raindance: Reconnaissance tool for Microsoft Office 365
RainDance
A toolkit for enumerating and collecting information from Office 365.
Raindance uses built-in powershell modules, namely from the MSOnline & AzureAD powershell modules to log into Office 365 tenants with legitimate credentials and pulls out the list of users, their mailing groups and distros, roles/permissions, and identify administrators in the tenant. This tool is intended to be used as an attack tool to assist penetration testers in enumerating users and select targets for offensive engagements.
Features
- Enumerates domain information within O365
- Get the full list of users, including disabled accounts
- Get a list of the mailing/distribution groups in the tenant
- Identify administrative users and highlight Global Administrators (Company Admins)
Installation & Running
Dependencies
- Windows Only (for now): Microsoft has promised to (eventually) add Linux support for the library dependencies.
- Powershell v5.0+: This is due to .NET dependencies
- Library – MSOnline: Download using powershell Install-Module msonline
- Library – AzureAD: Download using powershell Install-Module AzureAD
Demo
Copyright (c) 2018, True Demon
Source: https://github.com/True-Demon/