Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/LMGsec/o365creeper
Python script that performs email address validation against Office 365 without submitting login attempts.
https://github.com/LMGsec/o365creeper
Last synced: 3 months ago
JSON representation
Python script that performs email address validation against Office 365 without submitting login attempts.
- Host: GitHub
- URL: https://github.com/LMGsec/o365creeper
- Owner: LMGsec
- License: bsd-2-clause
- Created: 2019-07-12T21:32:05.000Z (almost 5 years ago)
- Default Branch: master
- Last Pushed: 2020-08-07T17:40:41.000Z (almost 4 years ago)
- Last Synced: 2024-01-20T09:25:04.059Z (5 months ago)
- Language: Python
- Size: 4.88 KB
- Stars: 288
- Watchers: 6
- Forks: 58
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Lists
- Awesome-Azure-Pentest - o365creeper - Enumerate valid email addresses (Tools / Enumeration)
README
## Description
This is a simple Python script used to validate email accounts that belong to Office 365 tenants.
This script takes either a single email address or a list of email addresses as input,
sends a request to Office 365 without a password, and looksfor the the "IfExistsResult"
parameter to be set to 0 for a valid account. Invalid accounts will return a 1.## Usage
This script depends on the Python "Requests" library. The script can take a single email address
with the -e parameter or a list of email addresses, one per line, with the -f parameter.
Additionally, the script can output valid email addressesto a file with the -o parameter.
Examples:
o365creeper.py -e [email protected]
o365creeper.py -f emails.txt
o365creeper.py -f emails.txt -o validemails.txt## NOTE
Office 365 will flag these requests randomly after repeated, successive attempts to validate the
same email address which may generate false positives such as invalid email addresses showing as
valid. This is denoted by the "ThrottleStatus" parameter being set to 1 in the server's response.
This tool is best used with a list of unique email addresses.
This tool is offered with no warranty and is to be used at your own risk and discretion.