{"id":25482,"date":"2022-06-23T11:32:18","date_gmt":"2022-06-23T11:32:18","guid":{"rendered":"https:\/\/kalilinuxtutorials.com\/?p=25482"},"modified":"2022-06-23T11:32:21","modified_gmt":"2022-06-23T11:32:21","slug":"ssoh-no","status":"publish","type":"post","link":"https:\/\/kalilinuxtutorials.com\/ssoh-no\/","title":{"rendered":"SSOh-No : User Enumeration And Password Spraying Tool For Testing Azure AD"},"content":{"rendered":"\n<p><strong>SSOh-No<\/strong> is designed to enumerate users, password spray and perform brute force attacks against any organisation that utilises Azure AD or O365.<\/p>\n\n\n\n<p>Generally, this endpoint provides extremely verbose errors which can be leveraged to enumerate users and validate their passwords via brute force\/spraying attacks, while also failing to log any failed authentication attempts.<\/p>\n\n\n\n<p>This tool is a weaponised version of a PoC demonstrated in the&nbsp;arstechnica research article&nbsp;which discusses the techniques utilised to exploit the endpoint.<\/p>\n\n\n\n<p>This endpoint is known to Microsoft however, in typical fashion it has been branded a feature, not a bug.<\/p>\n\n\n\n<p>This endpoint does enforce &#8220;smart locking&#8221; which can be bypassed by rotating IP.<\/p>\n\n\n\n<h3 class=\"has-text-align-center has-vivid-green-cyan-background-color has-background wp-block-heading\"><a href=\"https:\/\/github.com\/optionalCTF\/SSOh-No#why-is-this-unique\"><\/a>Why Is This Unique?<\/h3>\n\n\n\n<p>The SSO Autologon endpoint does not contain logging of any sort bar potentially updating the users &#8220;Last Logon&#8221; time.<\/p>\n\n\n\n<p>The following have been tested and contain no logs:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>AzureAD<\/li><li>Sentinel<\/li><li>Defender for Identity (Formerly Advanced Thread Protection)<\/li><li>Defender for Cloud Apps<\/li><\/ul>\n\n\n\n<h2 class=\"has-text-align-center has-vivid-green-cyan-background-color has-background wp-block-heading\"><a href=\"https:\/\/github.com\/optionalCTF\/SSOh-No#usage\"><\/a>Usage<\/h2>\n\n\n\n<p class=\"has-vivid-green-cyan-color has-black-background-color has-text-color has-background\"><strong>$ .\/SSOh-No -h<br>usage: SSOh-No [-h|&#8211;help] [-e|&#8211;email &#8220;&#8221;] [-p|&#8211;password &#8220;&#8221;]<br>[-U|&#8211;userlist &#8220;&#8221;] [-o|&#8211;outfile &#8220;&#8221;]<br>Enumerate and abuse a sub-par Azure SSO endpoint.<br>Arguments:<br>-h &#8211;help Print help information<br>-e &#8211;email Email address to query. Example: user@domain.com<br>-p &#8211;password Password to spray. Example: Password123!<br>-U &#8211;userlist Specify userlist to enumerate<br>-o &#8211;outfile Specify outfile. Example: validated.txt<\/strong><\/p>\n\n\n\n<h2 class=\"has-light-green-cyan-background-color has-background wp-block-heading\">Upcoming Features<\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li>Proxy Implementation to bypass smart lock<\/li><li>Password brute force from password lists (single user- No plans for password list brute force against a userlist)<\/li><\/ul>\n\n\n\n<div class=\"wp-block-buttons is-content-justification-center is-layout-flex wp-container-core-buttons-is-layout-16018d1d wp-block-buttons-is-layout-flex\">\n<div class=\"wp-block-button is-style-outline is-style-outline--1\"><a class=\"wp-block-button__link has-vivid-cyan-blue-background-color