A DOM-based G-Suite password sprayer and user enumerator

Overview
.d8888b.   .d8888b.  8888888b.  8888888b.         d8888 Y88b   d88P 8888888888 8888888b.
d88P  Y88b d88P  Y88b 888   Y88b 888   Y88b       d88888  Y88b d88P  888        888   Y88b
888    888 Y88b.      888    888 888    888      d88P888   Y88o88P   888        888    888
888         "Y888b.   888   d88P 888   d88P     d88P 888    Y888P    8888888    888   d88P
888  88888     "Y88b. 8888888P"  8888888P"     d88P  888     888     888        8888888P"
888    888       "888 888        888 T88b     d88P   888     888     888        888 T88b
Y88b  d88P Y88b  d88P 888        888  T88b   d8888888888     888     888        888  T88b
 "Y8888P88  "Y8888P"  888        888   T88b d88P     888     888     8888888888 888   T88b

A DOM-based G-Suite password sprayer and user enumerator

Getting Started

These instructions will get you a copy of the project up and running on your local machine for development and testing purposes.

Installing

First, clone the repository

git clone https://github.com/yok4i/gsprayer.git

Once inside it, run poetry to install the dependencies

poetry install

Alternatively, you can install them with pip

pip install -r requirements.txt

Help

Use -h to show the help menu

poetry run ./gsprayer.py -h

usage: gsprayer.py [-h] [-t TARGET] (-u USERNAME | -U FILE) [-o OUTPUT] [-r N] [--headless] [--proxy PROXY] [--wait WAIT] [-v]
                   {enum,spray} ...

G-Suite Password Sprayer.

optional arguments:
  -h, --help            show this help message and exit
  -t TARGET, --target TARGET
                        Target URL (default: https://accounts.google.com/)
  -u USERNAME, --username USERNAME
                        Single username
  -U FILE, --usernames FILE
                        File containing usernames
  -o OUTPUT, --output OUTPUT
                        Output file (default depends on subcommand)
  -r N, --reset-after N
                        Reset browser after N attempts (default: 1)
  --headless            Run in headless mode
  --proxy PROXY         Proxy to pass traffic through: 
   
    
  --wait WAIT           Time to wait (in seconds) when looking for DOM elements (default: 3)
  -v, --verbose         Verbose output

subcommands:
  valid subcommands

  {enum,spray}          additional help
    enum                Perform user enumeration
    spray               Perform password spraying


   

There is also help menu for each subcommand:

poetry run ./gsprayer.py 
   
     -h

   

Examples

Enumerate valid accounts from a company using G-Suite, in headless mode

poetry run ./gsprayer.py -r 50 -U emails.txt --headless enum

Perform password spraying using a proxy and waiting 30 minutes between each password iteration

poetry run ./gsprayer.py -r 1 -U emails.txt -P passwords.txt --proxy 127.0.0.1:9050 spray --lockout 30

Note

If you are using a proxy with a protocol other than HTTP, you should specify the schema like socks5://127.0.0.1:9050.

Versioning

We use SemVer for versioning. For the versions available, see the tags on this repository.

License

This project is licensed under the MIT License - see the LICENSE file for details

Acknowledgments

Disclaimer

This tool is intended for educational purpose or for use in environments where you have been given explicit/legal authorization to do so.

You might also like...
This is simple python FTP password craker. To crack FTP login using wordlist based brute force attack
This is simple python FTP password craker. To crack FTP login using wordlist based brute force attack

This is simple python FTP password craker. To crack FTP login using wordlist based brute force attack

Generates password lists/dictionaries based on keywords written in python3.

dicbyru Introduction Generates password lists/dictionaries based on keywords. It uses the keywords and adds capital letters, numbers and special chara

This is a js front-end encryption blasting account and password tools

Author:0xAXSDD By Gamma安全实验室 version:1.0 explain:这是一款用户绕过前端js加密进行密码爆破的工具,你无需在意js加密的细节,只需要输入你想要爆破url,以及username输入框的classname,password输入框的clas

Fetch Chrome, Firefox, WiFi password and system info

DISCLAIMER : OUR TOOLS ARE FOR EDUCATIONAL PURPOSES ONLY. DON'T USE THEM FOR ILLEGAL ACTIVITIES. YOU ARE THE ONLY RESPONSABLE FOR YOUR ACTIONS! OUR TO

Password-Manager - This app can generate ,save , find and delete passwords.

Password-Manager This app can generate ,save , find and delete passwords. In the StartUp() Function , there are three buttons to choose from : Generat

You can crack any zip file and get the password.
You can crack any zip file and get the password.

Zip-Cracker Video Lesson : This is a Very powerfull Zip File Crack tool for termux users. Check 500 000 Passwords in 30 seconds Unique Performance Che

Pgen is the best brute force password generator and it is improved from the cupp.py
Pgen is the best brute force password generator and it is improved from the cupp.py

pgen Pgen is the best brute force password generator and it is improved from the cupp.py The pgen tool is dedicated to Leonardo da Vinci -Time stays l

Script to calculate Active Directory Kerberos keys (AES256 and AES128) for an account, using its plaintext password

Script to calculate Active Directory Kerberos keys (AES256 and AES128) for an account, using its plaintext password

Comments
  • Stacktrace after email input and before clicking next

    Stacktrace after email input and before clicking next

    Hi, I have try using with the firefox driver since my chromium isn't working properly and the following stack trace is return after entering the email in the identifierID field and just before clicking next.

