raindance: Reconnaissance tool for Microsoft Office 365


A toolkit for enumerating and collecting information from Office 365.

Raindance uses built-in powershell modules, namely from the MSOnline & AzureAD powershell modules to log into Office 365 tenants with legitimate credentials and pulls out the list of users, their mailing groups and distros, roles/permissions, and identify administrators in the tenant. This tool is intended to be used as an attack tool to assist penetration testers in enumerating users and select targets for offensive engagements.


  • Enumerates domain information within O365
  • Get the full list of users, including disabled accounts
  • Get a list of the mailing/distribution groups in the tenant
  • Identify administrative users and highlight Global Administrators (Company Admins)

Installation & Running


  • Windows Only (for now): Microsoft has promised to (eventually) add Linux support for the library dependencies.
  • Powershell v5.0+: This is due to .NET dependencies
  • Library – MSOnline: Download using powershell Install-Module msonline
  • Library – AzureAD: Download using powershell Install-Module AzureAD
# Open a Powershell Command Window as administrator
# Ensure you have all the necessary dependencies for PowerShell
Set-ExecutionPolicy RemoteSigned

# Install Microsoft Online Services (office 365)
Install-Module MSOnline

# Install AzureAD
Install-Module AzureAD

# Download & Run raindance
git clone https://github.com/true-demon/raindance.git C:\Path\to\Raindance
cd C:\Path\to\Raindance
Import-Module .\raindance.ps1




Copyright (c) 2018, True Demon

Source: https://github.com/True-Demon/