SeamlessPass is a specialized tool designed to leverage on-premises Active Directory Kerberos tickets to obtain access tokens for Microsoft 365 services. This approach is primarily relevant for hybrid environments where organizations use both on-premises Active Directory and cloud-based Microsoft 365 (Azure AD) accounts.
It is often used alongside ROADTools, a set of tools for exploring and testing Microsoft 365 access, making it a valuable resource for penetration testers and security teams assessing hybrid environments.
⚠️ Note: For purely cloud-based environments, Microsoft now recommends modern authentication protocols. Kerberos ticket methods are mostly niche, advanced use cases.
You can install SeamlessPass via PyPI or directly from the source code.
Using PyPI:
pip install seamlesspass
From Source:
git clone https://github.com/Malcrove/SeamlessPass.git
cd SeamlessPass
pip install .
# Or install requirements separately
pip install -r requirements.txt
python run.py
After installation, use the seamlesspass
command to interact with Microsoft 365:
seamlesspass [-t tenant domain] [-r resource URI] [-c client_id] ...
Common options:
-t/-tenant
– Your Microsoft 365 tenant domain (e.g., example.com)-r/-resource
– Target cloud service URI (default: https://graph.windows.net
)-d/-domain
– Local Active Directory domain-dc/-dc-ip
– Domain controller IP or hostname-u/-username
& -p/-password
– Credentials (or hashed credentials for testing)-tgt
/ -tgs
– Base64-encoded Kerberos ticketsIntegration with ROADTools:
SeamlessPass tokens can be exported and used with ROADTools to further explore Microsoft 365 access, test permissions, and simulate attack paths in hybrid environments. This combination is especially valuable for security assessments and penetration testing.
Example usage in a hybrid environment:
seamlesspass -tenant corp.com -domain corp.local -dc dc.corp.local -tgt <base64_encoded_TGT>
Microsoft Entra Seamless SSO has evolved with modern authentication protocols. Key points:
By keeping hybrid authentication knowledge up-to-date, security teams can safely manage both on-premises and cloud Microsoft 365 accounts in 2025.
Pystinger is a Python-based tool that enables SOCKS4 proxying and port mapping through webshells. It…
Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…
Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…
If you are working with Linux or writing bash scripts, one of the most common…
What is a bash case statement? A bash case statement is a way to control…
Why Do We Check Files in Bash? When writing a Bash script, you often work…