Oh365UserFinder is used for identifying valid o365 accounts without the risk of account lockouts.

Related tags

Security related resourcesOh365UserFinder
Overview

Oh365 User Finder

ko-fi

Oh365UserFinder

Oh365UserFinder is used for identifying valid o365 accounts without the risk of account lockouts. The tool parses responses to identify the "IfExistsResult" flag is null or not, and responds appropriately if the user is valid.

Usage

Installing Oh365UserFinder

git clone https://github.com/dievus/Oh365UserFinder.git

Change directories to Oh365UserFinder and run:

pip3 install -r requirements.txt

This will run the install script to add necessary dependencies to your system.

python3 Oh365UserFinder.py -h

This will output the help menu, which contains the following flags:

-h, --help - Lists the help options

-e, --email - Required for running Oh365UserFinder against a single email account

-r, --read - Reads from a text file containing emails (ex. -r emails.txt)

-w, --write - Writes valid emails to a text document (ex. -w validemails.txt)

-t, --threading - Sets a pause between attempts in seconds (ex. -t 60)

-v, --verbose - Outputs test verbosely; note that you must use y to run verbosely (ex. -v y)

Examples of full commands include:

python3 o365UserFinder.py -e [email protected]

python3 Oh365UserFinder.py -r emails.txt -w validemails.txt

python3 Oh365UserFinder.py -r emails.txt -w validemails.txt -t 30 -v y

Notes

Make note that Microsoft does have some defense in place that can, from time to time, provide false positives in feedback. If you suspect that this is occurring take a pause in testing, and return and increase the duration between attempts using the -t flag.

Oh365UserFinderScan

Acknowledgements

This project is based on a previous tool named o365Creeper developed by Korey Mckinley that was last supported in 2019, and developed in Python2.

Comments
  • Invalid 'NoneType' argument for int() function

    Invalid 'NoneType' argument for int() function

    Hi @dievus , first I want to thank you for the great tool.

    As shown in the images below, when using the tool without the -l / --lockout argument, after a LOCKOUT occurrence, an exception occurs that breaks the password spray flow.

    Error : 2022-06-21_15-23

    No Error: 2022-06-21_15-25

    This error occurs because on line 276, the -l / --lockout argument is multiplied by the integer value 60. If the parameter is not defined by the user, the type of the 'lockout' variable is defined as NoneType, which by in turn, it cannot receive arithmetic operations with an integer value, causing the error.

    Suggestions:

    • [x] Create a condition that checks if the -l or --lockout argument was defined by the user at script execution, otherwise it sets a default value (1 maybe) or returns to the help menu and 'forces' the user to use the -l / --lockout argument.
    opened by FroydCod3r 3
  • Enhancement - check whether the IP address is being throttled

    Enhancement - check whether the IP address is being throttled

    The results may get throttled - in that case you'll be returned with false positives (i.e. it always returns "IfExistsResults":0). You can check throttle by looking whether "ThrottleStatus":1.

    If would be nice to return a warning in this case.

    enhancement good first issue 
    opened by tautology0 3
  • Domain Check - Unknown, Managed, Federated

    Domain Check - Unknown, Managed, Federated

    https://github.com/dievus/Oh365UserFinder/blob/main/oh365userfinder.py#L204 valid_response = re.search('"NameSpaceType":"Managed",', response)

    Microsoft outline that there are different namespace types besides Unknown and Managed. As far as I can tell, there is also, Federated which can be seen here for my local university. https://login.microsoftonline.com/[email protected]

    Potentially consider that the regex should check for the word Unknown and change the response to a negative if returned true.

    opened by ILightThings 2
  • invalid email cache & sleep on throttle

    invalid email cache & sleep on throttle

    1. Keep record of invalid emails and skip if an email has already been deemed invalid
    2. When throttling is enabled, sleep and then retry
    3. Appends domain if specified (for use with wordlists without email domain)
    opened by chrismeistre 1
  • Add a shebang so we can be lazy

    Add a shebang so we can be lazy

    The script doesn't have the traditional shebang of: #!/usr/bin/env python3

    So it can't be directly run from the shell. Any chance this could be added to help us lazy people?

    enhancement 
    opened by tautology0 1
Owner
Joe Helle
Also known as the Mayor
Joe Helle
GitHub Repository
A fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts

log4j-scan A fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts Features Support for lists of URLs. Fuzzing for more

Duc Linh Nguyen 4 Aug 08, 2022
Search Shodan for Minecraft server IPs to grief

GriefBuddy This script searches Shodan for Minecraft server IPs to grief. This will return all servers connected to the public internet which Shodan h

