/msspray

Password attacks and MFA validation against various endpoints in Azure and Office 365

Primary LanguagePythonMIT LicenseMIT

msspray.py

MSSpray is used to conduct password spray attacks against Azure AD as well as validate the implementation of MFA on Azure and Office 365 endpoints

  ------------------------------------------------------------
 |    ;---<<<<,______________________________________________ |
 |   _|_     /        /  ____/  ____/  __ /  __ / __  /  /  / |
 |  /   \   /  /  /  /____  /____  /  ___/   __/     / \   /  |
 |  |   |  /__/__/__/______/______/__/  /__/\_\__/__/  /__/   |
 |  |___|                                                     |
  ------------------------------------------------------------

Usage

Perform a password spray against the selected endpoint with the supplied userfile (one email address per line) and password and the option to stop on success (stop):

python3 msspray.py spray <userfile> <password> <endpoint_selection> <stop/blank>

Check each endpoint for authentication with a valid username and password:

python3 msspray.py validate <username> <password>

Endpoints (Default is 1)

Number Endpoint Endpoint URL
[1] aad_graph_api https://graph.windows.net
[2] ms_graph_api https://graph.microsoft.com
[3] azure_mgmt_api https://management.azure.com
[4] windows_net_mgmt_api https://management.core.windows.net
[5] cloudwebappproxy https://proxy.cloudwebappproxy.net/registerapp
[6] officeapps https://officeapps.live.com
[7] outlook https://outlook.office365.com
[8] webshellsuite https://webshell.suite.office.com
[9] sara https://api.diagnostics.office.com
[10] office_mgmt https://manage.office.com
[11] msmamservice https://msmamservice.api.application
[12] spacesapi https://api.spaces.skype.com
[13] datacatalog https://datacatalog.azure.com
[14] database https://database.windows.net
[15] AzureKeyVault https://vault.azure.net
[16] onenote https://onenote.com
[17] o365_yammer https://api.yammer.com
[18] skype4business https://api.skypeforbusiness.com
[19] o365_exchange https://outlook-sdf.office.com

Examples

spray against https://graph.windows.net, stopping on first successful login

python3 msspray.py spray users.txt Spring2020 1 stop

spray against https://management.core.windows.net

python3 msspray.py spray users.txt Spring2020 4

check all endpoints using valid account

python3 msspray.py validate bill.smith@sra.io ReallyBadPass

Blog Post: https://sra.io/blog/msspray-wait-how-many-endpoints-dont-have-mfa/

For any questions, feel free to reach out to me on Twitter @__TexasRanger