Oh365UserFinder is used for identifying valid o365 accounts without the risk of account lockouts.

Last update: Jan 02, 2023

Overview

Oh365 User Finder

Oh365UserFinder is used for identifying valid o365 accounts without the risk of account lockouts. The tool parses responses to identify the "IfExistsResult" flag is null or not, and responds appropriately if the user is valid.

Usage

Installing Oh365UserFinder

git clone https://github.com/dievus/Oh365UserFinder.git

Change directories to Oh365UserFinder and run:

pip3 install -r requirements.txt

This will run the install script to add necessary dependencies to your system.

python3 Oh365UserFinder.py -h

This will output the help menu, which contains the following flags:

-h, --help - Lists the help options

-e, --email - Required for running Oh365UserFinder against a single email account

-r, --read - Reads from a text file containing emails (ex. -r emails.txt)

-w, --write - Writes valid emails to a text document (ex. -w validemails.txt)

-t, --threading - Sets a pause between attempts in seconds (ex. -t 60)

-v, --verbose - Outputs test verbosely; note that you must use y to run verbosely (ex. -v y)

Examples of full commands include:

python3 o365UserFinder.py -e [email protected]

python3 Oh365UserFinder.py -r emails.txt -w validemails.txt

python3 Oh365UserFinder.py -r emails.txt -w validemails.txt -t 30 -v y

Notes

Make note that Microsoft does have some defense in place that can, from time to time, provide false positives in feedback. If you suspect that this is occurring take a pause in testing, and return and increase the duration between attempts using the -t flag.

Acknowledgements

This project is based on a previous tool named o365Creeper developed by Korey Mckinley that was last supported in 2019, and developed in Python2.

Comments

Invalid 'NoneType' argument for int() function
Hi @dievus , first I want to thank you for the great tool.

As shown in the images below, when using the tool without the -l / --lockout argument, after a LOCKOUT occurrence, an exception occurs that breaks the password spray flow.

Error :

No Error:

This error occurs because on line 276, the -l / --lockout argument is multiplied by the integer value 60. If the parameter is not defined by the user, the type of the 'lockout' variable is defined as NoneType, which by in turn, it cannot receive arithmetic operations with an integer value, causing the error.

Suggestions:

[x] Create a condition that checks if the -l or --lockout argument was defined by the user at script execution, otherwise it sets a default value (1 maybe) or returns to the help menu and 'forces' the user to use the -l / --lockout argument.
opened by FroydCod3r 3
Enhancement - check whether the IP address is being throttled

The results may get throttled - in that case you'll be returned with false positives (i.e. it always returns "IfExistsResults":0). You can check throttle by looking whether "ThrottleStatus":1.

If would be nice to return a warning in this case.
enhancement good first issue

opened by tautology0 3
Domain Check - Unknown, Managed, Federated

https://github.com/dievus/Oh365UserFinder/blob/main/oh365userfinder.py#L204 valid_response = re.search('"NameSpaceType":"Managed",', response)

Microsoft outline that there are different namespace types besides Unknown and Managed. As far as I can tell, there is also, Federated which can be seen here for my local university. https://login.microsoftonline.com/[email protected]

Potentially consider that the regex should check for the word Unknown and change the response to a negative if returned true.

opened by ILightThings 2
invalid email cache & sleep on throttle
Keep record of invalid emails and skip if an email has already been deemed invalid

When throttling is enabled, sleep and then retry

Appends domain if specified (for use with wordlists without email domain)
opened by chrismeistre 1
Add a shebang so we can be lazy

The script doesn't have the traditional shebang of: #!/usr/bin/env python3

So it can't be directly run from the shell. Any chance this could be added to help us lazy people?
enhancement

opened by tautology0 1

Releases(v1.1.0)

v1.1.0(Jun 25, 2022)

v1.1.0 includes password spraying.
Source code(tar.gz)
Source code(zip)
oh365userfinder.py(17.65 KB)
requirements.txt(33 bytes)
v1.0.1(Nov 22, 2021)

Source code(tar.gz)
Source code(zip)
Oh365UserFinder.exe(9.38 MB)
v1.0.0(Nov 17, 2021)

Source code(tar.gz)
Source code(zip)
Oh365UserFinder.exe(9.38 MB)

Owner

Joe Helle

Also known as the Mayor

GitHub Repository

zip-brute Zip File Password Cracking with Using Password List

Zip brute is a python script that cracks zip that are password protected using a wordlist dictionary.

13 Nov 03, 2022

DirBruter is a Python based CLI tool. It looks for hidden or existing directories/files using brute force method. It basically works by launching a dictionary based attack against a webserver and analyse its response.