    Stacktrace:
    WebDriverError@chrome://remote/content/shared/webdriver/Errors.jsm:181:5
    NoSuchElementError@chrome://remote/content/shared/webdriver/Errors.jsm:393:5
    element.find/</<@chrome://remote/content/marionette/element.js:305:16
    

    Look like it has a hard time finding the element for next but the xpath seems good Any idea? Thanks for your help

    opened by Gimpy42 0
  • Bug:

    Bug:

    I would love to use this tool, but I can't figure out why this command is failing with a stack trace error. Also, verbose mode does not seem to provide any additional information.

    $ poetry run ./gsprayer.py -u '<known_valid_gmail_account>' -v --rua -o ./ -H enum
    
    .d8888b.   .d8888b.  8888888b.  8888888b.         d8888 Y88b   d88P 8888888888 8888888b.  
    d88P  Y88b d88P  Y88b 888   Y88b 888   Y88b       d88888  Y88b d88P  888        888   Y88b 
    888    888 Y88b.      888    888 888    888      d88P888   Y88o88P   888        888    888 
    888         "Y888b.   888   d88P 888   d88P     d88P 888    Y888P    8888888    888   d88P 
    888  88888     "Y88b. 8888888P"  8888888P"     d88P  888     888     888        8888888P"  
    888    888       "888 888        888 T88b     d88P   888     888     888        888 T88b   
    Y88b  d88P Y88b  d88P 888        888  T88b   d8888888888     888     888        888  T88b  
     "Y8888P88  "Y8888P"  888        888   T88b d88P     888     888     8888888888 888   T88b 
    
    
    
       > target         :  https://accounts.google.com/
       > driver         :  chrome
       > username       :  <redacted>
       > output         :  valid_users.txt
       > reset_after    :  1
       > wait           :  3 seconds
       > captchatimeout :  30
       > headless       :  True
       > rua            :  True
       > verbose        :  True
       > cmd            :  enum
    
    >----------------------------------------<
    
    [*] Current username: <redacted>
    [ERROR] Message: 
    Stacktrace:
    #0 0x55b01f87f693 <unknown>
    #1 0x55b01f678b0a <unknown>
    #2 0x55b01f6b15f7 <unknown>
    #3 0x55b01f6b17c1 <unknown>
    #4 0x55b01f6e4804 <unknown>
    #5 0x55b01f6ce94d <unknown>
    #6 0x55b01f6e24b0 <unknown>
    #7 0x55b01f6ce743 <unknown>
    #8 0x55b01f6a4533 <unknown>
    #9 0x55b01f6a5715 <unknown>
    #10 0x55b01f8cf7bd <unknown>
    #11 0x55b01f8d2bf9 <unknown>
    #12 0x55b01f8b4f2e <unknown>
    #13 0x55b01f8d39b3 <unknown>
    #14 0x55b01f8a8e4f <unknown>
    #15 0x55b01f8f2ea8 <unknown>
    #16 0x55b01f8f3052 <unknown>
    #17 0x55b01f90d71f <unknown>
    #18 0x7f95b6487b27 <unknown>
    
    
    ==============================
    [*] Username Enumeration Stats
    ==============================
    [*] Total Usernames Tested:  0
    [*] Valid Usernames:         0
    [*] Invalid Usernames:       0
    
    opened by nimmicus 1
Releases(v0.1.0)
  • v0.1.0(Feb 10, 2022)

    First working version. Main features:

    • proxy support;
    • usernames and passwords lists;
    • reset browser after n attempts;
    • enumerate g-suite users;
    • perform password spraying.
    Source code(tar.gz)
    Source code(zip)
Owner
Mayk
Mayk
Password list generator for password spraying - prebaked with goodies

Generates permutations of Months, Seasons, Years, Sports Teams (NFL, NBA, MLB, NHL), Sports Scores, "Password", and even Iterable Keyspaces of a specified size.

Casey Erdmann 65 Dec 22, 2022
zip-brute Zip File Password Cracking with Using Password List

Zip brute is a python script that cracks zip that are password protected using a wordlist dictionary.

AnonyminHack5 13 Nov 3, 2022
Having a weak password is not good for a system that demands high confidentiality and security of user credentials

Having a weak password is not good for a system that demands high confidentiality and security of user credentials. It turns out that people find it difficult to make up a strong password that is strong enough to prevent unauthorized users from memorizing it.

PyLaboratory 0 Feb 7, 2022
A Burp Suite extension made to automate the process of finding reverse proxy path based SSRF.

TProxer A Burp Suite extension made to automate the process of finding reverse proxy path based SSRF. How • Install • Todo • Join Discord How it works

Krypt0mux 162 Nov 25, 2022
Burp Suite extension for encoding/decoding EVM calldata

unblocker Burp Suite extension for encoding/decoding EVM calldata 0x00_prerequisites Burp Suite Java 8+ Python 2.7 0x01_installation clone this reposi

Halborn 16 Aug 30, 2022
A simple Burp Suite extension to extract datas from source code

DataExtractor A simple Burp Suite extension to extract datas from source code. Features in scope parsing file extensions to ignore files exclusion bas

Gwendal Le Coguic 86 Dec 31, 2022
A burp-suite plugin that extract all parameter names from in-scope requests

ParamsExtractor A burp-suite plugin that extract all parameters name from in-scope requests. You can run the plugin while you are working on the targe

null 29 Nov 9, 2022
This a simple tool XSS Detection Suite for CTFs games

This a simple tool XSS Detection Suite for CTFs games

Mostafa 2 Nov 24, 2021
About Hive Burp Suite Extension

Hive Burp Suite Extension Description Hive extension for Burp Suite. This extension allows you to send data from Burp to Hive in one click. Create iss

null 7 Dec 7, 2022
Scout Suite - an open source multi-cloud security-auditing tool,

Description Scout Suite is an open source multi-cloud security-auditing tool, which enables security posture assessment of cloud environments. Using t

NCC Group Plc 5k Jan 5, 2023