RainDance

A toolkit for enumerating and collecting information from Office 365.

Raindance uses built-in powershell modules, namely from the MSOnline & AzureAD powershell modules to log into Office 365 tenants with legitimate credentials and pulls out the list of users, their mailing groups and distros, roles/permissions, and identify administrators in the tenant. This tool is intended to be used as an attack tool to assist penetration testers in enumerating users and select targets for offensive engagements.

Features

• Enumerates domain information within O365
• Get the full list of users, including disabled accounts
• Get a list of the mailing/distribution groups in the tenant
• Identify administrative users and highlight Global Administrators (Company Admins)

Installation & Running

Dependencies

• Windows Only (for now): Microsoft has promised to (eventually) add Linux support for the library dependencies.
• Powershell v5.0+: This is due to .NET dependencies
• Library – MSOnline: Download using powershell Install-Module msonline
• Library – AzureAD: Download using powershell Install-Module AzureAD

# Open a Powershell Command Window as administrator

# Ensure you have all the necessary dependencies for PowerShell

Set-ExecutionPolicy RemoteSigned



# Install Microsoft Online Services (office 365)

Install-Module MSOnline



# Install AzureAD

Install-Module AzureAD



# Download & Run raindance

git clone https://github.com/true-demon/raindance.git C:\Path\to\Raindance

cd C:\Path\to\Raindance

Import-Module .\raindance.ps1

Demo

Copyright (c) 2018, True Demon

Source: https://github.com/True-Demon/