DomainPasswordSpray vs MailSniper
GitHub Stats
About DomainPasswordSpray
DomainPasswordSpray is a PowerShell tool that performs password spray attacks against Active Directory domain user accounts. Unlike credential stuffing which tries many passwords against one account, password spraying tries one password against all accounts to avoid lockout policies. The tool automatically enumerates domain users, respects account lockout thresholds and observation windows, and can target specific organizational units or groups. It outputs successful credentials and supports custom password lists. Lockout-aware design makes it safer than manual spraying approaches.
About MailSniper
MailSniper is a PowerShell tool for searching through email in Microsoft Exchange and Office 365 environments during penetration tests. It can log into mailboxes using stolen credentials and search for terms like 'password', 'creds', 'SSN', or custom keywords across the Global Address List. MailSniper supports Exchange Web Services (EWS), Exchange ActiveSync, and Office 365 REST API. It can enumerate valid usernames via timing attacks, perform password sprays against OWA/EWS, and extract valuable data from mail folders, contacts, and calendar entries. Essential for demonstrating email-based data exposure in enterprise assessments.
Platform Support
Tags
Shared
DomainPasswordSpray only
MailSniper only