Oh365UserFinder is used for identifying valid o365 accounts without the risk of account lockouts.

Related tags

Security related resourcesOh365UserFinder
Overview

Oh365 User Finder

ko-fi

Oh365UserFinder

Oh365UserFinder is used for identifying valid o365 accounts without the risk of account lockouts. The tool parses responses to identify the "IfExistsResult" flag is null or not, and responds appropriately if the user is valid.

Usage

Installing Oh365UserFinder

git clone https://github.com/dievus/Oh365UserFinder.git

Change directories to Oh365UserFinder and run:

pip3 install -r requirements.txt

This will run the install script to add necessary dependencies to your system.

python3 Oh365UserFinder.py -h

This will output the help menu, which contains the following flags:

-h, --help - Lists the help options

-e, --email - Required for running Oh365UserFinder against a single email account

-r, --read - Reads from a text file containing emails (ex. -r emails.txt)

-w, --write - Writes valid emails to a text document (ex. -w validemails.txt)

-t, --threading - Sets a pause between attempts in seconds (ex. -t 60)

-v, --verbose - Outputs test verbosely; note that you must use y to run verbosely (ex. -v y)

Examples of full commands include:

python3 o365UserFinder.py -e [email protected]

python3 Oh365UserFinder.py -r emails.txt -w validemails.txt

python3 Oh365UserFinder.py -r emails.txt -w validemails.txt -t 30 -v y

Notes

Make note that Microsoft does have some defense in place that can, from time to time, provide false positives in feedback. If you suspect that this is occurring take a pause in testing, and return and increase the duration between attempts using the -t flag.

Oh365UserFinderScan

Acknowledgements

This project is based on a previous tool named o365Creeper developed by Korey Mckinley that was last supported in 2019, and developed in Python2.

Comments
  • Invalid 'NoneType' argument for int() function

    Invalid 'NoneType' argument for int() function

    Hi @dievus , first I want to thank you for the great tool.

    As shown in the images below, when using the tool without the -l / --lockout argument, after a LOCKOUT occurrence, an exception occurs that breaks the password spray flow.

    Error : 2022-06-21_15-23

    No Error: 2022-06-21_15-25

    This error occurs because on line 276, the -l / --lockout argument is multiplied by the integer value 60. If the parameter is not defined by the user, the type of the 'lockout' variable is defined as NoneType, which by in turn, it cannot receive arithmetic operations with an integer value, causing the error.

    Suggestions:

    • [x] Create a condition that checks if the -l or --lockout argument was defined by the user at script execution, otherwise it sets a default value (1 maybe) or returns to the help menu and 'forces' the user to use the -l / --lockout argument.
    opened by FroydCod3r 3
  • Enhancement - check whether the IP address is being throttled

    Enhancement - check whether the IP address is being throttled

    The results may get throttled - in that case you'll be returned with false positives (i.e. it always returns "IfExistsResults":0). You can check throttle by looking whether "ThrottleStatus":1.

    If would be nice to return a warning in this case.

    enhancement good first issue 
    opened by tautology0 3
  • Domain Check - Unknown, Managed, Federated

    Domain Check - Unknown, Managed, Federated

    https://github.com/dievus/Oh365UserFinder/blob/main/oh365userfinder.py#L204 valid_response = re.search('"NameSpaceType":"Managed",', response)

    Microsoft outline that there are different namespace types besides Unknown and Managed. As far as I can tell, there is also, Federated which can be seen here for my local university. https://login.microsoftonline.com/[email protected]

    Potentially consider that the regex should check for the word Unknown and change the response to a negative if returned true.

    opened by ILightThings 2
  • invalid email cache & sleep on throttle

    invalid email cache & sleep on throttle

    1. Keep record of invalid emails and skip if an email has already been deemed invalid
    2. When throttling is enabled, sleep and then retry
    3. Appends domain if specified (for use with wordlists without email domain)
    opened by chrismeistre 1
  • Add a shebang so we can be lazy

    Add a shebang so we can be lazy

    The script doesn't have the traditional shebang of: #!/usr/bin/env python3

    So it can't be directly run from the shell. Any chance this could be added to help us lazy people?

    enhancement 
    opened by tautology0 1
Owner
Joe Helle
Also known as the Mayor
Joe Helle
GitHub Repository
Gmail Accounts Hacking

gmail-hack Gmail Accounts Hacking Gemail-Hack python script for Hack gmail account brute force What is brute force attack? In brute force attack,scrip

