raikia / uhoh365 Goto Github PK

I've tried this API with a mail and the response was strange :
{"Protocol":"Autodiscoverv1","Url":"https://mydomain.extension/api"}

So I guess the API was changed to redirect to API of exchange server for infrastructures with Exchange server.

It's specific but we should add an exception for that.

Regards

The logic for if the account is valid is slightly flawed. From my testing a valid user with a valid mailbox hosted in o365 will return an HTTP 200 as documented. However, if the user is valid, but the mailbox for a user is still hosted on premise a 302 will be returned with the message 'Object moved to' where the URL specified is the on premise hostname and not outlook.office365.com.

hey there , so i've checked a specific domains with known and unknow o365 emails , however some (alot) of the email listing was saying those were valid account and when i checked them manually they turned out to be not valid..

so lots of false positive (which is a huge bummer when you have couple of thousands ) eventually i stoped the script since i could not validate if uhoh365 gave real result .

any solution for that ? @Raikia
thanks

Using the example file, I receive:

It doesn't look like 'eoirgoaiejrgoi.com' uses o365
It doesn't look like 'microsoft.com' uses o365
INVALID: [email protected]

Has MS now addressed this issue?

Please add a LICENSE to the repo so that I can package this for BlackArch :)

There are awesome username wordlists out there and I was wondering if a feature can be implemented to use a wordlist and just add a domain prefix to all of it.

Something like --user-file wordlist --suffix contoso.com which will add @contoso.com suffix to all usernames.

I can take a stab at it and will send a PR soon :)

Emails are found valid even though the company does not use Outlook (OWA) for their email. I've seen this twice now. The companies do use Office in some format though.

I is returning valid for non-existent emails. Is the API endpoint still functional?