Analysis updated 2026-05-18
Enumerate which email addresses have active Microsoft Entra ID accounts during an authorized penetration test.
Identify accounts still using password authentication for targeted phishing simulation planning.
Discover which accounts have passwordless (FIDO2, passkey, or push notification) authentication enrolled.
Export account authentication data to a CSV file for inclusion in a security assessment report.
| redbyte1337/credspy | nvlabs/isaaclabeureka | jackson-video-resources/markov-hedge-fund-method | |
|---|---|---|---|
| Stars | 132 | 138 | 120 |
| Language | Python | Python | Python |
| Last pushed | — | 2025-10-28 | — |
| Maintenance | — | Quiet | — |
| Setup difficulty | easy | moderate | easy |
| Complexity | 1/5 | 4/5 | 3/5 |
| Audience | ops devops | researcher | developer |
Figures from each repo's GitHub metadata at analysis time.
Install with one pipx command, no configuration needed. Only use against systems you have explicit written authorization to test.
CredSpy is a Python command-line tool for security professionals testing Microsoft Entra ID environments, which is Microsoft's cloud identity platform (formerly called Azure Active Directory). Given a list of email addresses, it queries a public API that Microsoft's own login page uses to determine which accounts actually exist in a tenant and what authentication methods each account supports. The information it reveals for each email includes whether the account exists, what the account's preferred login method is (such as a password, a passwordless push notification, a passkey or FIDO2 hardware key, or a certificate), and a full list of every authentication method that account has enrolled. This is useful in security assessments to understand an organization's attack surface: knowing which accounts still rely on passwords, for example, is relevant when planning authorized phishing tests. The tool works without any credentials or authentication of its own. It replicates the same unauthenticated check the Microsoft login page performs when a user types their email before entering a password. Results stream to the terminal as each email is checked and can be exported to a CSV file. Filtered output lists (such as all existing accounts or all accounts using passwordless authentication) can be saved to separate text files for further use. Installation takes one command via pipx or pip. You run it from the terminal with a single email address or a text file containing many addresses. It supports routing traffic through a proxy, which is useful when working with interception tools during authorized tests. The README includes a clear disclaimer stating this tool is for authorized security testing only, against systems you own or have explicit written permission to test.
CredSpy is a command-line tool that queries the Microsoft Entra ID login API to check if email accounts exist and reveal which authentication methods (password, FIDO2, passkey, certificate) each account has enrolled.
Mainly Python. The stack also includes Python, pip, pipx.
Setup difficulty is rated easy, with roughly 5min to a first successful run.
Mainly ops devops.
This repo across BitVibe Labs
Verify against the repo before relying on details.