has-background\" href=\"https:\/\/github.com\/optionalCTF\/SSOh-No\"><strong>Download<\/strong><\/a><\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>SSOh-No is designed to enumerate users, password spray and perform brute force attacks against any organisation that utilises Azure AD or O365. Generally, this endpoint provides extremely verbose errors which can be leveraged to enumerate users and validate their passwords via brute force\/spraying attacks, while also failing to log any failed authentication attempts. This tool [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":25491,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhsFVQjA_hlnWO3GJ1qXQY8Dt4nMiP-hDyhesJdtbbRTrFmYj8pnduBx-E0wkmYFzR8elloAAmycebIE94ei_oCzxkjbEGLCO3MwWxetaih2YHYyuKzObckt_dh3QIB1DRfV5YVsKJ_Z6K77CoCUPTvTFoGpxd5N8ppah2YpVDgeGoB3P6FkvIWSDjR\/s728\/passwordspray.png","fifu_image_alt":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[28],"tags":[316,1065,2420,4276,5331],"class_list":["post-25482","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-kali","tag-azure-ad","tag-enumeration","tag-password","tag-spraying-tool","tag-ssoh-no"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>SSOh-No : User Enumeration And Password Spraying Tool<\/title>\n<meta name=\"description\" content=\"SSOh-No is designed to enumerate users, password spray and perform brute force attacks against any organisation.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/kalilinuxtutorials.com\/ssoh-no\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"SSOh-No : User Enumeration And Password Spraying Tool\" \/>\n<meta property=\"og:description\" content=\"SSOh-No is designed to enumerate users, password spray and perform brute force attacks against any organisation.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/kalilinuxtutorials.com\/ssoh-no\/\" \/>\n<meta property=\"og:site_name\" content=\"Kali Linux Tutorials\" \/>\n<meta property=\"article:published_time\" content=\"2022-06-23T11:32:18+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-06-23T11:32:21+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhsFVQjA_hlnWO3GJ1qXQY8Dt4nMiP-hDyhesJdtbbRTrFmYj8pnduBx-E0wkmYFzR8elloAAmycebIE94ei_oCzxkjbEGLCO3MwWxetaih2YHYyuKzObckt_dh3QIB1DRfV5YVsKJ_Z6K77CoCUPTvTFoGpxd5N8ppah2YpVDgeGoB3P6FkvIWSDjR\/s728\/passwordspray.png\" \/>\n<meta name=\"author\" content=\"R K\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhsFVQjA_hlnWO3GJ1qXQY8Dt4nMiP-hDyhesJdtbbRTrFmYj8pnduBx-E0wkmYFzR8elloAAmycebIE94ei_oCzxkjbEGLCO3MwWxetaih2YHYyuKzObckt_dh3QIB1DRfV5YVsKJ_Z6K77CoCUPTvTFoGpxd5N8ppah2YpVDgeGoB3P6FkvIWSDjR\/s728\/passwordspray.png\" \/>\n<meta name=\"twitter:creator\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:site\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"R K\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/ssoh-no\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/ssoh-no\/\"},\"author\":{\"name\":\"R K\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad\"},\"headline\":\"SSOh-No : User Enumeration And Password Spraying Tool For Testing Azure AD\",\"datePublished\":\"2022-06-23T11:32:18+00:00\",\"dateModified\":\"2022-06-23T11:32:21+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/ssoh-no\/\"},\"wordCount\":250,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/ssoh-no\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhsFVQjA_hlnWO3GJ1qXQY8Dt4nMiP-hDyhesJdtbbRTrFmYj8pnduBx-E0wkmYFzR8elloAAmycebIE94ei_oCzxkjbEGLCO3MwWxetaih2YHYyuKzObckt_dh3QIB1DRfV5YVsKJ_Z6K77CoCUPTvTFoGpxd5N8ppah2YpVDgeGoB3P6FkvIWSDjR\/s728\/passwordspray.png\",\"keywords\":[\"azure