-
Notifications
You must be signed in to change notification settings - Fork 136
MSGraph
Ellis Springe edited this page Aug 9, 2024
·
1 revision
The MSGraph module is specific to managed Microsoft Online instances like Azure or a managed Office365 setup. This module can provide user enumeration and extra information about login attempts. If you want to spray Office365, you can use this module only if it is a Managed instance (not Federated).
This spraying tool makes attempts against login.microsoft.com using the graph.microsoft.com resource
This plugin does not require any additional arguments.
Azure Smart Lockout can apply to rate limit requests, however I've only dealt with that for tools that do not rotate IP addresses.
python3 credmaster.py --access_key <key> --secret_access_key <key> \
--plugin msgraph \
-u userfile.txt -p passfile.txt -a useragents.txt -o outputfile \
-t 5 -j 20 -m 10 -d 360 --passwordsperdelay 3