Everything and anything related to password spraying
Awesome Password Spraying
View the README in Fullscreen for the best experience!
A curated list of password spraying tools, projects, and resources.
Note that this project primarily focuses on password-spraying tools and resources for Microsoft Office 365 and Azure Entra environments. Please help organize these resources so that they are easy for newcomers to find and understand. PRs are welcome and encouraged!
Not all of the code in these frameworks has been audited for security or opsec. Use at your own risk. Always read code before you run it!
This module, a port of various cmdlets from AADInternals, requires only a domain to successfully enumerate information such as Tenant OpenID configuration, domain login information, domain details, Tenant ID, and other domains under the shared tenant.
A specific script from AADInternals for public enumeration. AADInternals is a collection of PowerShell scripts that can be used to perform reconnaissance and post-exploitation activities on Azure AD environments.
Low and slow password spraying tool, designed to spray on an interval over a long period of time. Extensible with a plugin based framework that utilizes change instead of static indicators.
TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts. Tons of features, could be in every catagory here really.
Launch a password spray / brute force attach via Amazon AWS passthrough proxies, shifting the requesting IP address for every authentication attempt. This dynamically creates FireProx APIs for more evasive password sprays.
Go365 is a tool designed to perform user enumeration* and password guessing attacks on organizations that use Office365 (now/soon Microsoft365). Go365 uses a unique SOAP API endpoint on login.microsoftonline.com that most other tools do not use.
Spray365 is a password spraying tool designed for Microsoft accounts (Office 365/Azure AD) that distinguishes itself by using an "execution plan." Several evasion featuresand uses the adal library under the hood.
Omnispray aims to replace tools such as o365spray and provide a modular framework to expand enumeration and spraying beyond just a single target/application.
A set of Python scripts/utilities that tries to make password spraying attacks against Lync/S4B & OWA a lot quicker, less painful and more efficient. (ARCHIVED)
ROADtools is a framework to interact with Azure AD. It consists of a library (roadlib) with common components, the ROADrecon Azure AD exploration tool and the ROADtools Token eXchange (roadtx) tool.
MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange and O365 environment for specific terms (passwords, insider intel, etc.). OG
A python port of @dafthack's MFAsweep with some added OPSEC functionality. MFAde can be used to find single-factor authentication failure points in Mircrosoft Services.
MFASweep is a PowerShell script that attempts to log in to various Microsoft services using a provided set of credentials and will attempt to identify if MFA is enabled.
BARK stands for BloodHound Attack Research Kit. It is a PowerShell script built to assist the BloodHound Enterprise team with researching and continuously validating abuse primitives. BARK currently focuses on Microsoft's Azure suite of products and services.
GraphRunner is a post-exploitation toolset for interacting with the Microsoft Graph API. It provides various tools for performing reconnaissance, persistence, and pillaging of data from a Microsoft Entra ID (Azure AD) account.
Research on undocumented functionality in Azure Active Directory allows a group of Microsoft OAuth client applications to obtain special “family refresh tokens,” which can be redeemed for bearer tokens as any other client in the family. i