AD\",\"Enumeration\",\"password\",\"Spraying Tool\",\"SSOh-No\"],\"articleSection\":[\"Kali Linux\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/kalilinuxtutorials.com\/ssoh-no\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/ssoh-no\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/ssoh-no\/\",\"name\":\"SSOh-No : User Enumeration And Password Spraying Tool\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/ssoh-no\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/ssoh-no\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhsFVQjA_hlnWO3GJ1qXQY8Dt4nMiP-hDyhesJdtbbRTrFmYj8pnduBx-E0wkmYFzR8elloAAmycebIE94ei_oCzxkjbEGLCO3MwWxetaih2YHYyuKzObckt_dh3QIB1DRfV5YVsKJ_Z6K77CoCUPTvTFoGpxd5N8ppah2YpVDgeGoB3P6FkvIWSDjR\/s728\/passwordspray.png\",\"datePublished\":\"2022-06-23T11:32:18+00:00\",\"dateModified\":\"2022-06-23T11:32:21+00:00\",\"description\":\"SSOh-No is designed to enumerate users, password spray and perform brute force attacks against any organisation.\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/kalilinuxtutorials.com\/ssoh-no\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/ssoh-no\/#primaryimage\",\"url\":\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhsFVQjA_hlnWO3GJ1qXQY8Dt4nMiP-hDyhesJdtbbRTrFmYj8pnduBx-E0wkmYFzR8elloAAmycebIE94ei_oCzxkjbEGLCO3MwWxetaih2YHYyuKzObckt_dh3QIB1DRfV5YVsKJ_Z6K77CoCUPTvTFoGpxd5N8ppah2YpVDgeGoB3P6FkvIWSDjR\/s728\/passwordspray.png\",\"contentUrl\":\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhsFVQjA_hlnWO3GJ1qXQY8Dt4nMiP-hDyhesJdtbbRTrFmYj8pnduBx-E0wkmYFzR8elloAAmycebIE94ei_oCzxkjbEGLCO3MwWxetaih2YHYyuKzObckt_dh3QIB1DRfV5YVsKJ_Z6K77CoCUPTvTFoGpxd5N8ppah2YpVDgeGoB3P6FkvIWSDjR\/s728\/passwordspray.png\",\"width\":\"728\",\"height\":\"380\"},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"name\":\"Kali Linux Tutorials\",\"description\":\"Kali Linux Tutorials\",\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\",\"name\":\"Kali Linux Tutorials\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"contentUrl\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"width\":272,\"height\":90,\"caption\":\"Kali Linux Tutorials\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/CyberEdition\",\"https:\/\/www.threads.com\/@cybersecurityedition\",\"https:\/\/www.linkedin.com\/company\/cyberedition\",\"https:\/\/www.instagram.com\/cybersecurityedition\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad\",\"name\":\"R K\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g\",\"caption\":\"R K\"},\"url\":\"https:\/\/kalilinuxtutorials.com\/author\/ranjith\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"SSOh-No : User Enumeration And Password Spraying Tool","description":"SSOh-No is designed to enumerate users, password spray and perform brute force attacks against any organisation.