Aryan 25 Nov 10, 2022
A tool to extract the IdP cert from vCenter backups and log in as Administrator

vCenter SAML Login Tool A tool to extract the Identity Provider (IdP) cert from vCenter backups and log in as Administrator Background Commonly, durin

Horizon 3 AI Inc 343 Dec 31, 2022
The Easiest Way To Gallery Hacking

The easiest way to HACK A GALLARY, Get every part of your friends' gallery ( 100% Working ) | Tool By John Kener 🇱🇰

John Kener 34 Nov 30, 2022
Springboot directory scanning

Springboot directory scanning

WINEZERO 87 Dec 28, 2022
A bare-bones POC container runner in python

pybox A proof-of-concept bare-bones container written in 50 lines of python code. Provides namespace isolation and resource limit control Usage Insta

Anirudh Haritas Murali 5 Jun 03, 2021
LdapRelayScan - Check for LDAP protections regarding the relay of NTLM authentication

LDAP Relay Scan A tool to check Domain Controllers for LDAP server protections r

315 Dec 18, 2022
This repo explains in details about buffer overflow exploit development for windows executable.

Buffer Overflow Exploit Development For Beginner Introduction I am beginner in security community and as my fellow beginner, I spend some of my time a

cris_0xC0 11 Dec 17, 2022
neo Tool is great one in binary exploitation topic

neo Tool is great one in binary exploitation topic. instead of doing several missions by many tools and windows, you can now automate this in one tool in one session.. Enjoy it

Hamza Elansari 4 Oct 10, 2022
A hashtag check python module

A hashtag check python module

Fayas Noushad 3 Aug 10, 2022
2021hvv漏洞汇总

清单 披露时间 涉及商家/产品 漏洞描述 2021/04/08 启明星辰天清汉马USG防火墙存在逻辑缺陷漏洞(历史漏洞) CNVD-2021-17391 启明星辰 天清汉马USG防火墙 逻辑缺陷漏洞 CNVD-2021-12793 2021/04/08 禅道项目管理软件11.6 禅道 11.6 sq

555 Jan 02, 2023
Pgen is the best brute force password generator and it is improved from the cupp.py

pgen Pgen is the best brute force password generator and it is improved from the cupp.py The pgen tool is dedicated to Leonardo da Vinci -Time stays l

heyheykids 2 Jan 31, 2022
Simples brute forcer de diretorios para web pentest.

🦑 dirbruter Simples brute forcer de diretorios para web pentest. ❕ Atenção Não ataque sites privados. Isto é illegal. 🖥️ Pré-requisitos Ultima versã

Dio brando 6 Jan 22, 2022
logmap: Log4j2 jndi injection fuzz tool

logmap - Log4j2 jndi injection fuzz tool Used for fuzzing to test whether there are log4j2 jndi injection vulnerabilities in header/body/path Use http

之乎者也 67 Oct 25, 2022
A simple linux keylogger project.

The project This project is a simple linux keylogger. When activated, it registers all the actions made with the keyboard. The log files are registere

1 Oct 24, 2021
This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform.

MurMurHash This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform. What is MurMurHash? Murm

Viral Maniar 87 Dec 31, 2022
Cve-2022-23131 - Cve-2022-23131 zabbix-saml-bypass-exp

cve-2022-23131 cve-2022-23131 zabbix-saml-bypass-exp replace [zbx_signed_session

东方有鱼名为咸 135 Dec 14, 2022
com_media allowed paths that are not intended for image uploads to RCE

CVE-2021-23132 com_media allowed paths that are not intended for image uploads to RCE. CVE-2020-24597 Directory traversal in com_media to RCE Two CVEs

KIEN HOANG 67 Nov 09, 2022
Attack SQL Server through gopher protocol

Attack SQL Server through gopher protocol

hack2fun 17 Nov 30, 2022
Log4j vuln fuzz/scan with python

Log4jFuzz log4j vuln fuzz/scan USE // it's use localhost udp server to check target vuln. python3 log4jFuzz.py [option] optional arguments: -u URL,

VVzv 3 Dec 22, 2021
A black hole for Internet advertisements

Network-wide ad blocking via your own Linux hardware The Pi-hole® is a DNS sinkhole that protects your devices from unwanted content, without installi

Pi-hole 40.3k Jan 09, 2023