SeamlessPass is a specialized tool designed to leverage on-premises Active Directory Kerberos tickets to obtain access tokens for Microsoft 365 services. This approach is primarily relevant for hybrid environments where organizations use both on-premises Active Directory and cloud-based Microsoft 365 (Azure AD) accounts.
It is often used alongside ROADTools, a set of tools for exploring and testing Microsoft 365 access, making it a valuable resource for penetration testers and security teams assessing hybrid environments.
⚠️ Note: For purely cloud-based environments, Microsoft now recommends modern authentication protocols. Kerberos ticket methods are mostly niche, advanced use cases. You can install SeamlessPass via PyPI or directly from the source code.
Using PyPI:
pip install seamlesspass From Source:
git clone https://github.com/Malcrove/SeamlessPass.git
cd SeamlessPass
pip install .
# Or install requirements separately
pip install -r requirements.txt
python run.py After installation, use the seamlesspass command to interact with Microsoft 365:
seamlesspass [-t tenant domain] [-r resource URI] [-c client_id] ... Common options:
-t/-tenant – Your Microsoft 365 tenant domain (e.g., example.com)-r/-resource – Target cloud service URI (default: https://graph.windows.net)-d/-domain – Local Active Directory domain-dc/-dc-ip – Domain controller IP or hostname-u/-username & -p/-password – Credentials (or hashed credentials for testing)-tgt / -tgs – Base64-encoded Kerberos ticketsIntegration with ROADTools:
SeamlessPass tokens can be exported and used with ROADTools to further explore Microsoft 365 access, test permissions, and simulate attack paths in hybrid environments. This combination is especially valuable for security assessments and penetration testing.
Example usage in a hybrid environment:
seamlesspass -tenant corp.com -domain corp.local -dc dc.corp.local -tgt <base64_encoded_TGT> Microsoft Entra Seamless SSO has evolved with modern authentication protocols. Key points:
By keeping hybrid authentication knowledge up-to-date, security teams can safely manage both on-premises and cloud Microsoft 365 accounts in 2025.
Journalists use OSINT to verify public information before publishing. In 2026, misinformation, AI-generated images, fake…
Docker is an open-source platform that lets you package and run applications inside containers. Each container…
PostgreSQL (often called Postgres) is an open-source relational database system. It supports advanced features like JSON…
Xrdp is an open-source server that lets you connect to your Ubuntu machine from another computer…
Apache Tomcat is an open-source web server and Java servlet container. It is one of the…
Keeping your Ubuntu system updated is one of the best ways to protect it. Security…