{"id":13799250,"url":"https://github.com/byt3bl33d3r/SprayingToolkit","last_synced_at":"2025-05-13T06:32:37.838Z","repository":{"id":39228987,"uuid":"148617943","full_name":"byt3bl33d3r/SprayingToolkit","owner":"byt3bl33d3r","description":"Scripts to make password spraying attacks against Lync/S4B, OWA \u0026 O365 a lot quicker, less painful and more efficient","archived":true,"fork":false,"pushed_at":"2022-10-17T01:01:57.000Z","size":118,"stargazers_count":1468,"open_issues_count":22,"forks_count":266,"subscribers_count":34,"default_branch":"master","last_synced_at":"2025-01-18T21:35:54.398Z","etag":null,"topics":["lync","o365","owa","password-spraying","password-spraying-attacks","pentesting","python3","red-teams","security","security-tools","skype-for-business"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/byt3bl33d3r.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null},"funding":{"github":"byt3bl33d3r","patreon":"byt3bl33d3r","ko_fi":"byt3bl33d3r"}},"created_at":"2018-09-13T09:52:11.000Z","updated_at":"2025-01-12T04:31:00.000Z","dependencies_parsed_at":"2022-07-14T09:22:17.049Z","dependency_job_id":null,"html_url":"https://github.com/byt3bl33d3r/SprayingToolkit","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/byt3bl33d3r%2FSprayingToolkit","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/byt3bl33d3r%2FSprayingToolkit/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/byt3bl33d3r%2FSprayingToolkit/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/byt3bl33d3r%2FSprayingToolkit/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/byt3bl33d3r","download_url":"https://codeload.github.com/byt3bl33d3r/SprayingToolkit/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253889209,"owners_count":21979585,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["lync","o365","owa","password-spraying","password-spraying-attacks","pentesting","python3","red-teams","security","security-tools","skype-for-business"],"created_at":"2024-08-04T00:01:00.327Z","updated_at":"2025-05-13T06:32:37.371Z","avatar_url":"https://github.com/byt3bl33d3r.png","language":"Python","funding_links":["https://github.com/sponsors/byt3bl33d3r","https://patreon.com/byt3bl33d3r","https://ko-fi.com/byt3bl33d3r"],"categories":["[↑](#table-of-contents) [Credential Access](https://attack.mitre.org/tactics/TA0006/)","Python","Python (1887)","Privilege Escalation Tools","Operating Systems","Password Generation"],"sub_categories":["[T1110 - Brute Force](https://attack.mitre.org/techniques/T1110)","Password Spraying Tools","Windows","Spraying Tools"],"readme":"# Deprecation Notice\n\nThis project is no longer maintained. The following alternative projects are better and actively maintained:\n\n- [TREVORspray](https://github.com/blacklanternsecurity/TREVORspray)\n- [CredMaster](https://github.com/knavesec/CredMaster)\n\n# SprayingToolkit\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"http://38.media.tumblr.com/79d7e2a376cb96fb581b3453070f6229/tumblr_ns5suorqYu1szok8ro1_500.gif\" alt=\"SprayingToolkit\"/\u003e\n\u003c/p\u003e\n\n\n## Description\n\nA set of Python scripts/utilities that *tries* to make password spraying attacks against Lync/S4B \u0026 OWA a lot quicker, less painful and more efficient.\n\n## Sponsors\n[\u003cimg src=\"https://www.blackhillsinfosec.com/wp-content/uploads/2016/03/BHIS-logo-L-300x300.png\" width=\"130\" height=\"130\"/\u003e](https://www.blackhillsinfosec.com/)\n[\u003cimg src=\"https://handbook.volkis.com.au/assets/img/Volkis_Logo_Brandpack.svg\" width=\"130\" hspace=\"10\"/\u003e](https://volkis.com.au)\n[\u003cimg src=\"https://user-images.githubusercontent.com/5151193/85817125-875e0880-b743-11ea-83e9-764cd55a29c5.png\" width=\"200\" vspace=\"21\"/\u003e](https://qomplx.com/blog/cyber/)\n[\u003cimg src=\"https://user-images.githubusercontent.com/5151193/86521020-9f0f4e00-be21-11ea-9256-836bc28e9d14.png\" width=\"250\" hspace=\"20\"/\u003e](https://ledgerops.com)\n[\u003cimg src=\"https://user-images.githubusercontent.com/5151193/87607538-ede79e00-c6d3-11ea-9fcf-a32d314eb65e.png\" width=\"170\" hspace=\"20\"/\u003e](https://www.guidepointsecurity.com/)\n[\u003cimg src=\"https://user-images.githubusercontent.com/5151193/95542303-a27f1c00-09b2-11eb-8682-e10b3e0f0710.jpg\" width=\"200\" hspace=\"20\"/\u003e](https://lostrabbitlabs.com/)\n\n## Official Discord Channel\n\nCome hang out on Discord!\n\n[![Porchetta Industries](https://discordapp.com/api/guilds/736724457258745996/widget.png?style=banner3)](https://discord.gg/khRyjTg)\n\n## Installation\n\nInstall the pre-requisites with `pip3` as follows:\n\n```bash\nsudo -H pip3 install -r requirements.txt\n```\n\nOr use a Python virtual environment if you don't want to install the packages globally.