Oh365UserFinder is used for identifying valid o365 accounts and domains without the risk of account lockouts. The tool parses responses to identify the “If Exists Result” flag is null or not, and responds appropriately if the user is valid. The tool will attempt to identify false positives based on response, and either automatically create a waiting period to allow the throttling value to reset, or warn the user to increase timeouts between attempts.
Oh365UserFinder can also easily identify if a domain exists in o365 using the -d or –domain flag. This saves the trouble of copying the url from notes and entering it into the URL bar with the target domain.
With version 1.1.0, password spraying is now possible. If MFA is enabled, the tool SHOULD identify it when reporting a valid account. Keep in mind that account lockouts are possible if too many incorrect attempts are made. Make sure to consult with your client to determine the lockout policy if you have any concerns.
git clone https://github.com/dievus/Oh365UserFinder.git
Change directories to Oh365UserFinder and run:
pip3 install -r requirements.txt
This will run the install script to add necessary dependencies to your system.
python3 oh365UserFinder.py -h
-e, –email – Required for running Oh365UserFinder against a single email account\n
-r, –read – Reads from a text file containing emails (ex. -r emails.txt)\n
-t, –timeout – Sets a pause between attempts in seconds (ex. -t 60)\n
-w, –write – Writes valid emails to a text document (ex. -w validemails.txt)\n
-c, –csv – Writes valid emails to a CSV file (ex. -c validemails.csv)\n
-d, –domain – Checks if the listed domain is valid or not (ex. -d mayorsec.com)\n
–verbose – Outputs test verbosely\n
-ps, –pwspray – Password sprays a list of accounts\n
-p, –password – Password to be tested\n
-el, –elist – Emails to be tested
python3 oh365Finder.py -d mayorsec.com
python3 oh365UserFinder.py -e test@test.com
python3 oh365UserFinder.py -r testemails.txt -w valid.txt
python3 oh365UserFinder.py -r emails.txt -w validemails.txt -t 30
python3 oh365UserFinder.py -r emails.txt -c validemails.csv -t 30
python3 oh365UserFinder.py -r -p <password> --pwspray --elist <listname>
WID_LoadLibrary is a custom implementation inspired by the Windows API function LoadLibrary, which is used…
Locksmith is a specialized tool designed to identify and remediate vulnerabilities in Active Directory Certificate…
Uscrapper Vanta is a powerful open-source intelligence (OSINT) tool designed to revolutionize web scraping and…
Pake is an innovative tool designed to convert any webpage into a desktop application with…
Bevy is an open-source, data-driven game engine built in Rust, designed to simplify game development…
AppFlowy Cloud is a robust component of the AppFlowy ecosystem, designed to provide secure user…