Kali Linux

Oh365UserFinder : Python3 O365 User Enumeration Tool

Oh365UserFinder is used for identifying valid o365 accounts and domains without the risk of account lockouts. The tool parses responses to identify the “If Exists Result” flag is null or not, and responds appropriately if the user is valid. The tool will attempt to identify false positives based on response, and either automatically create a waiting period to allow the throttling value to reset, or warn the user to increase timeouts between attempts.

Oh365UserFinder can also easily identify if a domain exists in o365 using the -d or –domain flag. This saves the trouble of copying the url from notes and entering it into the URL bar with the target domain.

With version 1.1.0, password spraying is now possible. If MFA is enabled, the tool SHOULD identify it when reporting a valid account. Keep in mind that account lockouts are possible if too many incorrect attempts are made. Make sure to consult with your client to determine the lockout policy if you have any concerns.

Usage

Installing Oh365UserFinder

git clone https://github.com/dievus/Oh365UserFinder.git

Change directories to Oh365UserFinder and run:

pip3 install -r requirements.txt

This will run the install script to add necessary dependencies to your system.

python3 oh365UserFinder.py -h

This will output the help menu, which contains the following flags:

-e, –email – Required for running Oh365UserFinder against a single email account\n
-r, –read – Reads from a text file containing emails (ex. -r emails.txt)\n
-t, –timeout – Sets a pause between attempts in seconds (ex. -t 60)\n
-w, –write – Writes valid emails to a text document (ex. -w validemails.txt)\n
-c, –csv – Writes valid emails to a CSV file (ex. -c validemails.csv)\n
-d, –domain – Checks if the listed domain is valid or not (ex. -d mayorsec.com)\n
–verbose – Outputs test verbosely\n
-ps, –pwspray – Password sprays a list of accounts\n
-p, –password – Password to be tested\n
-el, –elist – Ema
ils to be tested

Examples Commands

Validate a Domain Name in O365

python3 oh365Finder.py -d mayorsec.com

Validate a single email

python3 oh365UserFinder.py -e test@test.com

Validate a list of emails and write to file

python3 oh365UserFinder.py -r testemails.txt -w valid.txt

Validate a list of emails, write to file and timeout between requests

python3 oh365UserFinder.py -r emails.txt -w validemails.txt -t 30

Validate a list of emails and write to CSV

python3 oh365UserFinder.py -r emails.txt -c validemails.csv -t 30

Password Spray a list of emails

python3 oh365UserFinder.py -r -p <password> --pwspray --elist <listname>

R K

Recent Posts

WhatsMyName App – Find Anyone Across 640+ Platforms

Overview WhatsMyName is a free, community-driven OSINT tool designed to identify where a username exists…

4 days ago

Analyzing Directory Size Linux Tools Explained

Managing disk usage is a crucial task for Linux users and administrators alike. Understanding which…

4 days ago

Understanding Disk Usage with du Command

Efficient disk space management is vital in Linux, especially for system administrators who manage servers…

4 days ago

How to Check Directory Size in Linux

Knowing how to check directory sizes in Linux is essential for managing disk space and…

4 days ago

Essential Commands for Linux User Listing

Managing user accounts is a core responsibility for any Linux administrator. Whether you’re securing a…

4 days ago

Command-Line Techniques for Listing Linux Users

Linux offers powerful command-line tools for system administrators to view and manage user accounts. Knowing…

5 days ago