Home

Awesome

Omnispray

Omnispray | Modular Enumeration and Password Spraying Framework -- v0.1.4

Omnispray aims to replace tools such as o365spray and provide a modular framework to expand enumeration and spraying beyond just a single target/application.

The primary goal is to provide a framework to allow for the easy development and implementation of user enumeration and password spraying techniques for a variety of targets/applications. While there are currently several prebuilt modules included, this tool provides module templates to give users the tools needed to extend the tools usage for non-standard cases. The goal is also to provide a central tool to handle all enumeration and spraying.

Modules

See MODULES.md for information on custom module development as well as details on included modules (O365, OWA, etc.).

Usage

FlagDescription
-m<br/>--moduleSpecify the module to run via the modules/ directory.
-d<br/>--domainTarget domain for enumeration/spraying.
-tenant<br/>--tenantTarget tenant name in case it differs with domain for enumeration/spraying.
-t<br/>--typeModule type. If left blank, Omnispray will attempt to autodetect the module type based on the module name. {enum, spray}
--urlTarget URL. This is for modules that don't use a standard URL for targeting.
-u<br/>--userSingle username/email to process.
-us<br/>--usersMultiple users/emails to process. (--users uname1 uname2 uname3 ...)
-uf<br/>--userfileFile containing multiple users/emails to process.
-p<br/>--passwordSingle password to process.
-ps<br/>--passwordsMultiple passwords to process. (--passwords password1 password2 password3 ...)
-pf<br/>--passwordfileFile containing multiple password to process.
-c<br/>--countWhen password spraying, number of password attempts to run before resetting lockout timer. Default: 1 password per spray rotation
-l<br/>--lockoutPassword spraying lockout policy reset time (in minutes). Default: 15 minutes
-s<br/>--splitWhen enumerating, number of usernames to group by during execution
-w<br/>--waitIf splitting user enumeration via --split, time to wait between group runs (in minutes). Default: 5 minutes
--timeoutRequest timeout in seconds. Default: 25 seconds
--proxyProxy to pass traffic through (e.g. http://127.0.0.1:8080).
--proxy-urlURL of proxy to request instead of the module URL. This is to be used with tools such as FireProx.
--proxy-headersCustom headers to use when a --proxy-url has been provided (--proxy-headers "header: value" "header2: value" "header3: value" ...) (e.g. "X-My-X-Forwarded-For: 127.0.0.1" when using FireProx)
--outdirDirectory for results and tested files. Default: results/
--logdirDirectory for log files. Default: logs/
--pauseSleep (jitter) time before each task is executed in seconds. If set to '-1', a random pause, between 0.250 and 0.750, will occur before each task execution. Default: 0.250 seconds
--rateNumber of concurrent connections during enumeration/spraying. Default: 10 threads
--versionPrint the tool version
--debugPrint debug information

Examples

O365 user enumeration via the Office module.

> python3 omnispray.py --type enum -uf users.txt --module o365_enum_office

O365 password spraying via the ActiveSync module.

> python3 omnispray.py --type spray -uf users.txt -pf passwords.txt \
                       --module o365_spray_activesync \
                       --count 3 --lockout 30