacks against Lync/S4B, OWA & O365 a lot quicker, less painful and more efficient☆1,572Oct 17, 2022Updated 3 years ago
- BOF to terminate a process via PID as argument☆28Sep 7, 2025Updated 9 months ago
- Kibana app for RedELK☆18Mar 19, 2023Updated 3 years ago