Skip to content
This repository has been archived by the owner on Dec 26, 2023. It is now read-only.

Password attacks and MFA validation against various endpoints in Azure and Office 365

License

Notifications You must be signed in to change notification settings

SecurityRiskAdvisors/msspray

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
 
 
 
 
 
 
 
 

Repository files navigation

Note: This repository is no longer being developed

msspray.py

MSSpray is used to conduct password spray attacks against Azure AD as well as validate the implementation of MFA on Azure and Office 365 endpoints

  ------------------------------------------------------------
 |    ;---<<<<,______________________________________________ |
 |   _|_     /        /  ____/  ____/  __ /  __ / __  /  /  / |
 |  /   \   /  /  /  /____  /____  /  ___/   __/     / \   /  |
 |  |   |  /__/__/__/______/______/__/  /__/\_\__/__/  /__/   |
 |  |___|                                                     |
  ------------------------------------------------------------

Usage

Perform a password spray against the selected endpoint with the supplied userfile (one email address per line) and password and the option to stop on success (stop):

python3 msspray.py spray <userfile> <password> <endpoint_selection> <stop/blank>

Check each endpoint for authentication with a valid username and password:

python3 msspray.py validate <username> <password>


Endpoints (Default is 1)

Number Endpoint Endpoint URL
[1] aad_graph_api https://graph.windows.net
[2] ms_graph_api https://graph.microsoft.com
[3] azure_mgmt_api https://management.azure.com
[4] windows_net_mgmt_api https://management.core.windows.net
[5] cloudwebappproxy https://proxy.cloudwebappproxy.net/registerapp
[6] officeapps https://officeapps.live.com
[7] outlook https://outlook.office365.com
[8] webshellsuite https://webshell.suite.office.com
[9] sara https://api.diagnostics.office.com
[10] office_mgmt https://manage.office.com
[11] msmamservice https://msmamservice.api.application
[12] spacesapi https://api.spaces.skype.com
[13] datacatalog https://datacatalog.azure.com
[14] database https://database.windows.net
[15] AzureKeyVault https://vault.azure.net
[16] onenote https://onenote.com
[17] o365_yammer https://api.yammer.com
[18] skype4business https://api.skypeforbusiness.com
[19] o365_exchange https://outlook-sdf.office.com

Examples

spray against https://graph.windows.net, stopping on first successful login

python3 msspray.py spray users.txt Spring2020 1 stop

spray against https://management.core.windows.net

python3 msspray.py spray users.txt Spring2020 4

check all endpoints using valid account

python3 msspray.py validate bill.smith@sra.io ReallyBadPass


Blog Post: https://sra.io/blog/msspray-wait-how-many-endpoints-dont-have-mfa/

For any questions, feel free to reach out to me on Twitter @__TexasRanger

About

Password attacks and MFA validation against various endpoints in Azure and Office 365

Resources

License

Security policy

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages