Description

This is a simple Python script used to validate email accounts that belong to Office 365 tenants. This script takes either a single email address or a list of email addresses as input, sends a request to Office 365 without a password, and looksfor the the “IfExistsResult” parameter to be set to 0 for a valid account. Invalid accounts will return a 1.

Requirements

• List of users
• Domain

How to Use

1. Download the tool into your computer

• git clone https://github.com/LMGsec/o365creeper.git

2. Display the help menu

• python2.7 o365creeper.py -h

-e EMAIL, –email EMAIL

• Single email address to validate.

-f FILE, –file FILE

• List of email addresses to validate, one per line.

-o OUTPUT, –output OUTPUT

• Output valid email addresses to the specified file.

Exploitation

1. testing a sing user

• python2.7 o365creeper.py -e ceo@adpentesteracademy.onmicrosoft.com

VALID

INVALID

2. Enumerate using a file containing different emails

• python2.7 o365creeper.py -f emails.txt

References

https://github.com/LMGsec/o365creeper