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/kalilinuxtutorials.com\/ssoh-no\/","og_locale":"en_US","og_type":"article","og_title":"SSOh-No : User Enumeration And Password Spraying Tool","og_description":"SSOh-No is designed to enumerate users, password spray and perform brute force attacks against any organisation.","og_url":"https:\/\/kalilinuxtutorials.com\/ssoh-no\/","og_site_name":"Kali Linux Tutorials","article_published_time":"2022-06-23T11:32:18+00:00","article_modified_time":"2022-06-23T11:32:21+00:00","og_image":[{"url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhsFVQjA_hlnWO3GJ1qXQY8Dt4nMiP-hDyhesJdtbbRTrFmYj8pnduBx-E0wkmYFzR8elloAAmycebIE94ei_oCzxkjbEGLCO3MwWxetaih2YHYyuKzObckt_dh3QIB1DRfV5YVsKJ_Z6K77CoCUPTvTFoGpxd5N8ppah2YpVDgeGoB3P6FkvIWSDjR\/s728\/passwordspray.png","type":"","width":"","height":""}],"author":"R K","twitter_card":"summary_large_image","twitter_image":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhsFVQjA_hlnWO3GJ1qXQY8Dt4nMiP-hDyhesJdtbbRTrFmYj8pnduBx-E0wkmYFzR8elloAAmycebIE94ei_oCzxkjbEGLCO3MwWxetaih2YHYyuKzObckt_dh3QIB1DRfV5YVsKJ_Z6K77CoCUPTvTFoGpxd5N8ppah2YpVDgeGoB3P6FkvIWSDjR\/s728\/passwordspray.png","twitter_creator":"@CyberEdition","twitter_site":"@CyberEdition","twitter_misc":{"Written by":"R K","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/kalilinuxtutorials.com\/ssoh-no\/#article","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/ssoh-no\/"},"author":{"name":"R K","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad"},"headline":"SSOh-No : User Enumeration And Password Spraying Tool For Testing Azure AD","datePublished":"2022-06-23T11:32:18+00:00","dateModified":"2022-06-23T11:32:21+00:00","mainEntityOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/ssoh-no\/"},"wordCount":250,"commentCount":0,"publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/ssoh-no\/#primaryimage"},"thumbnailUrl":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhsFVQjA_hlnWO3GJ1qXQY8Dt4nMiP-hDyhesJdtbbRTrFmYj8pnduBx-E0wkmYFzR8elloAAmycebIE94ei_oCzxkjbEGLCO3MwWxetaih2YHYyuKzObckt_dh3QIB1DRfV5YVsKJ_Z6K77CoCUPTvTFoGpxd5N8ppah2YpVDgeGoB3P6FkvIWSDjR\/s728\/passwordspray.png","keywords":["azure AD","Enumeration","password","Spraying Tool","SSOh-No"],"articleSection":["Kali Linux"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/kalilinuxtutorials.com\/ssoh-no\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/kalilinuxtutorials.com\/ssoh-no\/","url":"https:\/\/kalilinuxtutorials.com\/ssoh-no\/","name":"SSOh-No : User Enumeration And Password Spraying Tool","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/ssoh-no\/#primaryimage"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/ssoh-no\/#primaryimage"},"thumbnailUrl":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhsFVQjA_hlnWO3GJ1qXQY8Dt4nMiP-hDyhesJdtbbRTrFmYj8pnduBx-E0wkmYFzR8elloAAmycebIE94ei_oCzxkjbEGLCO3MwWxetaih2YHYyuKzObckt_dh3QIB1DRfV5YVsKJ_Z6K77CoCUPTvTFoGpxd5N8ppah2YpVDgeGoB3P6FkvIWSDjR\/s728\/passwordspray.png","datePublished":"2022-06-23T11:32:18+00:00","dateModified":"2022-06-23T11:32:21+00:00","description":"SSOh-No is designed to enumerate users, password spray and perform brute force attacks against any organisation.","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/kalilinuxtutorials.com\/ssoh-no\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/ssoh-no\/#primaryimage","url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhsFVQjA_hlnWO3GJ1qXQY8Dt4nMiP-hDyhesJdtbbRTrFmYj8pnduBx-E0wkmYFzR8elloAAmycebIE94ei_oCzxkjbEGLCO3MwWxetaih2YHYyuKzObckt_dh3QIB1DRfV5YVsKJ_Z6K77CoCUPTvTFoGpxd5N8ppah2YpVDgeGoB3P6FkvIWSDjR\/s728\/passwordspray.png","contentUrl":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhsFVQjA_hlnWO3GJ1qXQY8Dt4nMiP-hDyhesJdtbbRTrFmYj8pnduBx-E0wkmYFzR8elloAAmycebIE94ei_oCzxkjbEGLCO3MwWxetaih2YHYyuKzObckt_dh3QIB1DRfV5YVsKJ_Z6K77CoCUPTvTFoGpxd5N8ppah2YpVDgeGoB3P6FkvIWSDjR\/s728\/passwordspray.png","width":"728","height":"380"},{"@type":"WebSite","@id":"https:\/\/kalilinuxtutorials.com\/#website","url":"https:\/\/kalilinuxtutorials.com\/","name":"Kali Linux Tutorials","description":"Kali Linux Tutorials","publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/kalilinuxtutorials.com\/#organization","name":"Kali Linux Tutorials","url":"https:\/\/kalilinuxtutorials.