# Password Spraying

## Password list creation

Before you begin spraying passwords to the email addresses you may have collated using methods shown in [Email Address Discovery](https://wiki.pentestlist.com/offensive-security/external-infrastructure/discovery/email-address-discovery). You will need a good quality password list. Here's some things that you can use to create your password list:

* Use <http://weakpasswords.net/>
* Use variations of the organisation name + special characters + the current year

### Cred Master

A password spraying tool that uses FireProx to rotate IP addresses, stay anonymous, and beat throttling. CredMaster is perfect for attempting to login to the following services:

```
OWA - Outlook Web Access
--plugin owa

EWS - Exchange Web Services
--plugin ews

O365 - Office365 - DEPRECATED
plugin removed

ADFS - Active Directory Federation Services
--plugin adfs

O365Enum - Office365 User Enum (No Authentication Request)
--plugin o365enum

MSOL - Microsoft Online
--plugin msol

MSGraph - MSGraph Module, msgraph spray point for azure and MSOL credentials
--plugin msgraph

AzureSSO - Azure AD Seamless SSO Endpoint
--plugin azuresso

AzVault - AzVault Module, Azure spray point different to MSOL/AzureSSO
--plugin azvault

Okta - Okta Authentication Portal
--plugin okta

FortinetVPN - Fortinet VPN Client
--plugin fortinetvpn

HTTPBrute - Generic HTTP Brute Methods (Basic/Digest/NTLM)
--plugin httpbrute

GMailEnum - GSuite/Gmail enumeration
--plugin gmailenum
```

* <https://github.com/knavesec/CredMaster>

`python3 credmaster.py --access_key <a_key> --secret_access_key <sec_key> --plugin msol -u email.txt -p passwords.txt -a useragents.txt -t 5 -j 20 -d 30 --passwordsperdelay 2`