Entraspray is a rewrite of MSOLSpray in python. The main purpose of this tool remains the same: to perform password spraying against Microsoft Azure accounts while also providing detailed information about account status and errors; such as if MFA is enabled, if a tenant or user doesn’t exist, if the account is locked or disabled and more.
The tool supports using FireProx to rotate source IP addresses on authentication requests, avoiding being blocked by Microsoft Entra Smart Lockout.
python3 -m venv venv
source venv/bin/activate
python3 -m pip install -r requirements.txt
provide a userlist file with the target email addresses one per line for example ‘user@example.com‘. Use caution to avoid locking out accounts, as this tool can trigger Microsoft Entra Smart Lockout if used incorrectly.
python3 entraspray.py --userlist userlist.txt --password Password123
--userlist : Path to a file containing usernames one-per-line in the format 'user@example.com'.
--password : Password to be used for the password spraying.
--url : URL to spray against. Useful if using FireProx to randomize the IP address you are authenticating from.
--delay : Number of seconds to delay between requests.
--verbose : Show invalid password attempts.
--force : Force the spray to continue even if multiple account lockouts are detected.
--debug : Show web request and response.
--proxy : Specify a proxy host to send all traffic through.
What is Networking? Networking brings together devices like computers, servers, routers, and switches so they…
Introduction In the world of Open Source Intelligence (OSINT), anonymity and operational security (OPSEC) are…
Introduction As cyber threats grow more sophisticated, organizations need more than just firewalls and antivirus…
Introduction When it comes to cybersecurity and ethical hacking, one of the most effective ways…
Introduction In the world of cybersecurity, knowledge is power. One of the most powerful skillsets…
Introduction In the vast ocean of the internet, the most powerful tool you already have…