User enumeration and password bruteforce on Azure, ADFS, OWA, O365 and gather emails on Linkedin

goEnumBruteSpray

Description

Summary

The recommended module is o365 for user enumeration and passwords bruteforce / spray . Additional information can be retrieved to avoid account lockout, to know that the password is good but expired, MFA enabled,...

Linkedin

This module should be used to retrieve a list of email addresses before validating them through a user enumeration module. The company will be searched on Linkedin and all people working at these companies will be returned in the specified format.

The Linkedin's session cookie li_at is required.

User enumeration on owa

SearchEngine

This module should be used to retrieve a list of email addresses before validating them through a user enumeration module. The company name will be searched on Google and Bing with a dork to find people working in the company (site:linkedin.com/in+"%s"). The results title will be parsed to output email addresses in the specified format.

User enumeration on owa

Azure

User enumeration

The Azure module is only available to enumerate the users of a tenant. The authentication request will be made on https://autologon.microsoftazuread-sso.com, a detailed response shows if the account does not exist, a MFA is required, if the account is locked, ...

User enumeration on Azure

ADFS

Passwords bruteforce / spray

The ADFS module is only available to bruteforce or spray a password. The authentication request is sent to https:// /adfs/ls/idpinitiatedsignon.aspx?client-request-id= &pullStatus=0 . An error message can informs the user if the password is expired

Password bruteforce / spraying on ADFS

O365

This module allows to enumerate users and bruteforce / spray passwords.

User enumeration

Several modes are available: office, oauth2 and onedrive (not implemented yet). The office mode is recommended as no authentication is made. Oauth2 can retrieve additional information through AADSTS error code (MFA enable, locked account, disabled account) Password bruteforce / spraying on o365

Passwords bruteforce / spray

As for the user enumeration, two modes are available: oauth2 and autodiscover (not implemented yet). The Oauth2 is the recommended mode, it allows to get much information thanks to the AADSTS error code.

User enumeration on o365

OWA

This module allows to enumerate users and bruteforce / spray passwords.

User enumeration

Enumeration is made with authentication requests. Authentication for a non-existent user will take longer than for a valid user. At first, the average response time for an invalid user will be calculated and then the response time for each authentication request will be compared.

User enumeration on owa

Passwords bruteforce / spray

Please note that no account locking mechanism can be implemented because no information about it is returned.

Password bruteforce / spraying on owa

Credits

https://github.com/busterb/msmailprobe https://github.com/0xZDH/o365spray/ https://github.com/xFreed0m/ADFSpray/ https://github.com/m8r0wn/CrossLinked

Owner
null
https://github.com/nodauf/GoMapEnum
Similar Resources

A simple Go script to brute force or parse a password-protected PKCS#12 (PFX/P12) file.

A simple Go script to brute force or parse a password-protected PKCS#12 (PFX/P12) file.

A simple Go script to brute force or parse a password-protected PKCS#12 (PFX/P12) file.

Oct 14, 2022

Secure Remote Password library for Go

go-srp NOTE: This is a port of node-srp to Go. I recommend reading their README for general information about the use of SRP. Installation go get gith

Aug 8, 2022

Not Yet Another Password Manager written in Go using libsodium

secrets Secure and simple passwords manager written in Go. It aims to be NYAPM (Not Yet Another Password Manager), but tries to be different from othe

May 30, 2022

password manager using age for encryption

page ====== password manager using age (https://age-encryption.org/) for encryption. encrypted secrets are files in the $PAGE_SECRETS/ directory that

May 30, 2022

Custom GPG pinentry program for macOS that allows using Touch ID for fetching the password from the macOS keychain.

Custom GPG pinentry program for macOS that allows using Touch ID for fetching the password from the macOS keychain.

pinentry-touchid Custom GPG pinentry program for macOS that allows using Touch ID for fetching the password from the macOS keychain. Macbook Pro devic

Jan 1, 2023

A Go Module to interact with Passbolt, a Open source Password Manager for Teams

go-passbolt A Go Module to interact with Passbolt, a Open source Password Manager for Teams This Module tries to Support the Latest Passbolt Community

Oct 29, 2022

ZipExec is a Proof-of-Concept (POC) tool to wrap binary-based tools into a password-protected zip file.

