- Distinguishes Managed O365 & Federated O365 for the target domain
- Enumerates emails for valid O365 accounts
- Sprays passwords to check for valid credentials
- Provide custom delay between each request
- Provide number of attempts which triggers account lockout
- Provide cool down time for account lockout
- Provide maximum number of account lockouts to tolerate while spraying
O365 Sprayer was built using go1.18.4. Make sure you use latest version of Go to install successfully. Run the following command to install the latest version:
go install -v github.com/securebinary/o365sprayer@latestaidenpearce369@horus~ o365sprayer
____ ___ _
/ __/ ___ ____ __ __ ____ ___ / _ ) (_) ___ ___ _ ____ __ __
_\ \ / -_)/ __// // / / __// -_) / _ | / / / _ \/ _ / / __/ / // /
/___/ \__/ \__/ \_,_/ /_/ \__/ /____/ /_/ /_//_/\_,_/ /_/ \_, /
/___/
O365 Sprayer v1.0.1
-d
Target domain
-u
Email to validate
-p
Password to spray
-U
Path to email list
-P
Path to password list
-enum [DEFAULT : false]
Validate O365 emails
-spray [DEFAULT : false]
Spray passwords on O365 emails
-delay [DEFAULT : 0.25]
Delay between requests
-lockout [DEFAULT : 5]
Number of incorrect attempts for account lockout
-lockoutDelay [DEFAULT : 15]
Lockout cool down time
-max-lockout [DEFAULT : 10]
Maximum number of lockout accounts
This will display help for the CLI tool. Here are all the required arguments it supports.
O365 Sprayer is made with 🖤 by the SecureBinary team. Any tweaks / community contribution are welcome.