SprayCannon

spraycannon:1.3.4 / spdb:2.0.2

New Features

Additional SprayTypes

Added a spraytype for BlueIris web portals. this supports auth and lockout detection.

Enhanced Features

Bug Fixes

Other

spraycannon:1.3.3 / spdb:2.0.2

New Features

Additional SprayTypes

Enhanced Features

The o365 spraytype now features additional context around error AADSTS50079 and AADSTS50055

Bug Fixes

Other

spraycannon:1.3.1 / spdb:2.0.2 - BUG FIX

New Features

Additional SprayTypes

Enhanced Features

Bug Fixes

Updated IMAP to be more error checking and provide user feedback on errors.

Other

spraycannon:1.3.2 / spdb:2.0.2

New Features

• new spraytypes (experimental)

Additional SprayTypes

• Added BasicAuth as a default spraytype. Looks for 200 responses currently.

Enhanced Features

Bug Fixes

• Fixed IMAPS 933 default port to 993 as it should be.

Other

• Updated the static build process to be fully working. Releases should now have a fully static build for both spdb and spraycannon. Keep in mind that full static builds cannot be pushed through proxychains as they use musl to compile and glibc cannot be hooked.

spraycannon:1.3.1 / spdb:2.0.2

New Features

• new spraytypes (experimental)

Additional SprayTypes

• Added IMAP support for spraying.

Enhanced Features

Bug Fixes

Other

spraycannon:1.3.0 / spdb:2.0.2

New Features

• new spraytypes (experimental)

Additional SprayTypes

• Citrix (expiramental)
• msol_adfs - this is experimental and is designed to target specific cases of "domain-com.on.microsoft.com"

Enhanced Features

• global protect now has some additional logic to determine if a certificate is required

Bug Fixes

Other

• some small spelling fixes

spraycannon:1.2.4 / spdb:2.0.2

New Features

Additional SprayTypes

• Egnyte spraytype - experimental at the moment

Enhanced Features

Bug Fixes

Other

spraycannon:1.2.3 / spdb:2.0.2

New Features

• --disable-color can be used to turn printable color off if needed

Additional SprayTypes

• Mattermost

Enhanced Features

• Runtime printing updated to be cleaner as the csv output style is no longer needed with the spdb "export" command

Bug Fixes

• Finnally fixed the UX printing bug.

Other

cleaned up some print lines in a few places and updated some help menu for clarity purposes.

spraycannon:1.2.2 / spdb:2.0.2

New Features

Additional SprayTypes

• Sonicwall SMA. Spraytype should work but has not been tested thoroughly.

Enhanced Features

Bug Fixes

Other

Small update to adfs spraytype for compatibility reasons.

spraycannon:1.2.1 / spdb:2.0.2

New Features

Additional SprayTypes

Enhanced Features

• Spraytype ADFS_FORMS now has mfa detection(experimental) against microsoft azure mfa to begin.

Bug Fixes

fixed issue where --strip-user-string was returning inconsistent results

Other

spraycannon:1.2.0 / spdb:2.0.2

New Features

• Rewrite to the spraying engine. there is now less code
• Using spraycannon --version will check the current git to look if updates are available.

Additional SprayTypes

Enhanced Features

• All spray() functions return a SprayStatus Object and can be better handled dynamically. no more messy passing arrays back and forth
• O365 now checks for conditional access and prints if CA is enabled on a user.
• SPDB now can export usernames that are not flagged in the "invalid_users". CLI command is val-users and export val-users
  • This should allow for better porting of potentially valid users if needed for other tools
• SPDB also now used the new version of cryprompt and has a colored prompt now :)

Bug Fixes

Other

If threading is enabled there is a small UI bug that will overlap the "jitter" counter and a counter with how many threads are queued. i know about this and will fix for next release. This should not effect the spraying or functionality.

SprayCannon:1.1.1 / spdb:2.0.1

New Features

Additional SprayTypes

Enhanced Features

Bug Fixes

All changes in this version are towards aws api gateway support. the base requests should not have changed

• updated the following spraytypes to work/work better with aws api gateways:
  • adfs_forms
  • cisco_vpn
  • ExchangeEAS
  • okta

ADFS and Cisco_vpn have not been tested but should work as only minimal change was allowed for "/fireprox/" or other url path portions added to base url. for exchangeeas it may work but there are 2 requests and the second one pulls the hostname from the first use with caution through aws api gateways.

fixes to other spraytypes will come in time.

Other

SprayCannon:1.1.0 / spdb:2.0.1

New Features

• added --force to ignore previous sprays while still logging to the database while still spraying
• added --strip-pass-string to strip the username of a particular string in real time. useful for stripping a domain from a username while using --user-as-password
• added --strip-user-string this does the same as --strip-pass-string but strips for the username field. can be useful to use an email list but not need the fqdn portion of the username.

Additional SprayTypes

Enhanced Features

• Back end database now is not restricted to unique username:password attempts. this allows for repeated logging attempts

Bug Fixes

Other

spraycannon:1.0.8 / spdb:2.0.0

New Features

Additional SprayTypes

Okta spraytype

• Designed to spray the okta endpoint for the target.

Enhanced Features

Bug Fixes

Other

spraycannon:1.0. / spdb:2.0.0

New Features

Additional SprayTypes

Enhanced Features

Bug Fixes

• spraycannon
  • fixed O365 targets file option where login.microsoft.com would be added to the list regardless if target file included it or not

Other

spraycannon:1.0.6 / spdb:2.0.0

New Features

• spdb
  • version bump to 2.0.0
  • tab completion moved to mainline now. not experimental anymore
  • search features for searching the database
  • database stats summary
• spraycannon
  • updated database to support sparytype

Additional SprayTypes

Enhanced Features

• spdb
  • spdb now uses tables
  • help menu updated

Bug Fixes

Other

• added prebuilt release for Ubuntu
• added prebuilt release for Kali
• added prebuilt release for Debain

1.0.5

New Features

• added a couple options to makefile for building and installing experimental features
  • make experimental
  • make install-experimental
• currently this will install only the experimental version of spdb with tab completion.

Additional SprayTypes

Enhanced Features

• o365 now alerts when valid accunt conditional access is found

Bug Fixes

• o365 spray not detecting valid accounts when conditional access is applied
• some spelling fixes

1.0.4

New Features

• Theres a wiki now!

Additional SprayTypes

• VmWare Horizons

Enhanced Features

• Expiramental build of spdb as spdb2. With support for tab completion.

Bug Fixes

• esxi was set to spray to "/" not the "/sdk" endpoint which handles the actual auth request. This is now mapped to /sdk and auth works with -t 'https://esxi.ip.or.domain'

Several new webhooks have been added:

• Slack
• Google Chat
• Discord

All webhooks are parsed and fired on by domain name. ie --webhook="https://discord.com/...." -> fires the discord specific webhook

A new SprayType:

• ESXI (tested on 7.0)

BugFixes:
-Fixed issue where webhooks wouldn't fire on successful validation in single threaded mode on user-as-password and user:pass format

Fixed some spelling errors should work now