\n\n## Tool Overview\n\n### Atomizer\n\nA blazing fast password sprayer for Lync/Skype For Business and OWA, built on Asyncio and Python 3.7\n\n#### Usage\n```\nUsage:\n    atomizer (lync|owa|imap) \u003ctarget\u003e \u003cpassword\u003e \u003cuserfile\u003e [--targetPort PORT] [--threads THREADS] [--debug]\n    atomizer (lync|owa|imap) \u003ctarget\u003e \u003cpasswordfile\u003e \u003cuserfile\u003e --interval \u003cTIME\u003e [--gchat \u003cURL\u003e] [--slack \u003cURL\u003e] [--targetPort PORT][--threads THREADS] [--debug]\n    atomizer (lync|owa|imap) \u003ctarget\u003e --csvfile CSVFILE [--user-row-name NAME] [--pass-row-name NAME] [--targetPort PORT] [--threads THREADS] [--debug]\n    atomizer (lync|owa|imap) \u003ctarget\u003e --user-as-pass USERFILE [--targetPort PORT] [--threads THREADS] [--debug]\n    atomizer (lync|owa|imap) \u003ctarget\u003e --recon [--debug]\n    atomizer -h | --help\n    atomizer -v | --version\n\nArguments:\n    target         target domain or url\n    password       password to spray\n    userfile       file containing usernames (one per line)\n    passwordfile   file containing passwords (one per line)\n\nOptions:\n    -h, --help               show this screen\n    -v, --version            show version\n    -c, --csvfile CSVFILE    csv file containing usernames and passwords\n    -i, --interval TIME      spray at the specified interval [format: \"H:M:S\"]\n    -t, --threads THREADS    number of concurrent threads to use [default: 3]\n    -d, --debug              enable debug output\n    -p, --targetPort PORT    target port of the IMAP server (IMAP only) [default: 993]\n    --recon                  only collect info, don't password spray\n    --gchat URL              gchat webhook url for notification\n    --slack URL              slack webhook url for notification\n    --user-row-name NAME     username row title in CSV file [default: Email Address]\n    --pass-row-name NAME     password row title in CSV file [default: Password]\n    --user-as-pass USERFILE  use the usernames in the specified file as the password (one per line)\n```\n\n#### Examples\n\n```bash\n./atomizer.py owa contoso.com 'Fall2018' emails.txt\n```\n\n```bash\n./atomizer.py lync contoso.com 'Fall2018' emails.txt\n```\n\n```bash\n./atomizer lync contoso.com --csvfile accounts.csv\n```\n\n```bash\n./atomizer lync contoso.com --user-as-pass usernames.txt\n```\n\n```bash\n./atomizer owa 'https://owa.contoso.com/autodiscover/autodiscover.xml' --recon\n```\n\n```bash\n./atomizer.py owa contoso.com passwords.txt emails.txt -i 0:45:00 --gchat \u003cGCHAT_WEBHOOK_URL\u003e\n```\n\n### Vaporizer\n\nA port of [@OrOneEqualsOne](https://twitter.com/OrOneEqualsOne)'s [GatherContacts](https://github.com/clr2of8/GatherContacts) Burp extension to [mitmproxy](https://mitmproxy.org/) with some improvements.\n\nScrapes Google and Bing for LinkedIn profiles, automatically generates emails from the profile names using the specified pattern and performes password sprays in real-time.\n\n(Built on top of Atomizer)\n\n#### Examples\n\n```bash\nmitmdump -s vaporizer.py --set sprayer=(lync|owa) --set domain=domain.com --set target=\u003cdomain or url to spray\u003e --set password=password --set email_format='{f}.{last}'\n```\n\nBy default `email_format` is set to `{first}.{last}` pattern and is not a required argument.\n\nThe `domain` parameter is the domain to use for generating emails from names, the `target` parameter is the domain or url to password spray\n\nInstall the mitmproxy cert, set the proxy in your browser, go to google and/or bing and search (make sure to include the `/in`):\n\n`site:linkedin.com/in \"Target Company Name\"`\n\nEmails will be dumped to `emails.txt` in the specified format, and passed to Atomizer for spraying.\n\n\n### Aerosol\n\nScrapes all text from the target website and sends it to [AWS Comprehend](https://aws.amazon.com/comprehend/) for analysis to generate custom wordlists for password spraying.\n\n**Still a work in progress**\n\n#### Usage\n\n```bash\nmitmdump -s aerosol.py --set domain=domain.com\n```\n\n### Spindrift\n\nConverts names to active directory usernames (e.g `Alice Eve` =\u003e `CONTOSO\\aeve`)\n\n#### Usage\n\n```\nUsage:\n    spindrift [\u003cfile\u003e] [--target TARGET | --domain DOMAIN] [--format FORMAT]\n\nArguments:\n    file    file containing names, can also read from stdin\n\nOptions:\n    --target TARGET   optional domain or url to retrieve the internal domain name from OWA\n    --domain DOMAIN   manually specify the domain to append to each username\n    --format FORMAT   username format [default: {f}{last}]\n```\n\n#### Examples\n\nReads names from STDIN, `--domain` is used to specify the domain manually:\n\n```bash\ncat names.txt | ./spindrift.py --domain CONTOSO\n```\n\nReads names from `names.txt`, `--target` dynamically grabs the internal domain name from OWA (you can give it a domain or url)\n\n```bash\n./spindrift.py names.txt --target contoso.com\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbyt3bl33d3r%2FSprayingToolkit","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbyt3bl33d3r%2FSprayingToolkit","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbyt3bl33d3r%2FSprayingToolkit/lists"}