OneDrive users have a file share URL with a known location:

In this instance, the username is 'lightmand' and the domain is ''. If a user has logged into OneDrive, this path will exist and return a 403 status code. If they have not, or the user is invalid, it will return a 404.

The results may vary depending on how widely used OneDrive is within an org. Currently it is the most reliable user-enumeration method that I'm aware of (office365userenum no longer works, and the others like UhOh365 are unreliable). Further, it does not attempt a login and is much more passive, and should be undetectable to the target org. Microsoft will see the hits, but the target org won't.


  • Tenant name
  • Username or user list <found usernames>
  • Domain name

How to Use

1. Download the tool

  • git clone

2. Install requirements

  • pip3 install -r requirements.txt

3. Display menu

  • python3 ./ -h


1. Run basic OneDrive user enumeration

  • python3 -U <user_list> -d <> -v

2. example - basic usage

  • ./ -t microsoft -d -U USERNAMES/statistically-likely/jsmith.txt

3. example - mysql db logging

  • ./ -t microsoft -d -U USERNAMES/statistically-likely/jsmith.txt -m db.conf

4. Set Threads

  • python3 -U <user_list> -d <> -v -T100