KnockKnock - v0.9.9 - @waffl3ss
Designed to validate potential usernames by querying OneDrive and/or Microsoft Teams, which are passive methods.
It can output/create a list of legacy Skype users identified through Microsoft Teams enumeration.
It can also get details from Teams, such as availability, device type, and out of office message.
Finally, it also creates a nice clean list for future usage, all conducted from a single tool.
$ python3 .\KnockKnock.py -h
_ __ _ _ __ _
| |/ /_ __ ___ ___| | _| |/ /_ __ ___ ___| | __
| ' /| '_ \ / _ \ / __| |/ / ' /| '_ \ / _ \ / __| |/ /
| . \| | | | (_) | (__| <| . \| | | | (_) | (__| <
|_|\_\_| |_|\___/ \___|_|\_\_|\_\_| |_|\___/ \___|_|\_\
v0.9.9 @waffl3ss
usage: KnockKnock.py [-h] [-teams] [-onedrive] [-l] -i INPUTLIST [-o OUTPUTFILE] -d TARGETDOMAIN [-t TEAMSTOKEN] [-threads MAXTHREADS] [-v]
options:
-h, --help show this help message and exit
-teams Run the Teams User Enumeration Module
-onedrive Run the One Drive Enumeration Module
-l Write legacy skype users to a seperate file
-s Write Teams Status for users to a seperate file
-i INPUTLIST Input file with newline-seperated users to check
-o OUTPUTFILE Write output to file
-d TARGETDOMAIN Domain to target
-t TEAMSTOKEN Teams Token (file containing token or a string)
-threads MAXTHREADS Number of threads to use in the Teams User Enumeration (default = 10)
-v Show verbose errors
./KnockKnock.py -teams -i UsersList.txt -d Example.com -o OutFile.txt -t BearerToken.txt
./KnockKnock.py -onedrive -i UsersList.txt -d Example.com -o OutFile.txt
./KnockKnock.py -onedrive -teams -i UsersList.txt -d Example.com -t BearerToken.txt -l
- You can select one or both modes, as long as the appropriate options are provided for the modules selected.
- Both modules will require the domain flag (-d) and the user input list (-i).
- The tool does not require an output file as an option, and if not supplied, it will print to screen only.
- The verbose mode will show A LOT of extra information, including users that are not valid.
- The Teams option requires a bearer token. The script automatically parses the token to get whats needed for authentication.
- The LEGACY (-l) option shows users that still have SkypeID settings and will write it to a seperate file
- The STATUS (-s) option shows user teams availability, device, and OutOfOffice message, then writes it to a seperate file.
To get your bearer token, you will need a Cookie Manager plugin on your browser and login to your own Microsoft Teams through the browser.
Next, view the cookies related to the current webpage (teams.microsoft.com).
The cookie you are looking for is for the domain .teams.microsoft.com and is titled "authtoken".
You can copy the whole token as the script will split out the required part for you.