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/","url":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","contentUrl":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","width":272,"height":90,"caption":"Kali Linux Tutorials"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/CyberEdition","https:\/\/www.threads.com\/@cybersecurityedition","https:\/\/www.linkedin.com\/company\/cyberedition","https:\/\/www.instagram.com\/cybersecurityedition\/"]},{"@type":"Person","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad","name":"R K","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g","caption":"R K"},"url":"https:\/\/kalilinuxtutorials.com\/author\/ranjith\/"}]}},"jetpack_featured_media_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhsFVQjA_hlnWO3GJ1qXQY8Dt4nMiP-hDyhesJdtbbRTrFmYj8pnduBx-E0wkmYFzR8elloAAmycebIE94ei_oCzxkjbEGLCO3MwWxetaih2YHYyuKzObckt_dh3QIB1DRfV5YVsKJ_Z6K77CoCUPTvTFoGpxd5N8ppah2YpVDgeGoB3P6FkvIWSDjR\/s728\/passwordspray.png","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":10257,"url":"https:\/\/kalilinuxtutorials.com\/msolspray\/","url_meta":{"origin":25482,"position":0},"title":"MSOLSpray : A Password Spraying Tool For Microsoft Online Accounts","author":"R K","date":"April 14, 2020","format":false,"excerpt":"MSOLSpray is a password spraying tool for Microsoft Online accounts (Azure\/O365). The script logs if a user cred is valid, if MFA is enabled on the account, if a tenant doesn't exist, if a user doesn't exist, if the account is locked, or if the account is disabled. Why Another\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":19429,"url":"https:\/\/kalilinuxtutorials.com\/azur3alph4\/","url_meta":{"origin":25482,"position":1},"title":"Azur3Alph4 : A PowerShell Module That Automates Red-Team Tasks For Ops On Objective","author":"R K","date":"October 26, 2021","format":false,"excerpt":"Azur3Alph4 is a PowerShell module that automates red-team tasks for ops on objective. This module situates in a post-breach (RCE achieved) position. Token extraction and many other tools will not execute successfully without starting in this position. This module should be used for further enumeration and movement in a compromised\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEgFRVvHjWgGEuNuKh-3Fv0Yvky_qkdLgI-WWBDt5mN0Z1JUaIr4u1Ij4cG7_14Agehh0knQxaaiDs6yIX2K8jIZFLEvcMy705gPkXSSFYKh97Bkh36nbL79ZCWccVdSSIzbBdJRI9x7W6XZI2FlasMQ0zDl4XbobqfVUZ8Db3K7NMasBfGS7MuSIfoZ=s728","width":350,"height":200,"srcset":"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEgFRVvHjWgGEuNuKh-3Fv0Yvky_qkdLgI-WWBDt5mN0Z1JUaIr4u1Ij4cG7_14Agehh0knQxaaiDs6yIX2K8jIZFLEvcMy705gPkXSSFYKh97Bkh36nbL79ZCWccVdSSIzbBdJRI9x7W6XZI2FlasMQ0zDl4XbobqfVUZ8Db3K7NMasBfGS7MuSIfoZ=s728 1x, https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEgFRVvHjWgGEuNuKh-3Fv0Yvky_qkdLgI-WWBDt5mN0Z1JUaIr4u1Ij4cG7_14Agehh0knQxaaiDs6yIX2K8jIZFLEvcMy705gPkXSSFYKh97Bkh36nbL79ZCWccVdSSIzbBdJRI9x7W6XZI2FlasMQ0zDl4XbobqfVUZ8Db3K7NMasBfGS7MuSIfoZ=s728 