A set of Python scripts/utilities that tries to make password spraying attacks against Lync/S4B & OWA a lot quicker, less painful and more efficient.
A blazing fast password sprayer for Lync/Skype For Business and OWA, built on Asyncio and Python 3.7
Usage:
atomizer (lync|owa) <domain> <password> --userfile USERFILE [--threads THREADS] [--debug]
atomizer (lync|owa) <domain> --recon [--debug]
atomizer -h | --help
atomizer -v | --version
Arguments:
domain target domain
password password to spray
Options:
-h, --help show this screen
-v, --version show version
-u, --userfile USERFILE file containing usernames (one per line)
-t, --threads THREADS number of concurrent threads to use [default: 3]
-d, --debug enable debug output
--recon only collect info, don't password spray
A port of @OrOneEqualsOne's GatherContacts Burp extension to mitmproxy with some improvements.
Scrapes Google and Bing for LinkedIn profiles, automatically generates emails from the profile names using the specified pattern and performes password sprays in real-time.
(Built on top of Atomizer)
mitmdump -s vaporizer.py --set sprayer=(lync|owa) --set domain=domain.com --set password=password --set email_format='{f}.{last}'
By default email_format
is set to {first}.{last}
pattern and is not a required argument.
Install the mitmproxy cert, set the proxy in your browser, go to google and/or bing and search (make sure to include the /in
):
site:linkedin.com/in "Target Company Name"
Emails will be dumped to emails.txt
in the specified format, and passed to Atomizer for spraying.
Scrapes all text from the target website and sends it to AWS Comprehend for analysis to generate custom wordlists for password spraying.
Still a work in progress
mitmdump -s aerosol.py --set domain=domain.com