Recon365
Gather information from an email address connected to Office 365
Install / Use
/learn @netsecurity-as/Recon365README
<h1 align="center">recon365</h1>
<p align="center">Gather information from an email address connected to AzureAD or Office 365</p>
<p align="center">
<a href="#example-outputs">Example outputs</a> •
<a href="#how-to-find-your-jwt-token">How to find your JWT token</a> •
<a href="#usage">Usage</a> •
<a href="#references">References</a>
</p>
Example outputs
Get info on on an email address in Azure AD
$ python3 recon365.py --jwt token.txt --target bob.smith@company.no
[+] bob.smith@company.com
| tenantId : 65443347-7d65-4339-b113-4cc43a0d7111
| isShortProfile : False
| accountEnabled : True
| featureSettings : {'coExistenceMode': 'TeamsOnly'}
| userPrincipalName : bob.smith@company.com
| givenName : bob.smith@company.no
| surname :
| email : bob.smith@comapny.com
| tenantName : Company AS
| displayName : Bob Smith
| type : Federated
| mri : 8:orgid:edb2cd41-315a-4a7a-8f24-690c234503fe
| objectId : edb2cd74-125a-4a7a-8f24-698c33d004gh
| availability : Offline
| devicieType : Mobile
User with a Microsoft 356 account
$ python3 recon365.py --jwt token.txt -t info@anothercompany.no
[+] info@anothercompany.no
| skypeId : alice-5b
| city : Oslo
| state : Oslo
| country : Norway
| avatarUrl : https://api.skype.com/users/alice-5b/profile/avatar
| isShortProfile : False
| accountEnabled : True
| userPrincipalName : info@anothercompany.no
| email : info@anothercompany.no
| displayName : Alice Smith
| type : SkypeConsumer
| mri : 8:alice-5b
| availability : PresenceUnknown
| devicieType : None
Get info on a domain
$ python3 recon365.py --target finalcompany.no
[+] finalcompany.no
| State : 3
| UserState : 2
| Login : finalcompany.no
| NameSpaceType : Federated
| DomainName : finalcompany.no
| FederationGlobalVersion : -1
| AuthURL : https://ok.finalcompany.no/adfs/ls/?username=finalcompany.no&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=
| FederationBrandName : Final Company
| CloudInstanceName : microsoftonline.com
| CloudInstanceIssuerUri : urn:federation:MicrosoftOnline
How to find your JWT token
Visit https://teams.microsoft.com and fetch the JWT token from the Storage. Be aware that this token may expire after around 24 hours.
Usage
$ python3 recon365.py --help
usage: recon365.py [options]
options:
-h, --help show this help message and exit
-j PATH, --jwt PATH Path to file containing your Microsoft Teams JWT token
-t TARGET, --target TARGET
Email address or domain you'd like to fetch information for
-l FILE, --list FILE File containing email addresses or domains you'd like to fethc information for
References
- https://github.com/nyxgeek/o365recon
- https://badoption.eu/blog/2023/02/06/spoof_office_comments.html
- https://github.com/Gerenios/AADInternals
Related Skills
node-connect
353.1kDiagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps
frontend-design
111.6kCreate distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.
openai-whisper-api
353.1kTranscribe audio via OpenAI Audio Transcriptions API (Whisper).
qqbot-media
353.1kQQBot 富媒体收发能力。使用 <qqmedia> 标签,系统根据文件扩展名自动识别类型(图片/语音/视频/文件)。
