TREVORspray
TREVORspray copied to clipboard
blacklanternsecurity
TREVORspray is a modular password sprayer with threading, clever proxying, loot modules, and more!
Hello, First off I just wanted to say what a great tool and it does a whole lot more than just spraying. My only question, and maybe I missed the...
During a red team engagement I found out that Okta makes use of multiple domains for federation. My current target makes use of the `okta-emea.com` domain, but TREVORspray has `okta.com`...
Is there an option to send POST requests to an endpoint instead of GET request? When i try to connect to the endpoint: AADSTS900561: The endpoint only accepts POST, OPTIONS...
SMTP looter can run forever ``` [ERRR] Traceback (most recent call last): File "/usr/local/lib/python3.9/dist-packages/trevorspray/lib/looters/msol.py", line 62, in test_smtp session = smtplib.SMTP(host, timeout=5) File "/usr/lib/python3.9/smtplib.py", line 253, in __init__ (code, msg)...
When using the Okta module, Trevorspray returns a Response code 401 for every attempt, including for a correct set of credentials. The command being used is: `trevorspray -u test_emails.txt -m...
I recently reinstalled the tool, but was not able to make it work. I was getting a "No module named 'lib.util'" when trying to run it  I was able...
# Add Teams Photo User Enumeration Module and OfficeHome Sprayer ## Description This PR adds two major features: 1. A new user enumeration module that leverages Microsoft Teams profile photo...
Playing with some other tooling recently ( https://github.com/dirkjanm/ROADtools ) I noticed that my account does not require MFA due to conditional access policies when logging in via a 'device code'...
Hey, just a quick one: - when MS smart protection kicks in after xxx failed attempts it often returns `AADSTS50053 (Account appears to be locked.)` even though the account is...
Metadata
Owner
Metadata
TREVORspray is a modular password sprayer with threading, clever proxying, loot modules, and more!