Category: Password Attacks

Go365

Go365 v2.0 releases: Office365 User Attack Tool

Go365 Go365 is a tool designed to perform user enumeration* and password guessing attacks on organizations that use Office365 (now/soon Microsoft365). Go365 uses a unique SOAP API endpoint on login.microsoftonline.com that most other tools...

TREVORspray

TREVORspray v2.0 releases: featureful Python O365 sprayer

TREVORspray A featureful Python O365 sprayer based on MSOLSpray which uses the Microsoft Graph API Microsoft is getting better and better about blocking password spraying attacks against O365. TREVORspray can solve this by proxying its requests through an...

bopscrk

bopscrk v2.4.5 releases: generate smart and powerful wordlists

Bopscrk Bopscrk (Before Outset PaSsword CRacKing) is a tool to generate smart and powerful wordlists. Included in BlackArch Linux pentesting distribution and Rawsec’s Cybersecurity Inventory since August 2019. The first idea was inspired by Cupp and Crunch. We could say that...

kerberoast

kerberoast: Kerberos attack toolkit in Python

kerberoast Kerberos attack toolkit -pure python- Install pip3 install kerberoast Use For the impatient IMPORTANT: the accepted target url formats for LDAP and Kerberos are the following <ldap_connection_url> : <protocol>+<auth-type>://<domain>\<user>:<password>@<ip_or_hostname>/?<param1>=<value1> <kerberos_connection_url>: <protocol>+<auth-type>://<domain>\<user>:<password>@<ip_or_hostname>/?<param1>=<value1> Steps -with SSPI-: kerberoast auto...

credcheck

credcheck: Credentials Checking Framework

CredCheck - A credential Pentesting framework A framework to test all kinds of Credentials found during Pen-testing exercise. I had a lot of keys while testing multiple targets, testing them is a tedious task. There are...