1.5x, https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEgFRVvHjWgGEuNuKh-3Fv0Yvky_qkdLgI-WWBDt5mN0Z1JUaIr4u1Ij4cG7_14Agehh0knQxaaiDs6yIX2K8jIZFLEvcMy705gPkXSSFYKh97Bkh36nbL79ZCWccVdSSIzbBdJRI9x7W6XZI2FlasMQ0zDl4XbobqfVUZ8Db3K7NMasBfGS7MuSIfoZ=s728 2x"},"classes":[]},{"id":29718,"url":"https:\/\/kalilinuxtutorials.com\/vajra\/","url_meta":{"origin":25482,"position":2},"title":"Vajra &#8211; Your Weapon To Cloud","author":"Varshini","date":"August 24, 2023","format":false,"excerpt":"About Vajra Vajra is a tool with a graphical user interface that can be used to attack and look around in the Azure environment of a target. In Indian folklore, Vajra is the name of the weapon of the god of thunder and storms, Indra. Because it works with the\u2026","rel":"","context":"In &quot;Cyber security&quot;","block_context":{"text":"Cyber security","link":"https:\/\/kalilinuxtutorials.com\/category\/cyber-security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhMavK2m55ocs3a8TmOGIb6wexVkvD4_o0JO7vRa96xAng-XHF_IzxPJ7WT6_by8wPL3mPnrDe651PTlBKb-HVxFqDOa5p687HuBiAcOcPjQFKIxUyoFkoMuPZsuvT_Rttn4TXU1qwyF15e2-O6woE1k9OhDEtT1i8Nrt6ltkKNmZd6-t_-hMsYs8tNjw\/s16000\/68747470733a2f2f6d65646961332e67697068792e636f6d2f6d656469612f705a4f4d76555666564b4a575030354b77772f67697068792e676966.gif?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":24191,"url":"https:\/\/kalilinuxtutorials.com\/vortex\/","url_meta":{"origin":25482,"position":3},"title":"Vortex : VPN Overall Reconnaissance, Testing, Enumeration And exploitation Toolkit","author":"R K","date":"May 9, 2022","format":false,"excerpt":"Vortex is a VPN Overall Reconnaissance, Testing, Enumeration and Exploitation Toolkit Overview A very simple Python framework, inspired by\u00a0SprayingToolkit, that tries to automate most of the process required to detect, enumerate and attack common O365 and VPN endpoints (like Cisco, Citrix, Fortinet, Pulse, etc...). Why I developed it Make the\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjYPwrlRJs-JkLsHyr9heZTFhWnJZQWjWfimNh9M4xiaKelB1XcsGzHTuKomXXj6e_A5h1o4QBggYYKYxxTzgaJ7sbaEiGj8aM6BGAAs1Pf92Z2Bo5RXJa79DsVmWmFZMDlahLMqmEhO7XvQHD5lw4SZR2dtqj7QrKAfo5Qc2ZTGD0FMthxLjBESRwl\/s728\/maat_1_maat_logo-720612%20%281%29.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjYPwrlRJs-JkLsHyr9heZTFhWnJZQWjWfimNh9M4xiaKelB1XcsGzHTuKomXXj6e_A5h1o4QBggYYKYxxTzgaJ7sbaEiGj8aM6BGAAs1Pf92Z2Bo5RXJa79DsVmWmFZMDlahLMqmEhO7XvQHD5lw4SZR2dtqj7QrKAfo5Qc2ZTGD0FMthxLjBESRwl\/s728\/maat_1_maat_logo-720612%20%281%29.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjYPwrlRJs-JkLsHyr9heZTFhWnJZQWjWfimNh9M4xiaKelB1XcsGzHTuKomXXj6e_A5h1o4QBggYYKYxxTzgaJ7sbaEiGj8aM6BGAAs1Pf92Z2Bo5RXJa79DsVmWmFZMDlahLMqmEhO7XvQHD5lw4SZR2dtqj7QrKAfo5Qc2ZTGD0FMthxLjBESRwl\/s728\/maat_1_maat_logo-720612%20%281%29.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjYPwrlRJs-JkLsHyr9heZTFhWnJZQWjWfimNh9M4xiaKelB1XcsGzHTuKomXXj6e_A5h1o4QBggYYKYxxTzgaJ7sbaEiGj8aM6BGAAs1Pf92Z2Bo5RXJa79DsVmWmFZMDlahLMqmEhO7XvQHD5lw4SZR2dtqj7QrKAfo5Qc2ZTGD0FMthxLjBESRwl\/s728\/maat_1_maat_logo-720612%20%281%29.png?