https://github.com/rtfmkiesel/msolsprayng

A password spraying tool for Microsoft accounts (Azure/M365)
https://github.com/rtfmkiesel/msolsprayng

azure golang m365 microsoft pentesting

Last synced: about 1 year ago
JSON representation

A password spraying tool for Microsoft accounts (Azure/M365)

• Host: GitHub
• URL: https://github.com/rtfmkiesel/msolsprayng
• Owner: rtfmkiesel
• License: apache-2.0
• Created: 2023-04-24T19:27:01.000Z (about 3 years ago)
• Default Branch: main
• Last Pushed: 2023-09-16T22:05:55.000Z (almost 3 years ago)
• Last Synced: 2025-02-05T04:01:32.616Z (over 1 year ago)
• Topics: azure, golang, m365, microsoft, pentesting
• Language: Go
• Homepage:
• Size: 17.6 KB
• Stars: 1
• Watchers: 1
• Forks: 2
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# msolsprayng

This is a Golang port of [github.com/dafthack/MSOLSpray](https://github.com/dafthack/MSOLSpray). This tool will spray one password against a list of Microsoft accounts. Since Microsoft's GraphQL endpoint is very verbose, we get error codes back that can give us information about the login process / account state. Below is a list of error codes. All error codes can be found [here](https://docs.microsoft.com/en-us/azure/active-directory/develop/reference-aadsts-error-codes).

| Code        | Meaning                                                      |

|-------------|--------------------------------------------------------------|

| AADSTS50126 | Invalid Password                                             |

| AADSTS50128 | Tenant not found                                             |

| AADSTS50059 | Tenant not found                                             |

| AADSTS50034 | User does not exist                                          |

| AADSTS50079 | Password correct but MFA present                             |

| AADSTS50076 | Password correct but MFA present                             |

| AADSTS50158 | Password correct but MFA & Conditional Access Policy present |

| AADSTS53003 | Password correct but Conditional Access Policy present       |

| AADSTS50053 | Account locked                                               |

| AADSTS50057 | Account disabled                                             |

| AADSTS50055 | Password correct but expired                                 |

## Installation

### Binaries

Download the pre built binaries [here](https://github.com/rtfmkiesel/msolsprayng/releases).

### With go

```bash

go install github.com/rtfmkiesel/msolsprayng@latest

```

## Build from source

```bash

git clone https://github.com/rtfmkiesel/msolsprayng

cd msolsprayng

# to build binary in the current directory

go build -ldflags="-s -w" .

# to build & install binary into GOPATH/bin

go install .

```

## Usage

```

msolsprayng [OPTIONS]

	

Options:

    -u, --users                  Path to file containing E-Mail addresses to be sprayed

    -p, --password-file          Path to file containing the password to spray (will use first line)

    -P, --Password               Password to spray (argument)

    -o, --outfile                Path to the logfile

    -j, --json                           Format output as JSON (default: false)

    -v, --verbose                        Enable verbose output (default: false)

    -w, --workers                   Amount of workers / "threads" (default: 1, max 3)

    -h, --help                           Prints this text

```

## Legal

**I'm not responsible if your IP address get blocked by Microsoft.** Additionally, this code is provided for educational use only. If you engage in any illegal activity the author does not take any responsibility for it. By using this code, you agree with these terms.