Engine rewrite :)

spraycannon:1.2.0 / spdb:2.0.2

New Features

• Rewrite to the spraying engine. there is now less code
• Using spraycannon --version will check the current git to look if updates are available.

Additional SprayTypes

Enhanced Features

• All spray() functions return a SprayStatus Object and can be better handled dynamically. no more messy passing arrays back and forth
• O365 now checks for conditional access and prints if CA is enabled on a user.
• SPDB now can export usernames that are not flagged in the "invalid_users". CLI command is val-users and export val-users
  • This should allow for better porting of potentially valid users if needed for other tools
• SPDB also now used the new version of cryprompt and has a colored prompt now :)

Bug Fixes

Other

If threading is enabled there is a small UI bug that will overlap the "jitter" counter and a counter with how many threads are queued. i know about this and will fix for next release. This should not effect the spraying or functionality.

AWS API Gateway updates.

SprayCannon:1.1.1 / spdb:2.0.1

New Features

Additional SprayTypes

Enhanced Features

Bug Fixes

All changes in this version are towards aws api gateway support. the base requests should not have changed

• updated the following spraytypes to work/work better with aws api gateways:
  • adfs_forms
  • cisco_vpn
  • ExchangeEAS
  • okta

ADFS and Cisco_vpn have not been tested but should work as only minimal change was allowed for "/fireprox/" or other url path portions added to base url. for exchangeeas it may work but there are 2 requests and the second one pulls the hostname from the first use with caution through aws api gateways.

fixes to other spraytypes will come in time.

Other

1.1.0/2.0.1

SprayCannon:1.1.0 / spdb:2.0.1

New Features

• added --force to ignore previous sprays while still logging to the database while still spraying
• added --strip-pass-string to strip the username of a particular string in real time. useful for stripping a domain from a username while using --user-as-password
• added --strip-user-string this does the same as --strip-pass-string but strips for the username field. can be useful to use an email list but not need the fqdn portion of the username.

Additional SprayTypes

Enhanced Features

• Back end database now is not restricted to unique username:password attempts. this allows for repeated logging attempts

Bug Fixes

Other

Okta SprayType added

spraycannon:1.0.8 / spdb:2.0.0

New Features

Additional SprayTypes

Okta spraytype

• Designed to spray the okta endpoint for the target.

Enhanced Features

Bug Fixes

Other

O365 target file logic fix

spraycannon:1.0. / spdb:2.0.0

New Features

Additional SprayTypes

Enhanced Features

Bug Fixes

• spraycannon
  • fixed O365 targets file option where login.microsoft.com would be added to the list regardless if target file included it or not

Other

SPDB 2.0.0

spraycannon:1.0.6 / spdb:2.0.0

New Features

• spdb
  • version bump to 2.0.0
  • tab completion moved to mainline now. not experimental anymore
  • search features for searching the database
  • database stats summary
• spraycannon
  • updated database to support sparytype

Additional SprayTypes

Enhanced Features

• spdb
  • spdb now uses tables
  • help menu updated

Bug Fixes

Other

• added prebuilt release for Ubuntu
• added prebuilt release for Kali
• added prebuilt release for Debain

O365, bug fixes, experimental builds

1.0.5

New Features

• added a couple options to makefile for building and installing experimental features
  • make experimental
  • make install-experimental
• currently this will install only the experimental version of spdb with tab completion.

Additional SprayTypes

Enhanced Features

• o365 now alerts when valid accunt conditional access is found

Bug Fixes

• o365 spray not detecting valid accounts when conditional access is applied
• some spelling fixes

Horizons and a Wiki

1.0.4

New Features

• Theres a wiki now!

Additional SprayTypes

• VmWare Horizons

Enhanced Features

• Expiramental build of spdb as spdb2. With support for tab completion.

Bug Fixes

• esxi was set to spray to "/" not the "/sdk" endpoint which handles the actual auth request. This is now mapped to /sdk and auth works with -t 'https://esxi.ip.or.domain'

WebHooks

Several new webhooks have been added:

• Slack
• Google Chat
• Discord

All webhooks are parsed and fired on by domain name. ie --webhook="https://discord.com/...." -> fires the discord specific webhook

A new SprayType:

• ESXI (tested on 7.0)

BugFixes:
-Fixed issue where webhooks wouldn't fire on successful validation in single threaded mode on user-as-password and user:pass format

Spelling fix

Fixed some spelling errors should work now