v0.2.0-beta

⚠️ Notice

When upgrading from a previous version of Spray365, ensure that you install the latest dependencies! Install the latest version of Spray365 and its dependencies with:

$ git clone https://github.com/MarkoH17/Spray365
$ cd Spray365
~/Spray365$ pip3 install -r requirements.txt -U
~/Spray365$ python3 spray365.py

🎉 What's New

• Spray365 has been refactored into different modules, making it easier to develop new features!
• Generating execution plans have been split into two different sub-types: normal, and audit. Generating normal execution plans (spray365.py generate normal) works the same as previous versions. However, generating audit execution plans (spray365.py generate audit) will cause Spray365 to create all combinations of User-Agent, AAD_Client, and AAD_Endpoint for each set of credentials. Audit-type execution plans can (and should) be sprayed with known-valid credentials to identify flaws in MFA / conditional access policy configurations.
• Audit-type execution plans inspired the addition of another type of password input: --passwords_in_userfile. When this option is specified, each line in the user file (-u / --user_file) will be split on a colon, where the value preceding the colon is treated as the username, and the value after the colon is treated as the password (e.g. jsmith:Password01).
• Results from spraying can be reviewed using the new review mode (spray365.py review <results.json>). This new mode displays valid/invalid users and valid/partial-valid/invalid credentials.

🏗️ What's Changed

• Arguments are now parsed using Click, simplifying validation and enforcement of mutually exclusive options.
• Credential, AuthResult, and AuthError objects were refactored. This means that only new execution plans (and Spray365 results) can be processed using v0.2.0-beta.
• Dependencies were bumped to their latest versions.

Full Changelog: 0.1.5-beta...0.2.0-beta