AADInternals
AADInternals is PowerShell module for administering Azure AD and Office 365.
Azucar
Azucar is a multi-threaded plugin-based tool to help you assess the security of your Azure Cloud environment.
AzureAD SSO brute
Python tool to brute force against an AzureAD SSO endpoint.
AzureHound
AzureAD focused module to gather information.
AzurEnum
Enumerate Microsoft Entra ID (Azure AD) fast.
check_mdi
Python script to enumerate valid Microsoft 365 domains, retrieve tenant name, and check for a Microsoft Defender for Identity (MDI) instance.
Credmaster
Refactored & improved CredKing password spraying tool, uses FireProx APIs to rotate IP addresses, stay anonymous, and beat throttling.
Go365
Go365 is a tool designed to perform user enumeration* and password guessing attacks on organizations that use Office365 (now/soon Microsoft365).
M365_groups_enum
Enumerate Microsoft 365 Groups in a tenant with their metadata.
MFade
A tool to find failure points in Microsoft Multi Factor Authentication configurations from an attacker's perspective but with some extra OPSEC features.
MFASweep
MFASweep is a PowerShell script that attempts to log in to various Microsoft services using a provided set of credentials and will attempt to identify if MFA is enabled.
MicroBurst
A PowerShell Toolkit for Attacking Azure.
MSOLSpray
A password spraying tool for Microsoft Online accounts (Azure/O365).
O365creeper
Enumerates valid email addresses from Office 365 without submitting login attempts.
O365spray
o365spray | Microsoft O365 User Enumerator and Password Sprayer.
Omnispray
Omnispray aims to replace tools such as o365spray and provide a modular framework to expand enumeration and spraying beyond just a single target/application.
onedrive_user_enum
OneDrive user enumeration - pentest tool to enumerate valid o365 users.
ROADrecon
ROADtools is a framework to interact with Azure AD. It currently consists of a library (roadlib) and the ROADrecon Azure AD exploration tool.
Stormspotter
Stormspotter creates an 'attack graph' of the resources in an Azure subscription.