/Omnispray

Modular Enumeration and Password Spraying Framework

Primary LanguagePython

Omnispray

Omnispray | Modular Enumeration and Password Spraying Framework -- v0.1.4

Omnispray aims to replace tools such as o365spray and provide a modular framework to expand enumeration and spraying beyond just a single target/application.

The primary goal is to provide a framework to allow for the easy development and implementation of user enumeration and password spraying techniques for a variety of targets/applications. While there are currently several prebuilt modules included, this tool provides module templates to give users the tools needed to extend the tools usage for non-standard cases. The goal is also to provide a central tool to handle all enumeration and spraying.

Modules

See MODULES.md for information on custom module development as well as details on included modules (O365, OWA, etc.).

Usage

Flag Description
-m
--module
Specify the module to run via the modules/ directory.
-d
--domain
Target domain for enumeration/spraying.
-tenant
--tenant
Target tenant name in case it differs with domain for enumeration/spraying.
-t
--type
Module type. If left blank, Omnispray will attempt to autodetect the module type based on the module name. {enum, spray}
--url Target URL. This is for modules that don't use a standard URL for targeting.
-u
--user
Single username/email to process.
-us
--users
Multiple users/emails to process. (--users uname1 uname2 uname3 ...)
-uf
--userfile
File containing multiple users/emails to process.
-p
--password
Single password to process.
-ps
--passwords
Multiple passwords to process. (--passwords password1 password2 password3 ...)
-pf
--passwordfile
File containing multiple password to process.
-c
--count
When password spraying, number of password attempts to run before resetting lockout timer. Default: 1 password per spray rotation
-l
--lockout
Password spraying lockout policy reset time (in minutes). Default: 15 minutes
-s
--split
When enumerating, number of usernames to group by during execution
-w
--wait
If splitting user enumeration via --split, time to wait between group runs (in minutes). Default: 5 minutes
--timeout Request timeout in seconds. Default: 25 seconds
--proxy Proxy to pass traffic through (e.g. http://127.0.0.1:8080).
--proxy-url URL of proxy to request instead of the module URL. This is to be used with tools such as FireProx.
--proxy-headers Custom headers to use when a --proxy-url has been provided (--proxy-headers "header: value" "header2: value" "header3: value" ...) (e.g. "X-My-X-Forwarded-For: 127.0.0.1" when using FireProx)
--outdir Directory for results and tested files. Default: results/
--logdir Directory for log files. Default: logs/
--pause Sleep (jitter) time before each task is executed in seconds. If set to '-1', a random pause, between 0.250 and 0.750, will occur before each task execution. Default: 0.250 seconds
--rate Number of concurrent connections during enumeration/spraying. Default: 10 threads
--version Print the tool version
--debug Print debug information

Examples

O365 user enumeration via the Office module.

> python3 omnispray.py --type enum -uf users.txt --module o365_enum_office

O365 password spraying via the ActiveSync module.

> python3 omnispray.py --type spray -uf users.txt -pf passwords.txt \
                       --module o365_spray_activesync \
                       --count 3 --lockout 30