26 Dec 29, 2022
Oh365UserFinder is used for identifying valid o365 accounts without the risk of account lockouts.

Oh365 User Finder Oh365UserFinder is used for identifying valid o365 accounts without the risk of account lockouts. The tool parses responses to ident

Joe Helle 414 Jan 02, 2023
A DOM-based G-Suite password sprayer and user enumerator

A DOM-based G-Suite password sprayer and user enumerator

Mayk 1 Apr 07, 2022
A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications

This project is no longer maintained March 2020 Update: Please go see the amazing Pysa tutorial that should get you up to speed finding security vulne

2.1k Dec 25, 2022
Python script to tamper with pages to test for Log4J Shell vulnerability.

log4jShell Scanner This shell script scans a vulnerable web application that is using a version of apache-log4j 2.15.0. This application is a static

GoVanguard 8 Oct 20, 2022
Bilgi Sistemleri Projesi için yapılan keylogger

Keylogger Bilgi Sistemleri Projesi için yapılan keylogger Projede kullanılan kütüphanelere sahip olmasanız da python dosyası çalıştığında kendisi gere

Tarik Bulut 1 Jan 07, 2022
Python3 script for scanning CVE-2021-44228 (Log4shell) vulnerable machines.

Log4j_checker.py (CVE-2021-44228) Description This Python3 script tries to look for servers vulnerable to CVE-2021-44228, also known as Log4Shell, a v

lfama 8 Feb 27, 2022
This is simple python FTP password craker. To crack FTP login using wordlist based brute force attack

This is simple python FTP password craker. To crack FTP login using wordlist based brute force attack

Varun Jagtap 5 Oct 08, 2022
MTBLLS Ethical Hacking Tool Announcement of v2.0

MTBLLS Ethical Hacking Tool Announcement of v2.0 MTBLLS is a Free and Open-Source Ethical Hacking Tool developed by GhostTD (SkyWtkh) The tool can onl

Ghost 2 Mar 19, 2022
Springboot directory scanning

Springboot directory scanning

WINEZERO 87 Dec 28, 2022
这次是可可萝病毒!

可可萝病毒! 事情是这样的,我又开始不干正事了。 众所周知,在Python里,0x0等于0,但是不等于可可萝。 这很不好,我们得把它改成可可萝! 效果 一般的Python—— Python 3.8.0 (tags/v3.8.0:fa919fd, Oct 14 2019, 19:37:50) [MSC

黄巍 29 Jul 14, 2022
Cve-2022-23131 - Cve-2022-23131 zabbix-saml-bypass-exp

cve-2022-23131 cve-2022-23131 zabbix-saml-bypass-exp replace [zbx_signed_session

东方有鱼名为咸 135 Dec 14, 2022
Yesitsme - Simple OSINT script to find Instagram profiles by name and e-mail/phone

Simple OSINT script to find Instagram profiles by name and e-mail/phone

108 Jan 07, 2023
POC for detecting the Log4Shell (Log4J RCE) vulnerability

Interactsh An OOB interaction gathering server and client library Features • Usage • Interactsh Client • Interactsh Server • Interactsh Integration •

ProjectDiscovery 2.1k Jan 08, 2023
A honeypot for the Log4Shell vulnerability (CVE-2021-44228)

Log4Pot A honeypot for the Log4Shell vulnerability (CVE-2021-44228). License: GPLv3.0 Features Listen on various ports for Log4Shell exploitation. Det

Thomas Patzke 79 Dec 27, 2022
This is a simple tool to create ZIP payloads using a provided wordlist for the symlink attack (present in some file upload vulnerabilities)

zip-symlink-payload-creator This is a simple tool to create ZIP payloads using a provided wordlist for the symlink attack (present in some file upload

stark0de 6 Aug 18, 2022
Deobfuscate Log4Shell payloads with ease

Ox4Shell Deobfuscate Log4Shell payloads with ease. Description Since the release

Oxeye 137 Jan 02, 2023
Pass2Pwn: a simple python3 tool created to assist penetration testers generate possible passwords for a targeted system based solely on the organization's name

Pass2Pwn is a simple python3 tool created to assist penetration testers generate possible passwords for a targeted system based solely on the organization's name

Nirmal Dahal 10 Oct 15, 2022
A malware to encrypt all the .txt and .jpg files in target computer using RSA algorithms

A malware to encrypt all the .txt and .jpg files in target computer using RSA algorithms. Change the Blackgound image of targets' computer. and decrypt the targets' encrypted files in our own compute

Li Ka Lok 2 Dec 02, 2022