Skip to content

4. Validating Domains

Jump to bottom
Joe Helle edited this page Nov 19, 2021 · 1 revision

Introduction

Historically I have copy and pasted the following URL to check if a domain is valid or not:

https://login.microsoftonline.com/getuserrealm.srf?login=user@{domain_name}

Replacing domain_name with the target domain would provide a return value of "NameSpaceType:Managed", suggesting that the domain is managed by a Microsoft service. Oh365 User Finder automates this process as seen below:

Command Examples

python3 Oh365UserFinder.py -d mayorsec.com --verbose

python3 Oh365UserFinder.py -d mayorsec.com

Under the Hood

elif args.domain is not None:

    domain_name = args.domain

    print(f"[info] Checking if the {domain_name} exists...\n")

    url = (
        f"https://login.microsoftonline.com/getuserrealm.srf?login=user@{domain_name}")

    request = o365request.get(url)

    response = request.text

    valid_response = re.search('"NameSpaceType":"Managed",', response)

    if args.verbose:
        print(domain_name, request, response, valid_response)

    if valid_response:
        print(f"[success] The listed domain {domain_name} exists.")

    else:
        print(f"[info] The listed domain {domain_name} does not exist.")

    print(f'[info] Scan completed at {time.ctime()}')

else:

    sys.exit()

  • elif args.domain is not None: - If the -d or --domain flags are included in the command line command, and a domain is included, the elif statement is executed

  • domain_name = args.domain - This declares the domain_name variable based on the -d or --domain input in the command

  • url = (f"https://login.microsoftonline.com/getuserrealm.srf?login=user@{domain_name}") - This is where the URL of the realm identifier is located, and we declare that url as a variable. Note that domain_name is set based on the domain_name variable.

  • request = o365request.get(url) - Sets the request variable, which is a GET request to the URL listed in the url variable

  • response = request.text - Sets the response variable to the text output of the request variable

  • `valid_response = re.search('"NameSpaceType":"Managed",', response) - Uses the Python regex library to determine if NameSpaceType:Managed is in the response, and sets the response output to valid_response.

  • if args.verbose: print(domain_name, request, response, valid_response) - Outputs the web request verbosely for debugging and inspection

  • if valid_response: print(f"[success] The listed domain {domain_name} exists.") - If valid_response contains NameSpaceType:Managed, prints the message to terminal.

  • else: print(f"[info] The listed domain {domain_name} does not exist.") - Prints the does not exist message if valid_response is false.

  • print(f'[info] Scan completed at {time.ctime()}') - Prints the completion time.

Clone this wiki locally