DirBruter DirBruter is a Python based CLI tool. It looks for hidden or existing directories/files using brute force method. It basically works by laun

12 Dec 17, 2022

vulnerable APIs

vulnerable-apis vulnerable APIs inspired by https://github.com/mattvaldes/vulnerable-api Setup Docker If, Out of the box docker pull kmmanoj/vulnerabl

9 Jun 01, 2022

Tools for investigating Log4j CVE-2021-44228

Log4jTools Tools for investigating Log4j CVE-2021-44228 FetchPayload.py (Get java payload from ldap path provided in JNDI lookup). Example command: Re

91 Dec 29, 2022

A simple Burp Suite extension to extract datas from source code

DataExtractor A simple Burp Suite extension to extract datas from source code. Features in scope parsing file extensions to ignore files exclusion bas

86 Dec 31, 2022

Uma ferramenta de segurança da informação escrita em python3,capaz de dar acesso total ao computador de alguém!

shell-reverse Uma ferramenta de segurança da informação escrita em python3, capaz de dar acesso total ao computador de alguém! A cybersecurity tool wr

1 Nov 03, 2021

Find exposed API keys based on RegEx and get exploitation methods for some of keys that are found

dora Features Blazing fast as we are using ripgrep in backend Exploit/PoC steps for many of the API key, allowing to write a good report for bug bount

243 Dec 27, 2022

pwncat module that automatically exploits CVE-2021-4034 (pwnkit)

pwncat_pwnkit Introduction The purpose of this module is to attempt to exploit CVE-2021-4034 (pwnkit) on a target when using pwncat. There is no need

33 Jul 01, 2022

telegram bug that discloses user's hidden phone number (still unpatched) (exploit included)

CVE-2019-15514 Type: Information Disclosure Affected Users, Versions, Devices: All Telegram Users Still not fixed/unpatched. brute.py is available exp

66 Dec 08, 2022

I hacked my own webcam from a Kali Linux VM in my local network, using Ettercap to do the MiTM ARP poisoning attack, sniffing with Wireshark, and using metasploit

plan I - Linux Fundamentals Les utilisateurs et les droits Installer des programmes avec apt-get Surveiller l'activité du système Exécuter des program

148 Dec 22, 2022

Dark-Fb No Login 100% safe

Dark-Fb No Login 100% safe TERMUX • pkg install python2 && git -y • pip2 install requests mechanize tqdm • git clone https://github.com/BOT-033/Sensei

1 Dec 04, 2021

StarUML cracker - StarUML cracker With Python

StarUML_cracker Usage On Linux Clone the repo. git clone https://github.com/mana

9 Jun 20, 2022

this keylogger is only for pc not for android but it will only work on those pc who have python installed it is made for all linux,windows and macos

Keylogger this keylogger is only for pc not for android but it will only work on those pc who have python installed it is made for all linux,windows a

1 Nov 04, 2021

Oh365UserFinder is used for identifying valid o365 accounts without the risk of account lockouts.

Related tags

Overview

Oh365 User Finder

Usage

Notes

Acknowledgements

Comments

Invalid 'NoneType' argument for int() function

Enhancement - check whether the IP address is being throttled

Domain Check - Unknown, Managed, Federated

invalid email cache & sleep on throttle

Add a shebang so we can be lazy

Releases(v1.1.0)

v1.1.0(Jun 25, 2022)

v1.0.1(Nov 22, 2021)

v1.0.0(Nov 17, 2021)

Owner

Joe Helle

zip-brute Zip File Password Cracking with Using Password List

DirBruter is a Python based CLI tool. It looks for hidden or existing directories/files using brute force method. It basically works by launching a dictionary based attack against a webserver and analyse its response.

vulnerable APIs

Tools for investigating Log4j CVE-2021-44228

A simple Burp Suite extension to extract datas from source code

Uma ferramenta de segurança da informação escrita em python3,capaz de dar acesso total ao computador de alguém!

Find exposed API keys based on RegEx and get exploitation methods for some of keys that are found

pwncat module that automatically exploits CVE-2021-4034 (pwnkit)

telegram bug that discloses user's hidden phone number (still unpatched) (exploit included)

I hacked my own webcam from a Kali Linux VM in my local network, using Ettercap to do the MiTM ARP poisoning attack, sniffing with Wireshark, and using metasploit

Dark-Fb No Login 100% safe

StarUML cracker - StarUML cracker With Python

this keylogger is only for pc not for android but it will only work on those pc who have python installed it is made for all linux,windows and macos

Scan Site - Tools For Scanning Any Site and Get Site Information

Cisco RV110w UPnP stack overflow

CVE-log4j CheckMK plugin

Simple yara rule manager

PoC for CVE-2020-6207 (Missing Authentication Check in SAP Solution Manager)

Herramienta para descargar eventos de Sucuri WAF hacia disco.

A brute force tool for password-protected zip file