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":27614,"url":"https:\/\/kalilinuxtutorials.com\/teamfiltration\/","url_meta":{"origin":25482,"position":4},"title":"TeamFiltration : Cross-Platform Framework For Enumerating, Spraying, Exfiltrating, And Backdooring O365 AAD Accounts","author":"R K","date":"November 15, 2022","format":false,"excerpt":"TeamFiltration is a cross-platform framework for enumerating, spraying, exfiltrating, and backdooring O365 AAD accounts. See the TeamFiltration wiki page for an introduction into how TeamFiltration works and the Quick Start Guide for how to get up and running! This tool has been used internally since January 2021 and was publicly\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjKH5Y-PgHTtzZK_5Rdq3MwJ5vIogvPByaGlGgnmzBLcMteEdsSlzZvpDkIYKyHkqPij9YJzCUzjmaUvr7E-vnm9dRjXE-P1CWrYfE_Z2pjiduwOZa1Hrs2p7qtXxzxLLqcNYUHPUZ53iO9DYmz7qqGdeONp1tsquukRmHaZnd1EiAko5gi81xH0Hd_\/s728\/TeamFiltration.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjKH5Y-PgHTtzZK_5Rdq3MwJ5vIogvPByaGlGgnmzBLcMteEdsSlzZvpDkIYKyHkqPij9YJzCUzjmaUvr7E-vnm9dRjXE-P1CWrYfE_Z2pjiduwOZa1Hrs2p7qtXxzxLLqcNYUHPUZ53iO9DYmz7qqGdeONp1tsquukRmHaZnd1EiAko5gi81xH0Hd_\/s728\/TeamFiltration.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjKH5Y-PgHTtzZK_5Rdq3MwJ5vIogvPByaGlGgnmzBLcMteEdsSlzZvpDkIYKyHkqPij9YJzCUzjmaUvr7E-vnm9dRjXE-P1CWrYfE_Z2pjiduwOZa1Hrs2p7qtXxzxLLqcNYUHPUZ53iO9DYmz7qqGdeONp1tsquukRmHaZnd1EiAko5gi81xH0Hd_\/s728\/TeamFiltration.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjKH5Y-PgHTtzZK_5Rdq3MwJ5vIogvPByaGlGgnmzBLcMteEdsSlzZvpDkIYKyHkqPij9YJzCUzjmaUvr7E-vnm9dRjXE-P1CWrYfE_Z2pjiduwOZa1Hrs2p7qtXxzxLLqcNYUHPUZ53iO9DYmz7qqGdeONp1tsquukRmHaZnd1EiAko5gi81xH0Hd_\/s728\/TeamFiltration.png?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":36223,"url":"https:\/\/kalilinuxtutorials.com\/hackthebox-ad-machines\/","url_meta":{"origin":25482,"position":5},"title":"HackTheBox AD Machines : Tools And Strategies For Mastering AD Penetration Testing","author":"Varshini","date":"February 7, 2025","format":false,"excerpt":"HackTheBox (HTB) offers a range of Active Directory (AD) machines designed to help cybersecurity enthusiasts and professionals practice enumeration, exploitation, and attack techniques on AD environments. These machines vary in difficulty, providing challenges for both beginners and advanced users. Below is an overview of tools commonly used for tackling AD\u2026","rel":"","context":"In &quot;Cyber security&quot;","block_context":{"text":"Cyber security","link":"https:\/\/kalilinuxtutorials.com\/category\/cyber-security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/02\/HackTheBox-AD-Machines.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/02\/HackTheBox-AD-Machines.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/02\/HackTheBox-AD-Machines.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/02\/HackTheBox-AD-Machines.webp?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/02\/HackTheBox-AD-Machines.webp?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/02\/HackTheBox-AD-Machines.webp?resize=1400%2C800&ssl=1 4x"},"classes":[]}],"_links":{"self":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/25482","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/comments?post=25482"}],"version-history":[{"count":6,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/25482\/revisions"}],"predecessor-version":[{"id":25805,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/25482\/revisions\/25805"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media\/25491"}],"wp:attachment":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media?parent=25482"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/categories?post=25482"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/tags?post=25482"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}