AADInternals is PowerShell module for administering Azure AD and Office 365.
Azucar is a multi-threaded plugin-based tool to help you assess the security of your Azure Cloud environment.
AzureAD SSO brute
Python tool to brute force against an AzureAD SSO endpoint.
AzureAD focused module to gather information.
Refactored & improved CredKing password spraying tool, uses FireProx APIs to rotate IP addresses, stay anonymous, and beat throttling.
Go365 is a tool designed to perform user enumeration* and password guessing attacks on organizations that use Office365 (now/soon Microsoft365).
Enumerate Microsoft 365 Groups in a tenant with their metadata.
MFASweep is a PowerShell script that attempts to log in to various Microsoft services using a provided set of credentials and will attempt to identify if MFA is enabled.
A PowerShell Toolkit for Attacking Azure.
A password spraying tool for Microsoft Online accounts (Azure/O365).
Enumerates valid email addresses from Office 365 without submitting login attempts.
o365spray | Microsoft O365 User Enumerator and Password Sprayer.
Omnispray aims to replace tools such as o365spray and provide a modular framework to expand enumeration and spraying beyond just a single target/application.
OneDrive user enumeration - pentest tool to enumerate valid o365 users.
ROADtools is a framework to interact with Azure AD. It currently consists of a library (roadlib) and the ROADrecon Azure AD exploration tool.
Stormspotter creates an 'attack graph' of the resources in an Azure subscription.