A Python implementation of dafthack's MSOLSpray. A password spraying tool for Microsoft Online accounts (Azure/O365). The script logs if a user cred is valid, if MFA is enabled on the account, if a tenant doesn't exist, if a user doesn't exist, if the account is locked, or if the account is disabled.
☆95Jun 6, 2024Updated last year
Alternatives and similar repositories for MSOLSpray
Users that are interested in MSOLSpray are comparing it to the libraries listed below
Sorting:
- Helper script for BloodHound to automatically add relationships between multiple accounts owned by the same individual☆14Jul 13, 2022Updated 3 years ago
- A small POC of using Azure Functions to relay communications. Feel free to add additional functionality beyond this POC!☆81Mar 30, 2023Updated 2 years ago
- Password attacks and MFA validation against various endpoints in Azure and Office 365☆153Feb 10, 2023Updated 3 years ago
- Enumerate valid usernames from Office 365 using ActiveSync, Autodiscover v1, or office.com login page.☆292May 2, 2024Updated last year
- A password spraying tool for Microsoft Online accounts (Azure/O365). The script logs if a user cred is valid, if MFA is enabled on the ac…☆1,077Mar 19, 2024Updated last year
- Proof of Concept in Go from Secureworks' research on Azure Active Directory Brute-Force Attacks. Inspired by @treebuilder's POC on PowerS…☆14Feb 23, 2022Updated 4 years ago
- Modular cross-platform Microsoft Graph API (Entra, o365, and Intune) enumeration and exploitation toolkit☆165Dec 7, 2024Updated last year
- User enumeration with Microsoft Teams API☆175Jul 9, 2021Updated 4 years ago
- Scripts to interact with Microsoft Graph APIs☆44Nov 7, 2024Updated last year
- Azure JWT Token Manipulation Toolset☆716Dec 6, 2024Updated last year
- This extension replaces the default repeater tab name with the URL path of the repeater request.☆24Sep 3, 2021Updated 4 years ago
- Multi-thread AzureAD Autologon SSO Password Sprayer.☆37Oct 9, 2021Updated 4 years ago
- Bash script to take the powerkatz.dll files, encode them using base64 and then replace the old binaries with the new in the Invoke-Mimika…☆16Oct 8, 2016Updated 9 years ago
- Log converter from CS log to Ghostwriter CSV☆31Nov 23, 2020Updated 5 years ago
- Office 365 and Exchange domain federation enumeration tool☆13Sep 6, 2023Updated 2 years ago
- ☆127Jun 19, 2020Updated 5 years ago
- C# port of the Get-AppLockerPolicy PS cmdlet☆100Dec 8, 2022Updated 3 years ago
- Dump Azure AD Connect credentials for Azure AD and Active Directory☆779Aug 26, 2025Updated 6 months ago
- Implementation of b4rtiks's SharpMiniDump using NTFS transactions to avoid writting the minidump to disk and exfiltrating it via HTTPS us…☆71Nov 14, 2020Updated 5 years ago
- onedrive user enumeration - pentest tool to enumerate valid o365 users☆744Jul 29, 2025Updated 7 months ago
- Kibana app for RedELK☆18Mar 19, 2023Updated 2 years ago
- Kerberos Resource-Based Constrained Delegation Attack from Outside using Impacket☆614Aug 15, 2025Updated 6 months ago
- LDAP library for auditing MS AD☆486Feb 11, 2026Updated 2 weeks ago
- scan for NTLM directories☆378Aug 13, 2025Updated 6 months ago
- Dump NTDS with golden certificates and UnPAC the hash☆647Mar 20, 2024Updated last year
- Quick and dirty dynamic redirect.rules generator☆170Oct 12, 2022Updated 3 years ago
- Web Inventory tool, takes screenshots of webpages using Pyppeteer (headless Chrome/Chromium) and provides some extra bells & whistles to …☆761Sep 23, 2024Updated last year
- TREVORspray is a modular password sprayer with threading, clever proxying, loot modules, and more!☆1,304Jan 29, 2026Updated last month
- Reproducible and extensible BloodHound playbooks☆44Jan 20, 2020Updated 6 years ago
- HoneyZure is a honeypot tool specifically designed for Azure environments, fully provisioned through Terraform. It leverages a Log Analyt…☆17Jun 11, 2024Updated last year
- An easy way to convert BloodHound output files into data that can be imported into reporting software like Dradis and Plextrac. Built by …☆18Oct 15, 2020Updated 5 years ago
- Fast multithreaded multiplatform password spraying tool designed for easy use. Supports webhooks, jitter, delay, files, rotation, backend…☆41Sep 9, 2024Updated last year
- Low and slow password spraying tool, designed to spray on an interval over a long period of time☆218Jan 30, 2026Updated last month
- Using outlook COM objects to create convincing phishing emails without the user noticing. This project is meant for internal phishing.☆155Dec 22, 2020Updated 5 years ago
- Targeted Payload Execution☆100Apr 9, 2020Updated 5 years ago
- Wordlist generator☆16Aug 18, 2020Updated 5 years ago
- Password spraying tool and Bloodhound integration☆248Dec 31, 2024Updated last year
- tool for identifying guest relationships between companies☆103Jun 27, 2024Updated last year
- Microsoft Graph API post-exploitation toolkit☆95Jul 13, 2024Updated last year