-
Notifications
You must be signed in to change notification settings - Fork 60
/
o365creeper.py
71 lines (61 loc) · 2.7 KB
/
o365creeper.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
#!/usr/bin/python
# Created by Korey McKinley, Senior Security Consulant at LMG Security
# https://lmgsecurity.com
# July 12, 2019
# This tool will query the Microsoft Office 365 web server to determine
# if an email account is valid or not. It does not need a password and
# should not show up in the logs of a client's O365 tenant.
# Note: Microsoft has implemented some throttling on this service, so
# quick, repeated attempts to validate the same username over and over
# may produce false positives. This tool is best ran after you've gathered
# as many email addresses as possible through OSINT in a list with the
# -f argument.
import requests as req
import argparse
import re
import time
parser = argparse.ArgumentParser(description='Enumerates valid email addresses from Office 365 without submitting login attempts.')
parser.add_argument('-e', '--email', help='Single email address to validate.')
parser.add_argument('-f', '--file', help='List of email addresses to validate, one per line.')
parser.add_argument('-o', '--output', help='Output valid email addresses to the specified file.')
args = parser.parse_args()
url = 'https://login.microsoftonline.com/common/GetCredentialType'
def main():
if args.file is not None:
with open(args.file) as file:
for line in file:
s = req.session()
line = line.split()
email = ' '.join(line)
body = '{"Username":"%s"}' % email
request = req.post(url, data=body)
response = request.text
valid = re.search('"IfExistsResult":0,', response)
invalid = re.search('"IfExistsResult":1,', response)
if invalid:
print '%s - INVALID' % email
if valid and args.output is not None:
print '%s - VALID' % email
with open(args.output, 'a+') as output_file:
output_file.write(email+'\n')
else:
if valid:
print '%s - VALID' % email
elif args.email is not None:
email = args.email
body = '{"Username":"%s"}' % email
request = req.post(url, data=body)
response = request.text
valid = re.search('"IfExistsResult":0', response)
invalid = re.search('"IfExistsResult":1', response)
if invalid:
print '%s - INVALID' % email
if valid and args.output is not None:
print '%s - VALID' % email
with open(args.output, 'w') as output_file:
output_file.write(email+'\n')
else:
if valid:
print '%s - VALID' % email
if __name__ == "__main__":
main()