ZipExec is a Proof-of-Concept (POC) tool to wrap binary-based tools into a password-protected zip file.

ZipExec ZipExec is a Proof-of-Concept (POC) tool to wrap binary-based tools into a password-protected zip file. This zip file is then base64 encoded i

Dec 31, 2022

GoLang script that checks for password leaks by sending email address to the BreachDirectory API

GoLang script that checks for password leaks by sending email address to the BreachDirectory API

GoLang script that checks for password leaks by sending email address to the BreachDirectory API

Feb 17, 2022

Password manager written in golang

Password manager written in golang

Go password manager Password manager written in golang. Dependencies: gpg golang

Dec 2, 2021
Comments
  • searchEngine feature pulls scrapes very low amount of usernames

    searchEngine feature pulls scrapes very low amount of usernames

    Hey there! currently testing out your tool as it looks practical for my OSINT workflow, however i have noticed that when using the 'searchEngine' function it pulls in a very low amount of usernames compared to CrossLinked which i used as a benchmark, image

    Whereas CrossLinked got me 246 on the first batch image image

    Could this be due to parsing issues ?

    PS: In the CrossLinked screenshot the tool did not find any emails on the other search engines i had asked it to search on so only Google and Bing came up with data

    Many thanks

Related tags
Security GoMapEnum
Cloud IP address ranges lookup tool + DNS subdomain enumeration + Certificate Transparency
 Cloud IP address ranges lookup tool + DNS subdomain enumeration + Certificate Transparency

Cloud edge Lookup an IP to find the cloud provider and other details based on the provider's published JSON data Cloud edge is a recon tool focused on

Dec 12, 2022
WIP. Converts Azure Container Scan Action output to SARIF, for an easier integration with GitHub Code Scanning

container-scan-to-sarif container-scan-to-sarif converts Azure Container Scan Action output to Static Analysis Results Interchange Format (SARIF), for

Jan 25, 2022
A probably paranoid Golang utility library for securely hashing and encrypting passwords based on the Dropbox method. This implementation uses Blake2b, Scrypt and XSalsa20-Poly1305 (via NaCl SecretBox) to create secure password hashes that are also encrypted using a master passphrase.

goSecretBoxPassword This is a Golang library for securing passwords it is based on the Dropbox method for password storage. The both passphrases are f

Jan 3, 2023
A light package for generating and comparing password hashing with argon2 in Go

argon2-hashing argon2-hashing provides a light wrapper around Go's argon2 package. Argon2 was the winner of the Password Hashing Competition that make

Sep 27, 2022
A convenience library for generating, comparing and inspecting password hashes using the scrypt KDF in Go 🔑

simple-scrypt simple-scrypt provides a convenience wrapper around Go's existing scrypt package that makes it easier to securely derive strong keys ("h

Dec 22, 2022
EarlyBird is a sensitive data detection tool capable of scanning source code repositories for clear text password violations, PII, outdated cryptography methods, key files and more.
 EarlyBird is a sensitive data detection tool capable of scanning source code repositories for clear text password violations, PII, outdated cryptography methods, key files and more.

EarlyBird is a sensitive data detection tool capable of scanning source code repositories for clear text password violations, PII, outdated cryptograp

Dec 10, 2022
Argon2 password hashing package for go with constant time hash comparison

argon2pw Argon2 password hashing package with constant time hash comparison Preface: Argon2 was selected as the winner of the Password Hashing Competi

Sep 27, 2022
Password generator written in Go

go-generate-password Password generator written in Go. Use as a library or as a CLI. Usage CLI go-generate-password can be used on the cli, just insta

Dec 19, 2022
Validate the Strength of a Password in Go
 Validate the Strength of a Password in Go

go-password-validator Simple password validator using raw entropy values. Hit the project with a star if you find it useful ⭐ Supported by Qvault This

Jan 6, 2023
:key: Idiotproof golang password validation library inspired by Python's passlib

passlib for go Python's passlib is quite an amazing library. I'm not sure there's a password library in existence with more thought put into it, or wi

Dec 30, 2022