Vajra is a UI-based tool with multiple techniques for attacking and enumerating in the target's Azure and AWS environment. It features an intuitive web-based user interface built with the Python Fl…

Azure Security Resources and Notes

Spray365 makes spraying Microsoft accounts (Office 365 / Azure AD) easy through its customizable two-step password spraying approach. The built-in execution plan features options that attempt to by…

PowerShell framework to assess Azure security

GoldenSAML Attack Libraries and Framework

POC of SecureWorks' recent Azure Active Directory password brute-forcing vuln

Python script that performs email address validation against Office 365 without submitting login attempts.

An Office365 User Attack Tool

Azure JWT Token Manipulation Toolset

retrieve information via O365 and AzureAD with a valid cred

This repository contains a collection of cheatsheets I have put together for tools related to pentesting organizations that leverage cloud providers.

A toolkit to attack Office365

AzureC2Relay is an Azure Function that validates and relays Cobalt Strike beacon traffic by verifying the incoming requests based on a Cobalt Strike Malleable C2 profile.

A collection of Azure AD/Entra tools for offensive and defensive security purposes

Enumerate valid usernames from Office 365 using ActiveSync, Autodiscover v1, or office.com login page.

A password spraying tool for Microsoft Online accounts (Azure/O365). The script logs if a user cred is valid, if MFA is enabled on the account, if a tenant doesn't exist, if a user doesn't exist, i…

A tool to extract and abuse access tokens from AzureCLI for bypassing 2FA/MFA.

Password attacks and MFA validation against various endpoints in Azure and Office 365