A script that can see if an email address is valid in Office365 (user/email enumeration). This does not perform any login attempts, is unthrottled, and is incredibly useful for social engineering assessments to find which emails exist and which don't.
The logic for if the account is valid is slightly flawed. From my testing a valid user with a valid mailbox hosted in o365 will return an HTTP 200 as documented. However, if the user is valid, but the mailbox for a user is still hosted on premise a 302 will be returned with the message 'Object moved to' where the URL specified is the on premise hostname and not outlook.office365.com.
hey there , so i've checked a specific domains with known and unknow o365 emails , however some (alot) of the email listing was saying those were valid account and when i checked them manually they turned out to be not valid..
so lots of false positive (which is a huge bummer when you have couple of thousands ) eventually i stoped the script since i could not validate if uhoh365 gave real result .
There are awesome username wordlists out there and I was wondering if a feature can be implemented to use a wordlist and just add a domain prefix to all of it.
Something like --user-file wordlist --suffix contoso.com which will add @contoso.com suffix to all usernames.
I can take a stab at it and will send a PR soon :)
Emails are found valid even though the company does not use Outlook (OWA) for their email. I've seen this twice now. The companies do use Office in some format though.