Password Spraying Utility designed for testing legacy OWA instances.
Attempt authentication as a single user:
python3 owa_spray.py -i 169.254.42.69 -d testdomain.local -u Administrator -p passwordAttempt spray against multiple users:
python3 owa_spray.py -i 169.254.42.69 -d testdomain.local -U list_of_users.txt -p passwordAttempt spray against multiple users, but wait 10 seconds between requests:
python3 owa_spray.py -i 169.254.42.69 -d testdomain.local -U list_of_users.txt -p password -j 10Attempt spray against multiple users, and write results to owa_spray.log:
python3 owa_spray.py -i 169.254.42.69 -d testdomain.local -U list_of_users.txt -p password -o true| Flag | Argument | Description |
|---|---|---|
| -h | --help | Show the help menu |
| -i | --ip <IP_ADDRESS> | IP of OWA Instance |
| -d | --domain <domain.local> | Domain of target account |
| -u | --username <Username> | Username to target for password spraying |
| -U | --User-list <dictionary.txt> | List of usernames for password spraying |
| -p | --password <password> | The password to spray with |
| -j | --jitter <0-99999> | Time to sleep between requests |
| -o | --out-file <True/unset> | Write results to owa_spray.log |
- add flag for proxies
- clean-up output
- add/suppress verbosity