View Demo · Report Bug · Request Feature
Table of Contents
This script will automatically run through a list of Google searches, in order to automate Google Dorks for pen testing engagements.
Password spraying is an integral part of penetration testing. DUO's cloud-based SSO solution is growing increasingly popular, but few solutions exist for testing organizations using DUO SSO. This solution will perform a password spraying attack against a DUO SSO protal.
If DUO SSO is used as the identity provider for M365, the script will automatically pull the organization's SSO URL. Otherwise, a DUO SSO URL can be manually specified.
- Clone the repo
git clone https://github.com/LukeLauterbach/Google-Dorking-Automation.git
- Install the dependencies
git install -r requirements.txt
python3 duospray.py [OPTIONAL ARGUMENTS] The script will look for files in the current directory named userlist.txt and passwords.txt. Alternatively, files can be specified using -u and -p.
| Option | Description |
|---|---|
| -u | Username File (Defaults to userlist.txt in The Current Directory) |
| -p | Password File (Defaults to passwords.txt in The Current Directory) |
| -U | Duo URL (Defaults to Grabbing URL from M365) |
| -d | Delay Between Unique Passwords |
| -dr | Delay Between Individual Password Attempts (For Added Stealth) |
| -db | Debug Mode |