KnockKnock: Enumerate valid users within Microsoft Teams and OneDrive

KnockKnock

Designed to validate potential usernames by querying OneDrive and/or Microsoft Teams, which are passive methods.
Additionally, it can output/create a list of legacy Skype users identified through Microsoft Teams enumeration.
Finally, it also creates a nice clean list for future usage, all conducted from a single tool.

Download

git clone https://github.com/optiv/KnockKnock.git

Use

Options

• You can select one or both modes, as long as the appropriate options are provided for the modules selected.
• Both modules will require the domain flag (-d) and the user input list (-i).
• The tool does not require an output file as an option, and if not supplied, it will print to screen only.
• The verbose mode will show A LOT of extra information, including users that are not valid.
• The Teams option requires a bearer token. The script automatically removes the beginning and end portions to use only what’s required.

How to get your Bearer token

To get your bearer token, you will need a Cookie Manager plugin on your browser and login to your own Microsoft Teams through the browser.
Next, view the cookies related to the current webpage (teams.microsoft.com).
The cookie you are looking for is for the domain .teams.microsoft.com and is titled “authtoken”.
You can copy the whole token as the script will split out the required part for you.

Source: https://github.com/optiv/