AzureAD SSO brute

Python tool to brute force against an AzureAD SSO endpoint.


git clone
python3 -m pip install -r requirements.txt


python3 username_file password_file [OPTIONS]


Brute force tool to enumerate emails and spray passwords.

positional arguments:
  username_file         File containing usernames (e.g. '[email protected]' or '[email protected]').
  password_file         File containing passwords.

optional arguments:
  -h, --help            show this help message and exit
  --timeout TIMEOUT     Timeout period for every try/request.
  -v, --verbose         Verbose output.
  --guid GUID           Device guid for the SSO request.
  -ps PASSWORD_SLEEP, --password_sleep PASSWORD_SLEEP
                        Sleep time in seconds between passwords.
  --continue_brute      Brute force continues after locked out accounts were found.
                        Brute force continues after locked out accounts were found, but skips the accounts that were locked out.
  --stop_brute          Brute force stops after a locked out account was found.


python3 usernames.txt passwords.txt --stop_brute
[INFO]: Starting brute force..
[INFO]: Finishing up brute forcing.. found 1 valid credentials.
[SUCCESS]: [email protected] - EpicPassword1337

URL List