git404hub

what is credspy fr?

redbyte1337/credspy — explained in plain English

Analysis updated 2026-05-18

132PythonAudience · ops devopsComplexity · 1/5Setup · easy

tl;dr

CredSpy is a command-line tool that queries the Microsoft Entra ID login API to check if email accounts exist and reveal which authentication methods (password, FIDO2, passkey, certificate) each account has enrolled.

vibe map

mindmap
  root((CredSpy))
    What it does
      Entra ID enumeration
      Auth method discovery
      Unauthenticated API
    Output types
      Account exists check
      Preferred auth method
      All enrolled methods
      CSV export
    Auth types found
      Password
      FIDO2 passkey
      Push notification
      Certificate
    Use cases
      Penetration testing
      Phishing assessment
      Attack surface audit
    Setup
      Python 3.10 plus
      pipx one command
      Proxy support

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

what do people make with this?

VIBE 1

Enumerate which email addresses have active Microsoft Entra ID accounts during an authorized penetration test.

VIBE 2

Identify accounts still using password authentication for targeted phishing simulation planning.

VIBE 3

Discover which accounts have passwordless (FIDO2, passkey, or push notification) authentication enrolled.

VIBE 4

Export account authentication data to a CSV file for inclusion in a security assessment report.

what's the stack?

Pythonpippipx

how it stacks up fr

redbyte1337/credspysuz-tsinghua/smpviitor-ai/viitor-voice-nar
Stars132133133
LanguagePythonPythonPython
Setup difficultyeasyhardmoderate
Complexity1/55/54/5
Audienceops devopsresearcherdeveloper

Figures from each repo's GitHub metadata at analysis time.

how do i run it?

Difficulty · easy time til it works · 5min

Install with one pipx command, no configuration needed. Only use against systems you have explicit written authorization to test.

in plain english

CredSpy is a Python command-line tool for security professionals testing Microsoft Entra ID environments, which is Microsoft's cloud identity platform (formerly called Azure Active Directory). Given a list of email addresses, it queries a public API that Microsoft's own login page uses to determine which accounts actually exist in a tenant and what authentication methods each account supports. The information it reveals for each email includes whether the account exists, what the account's preferred login method is (such as a password, a passwordless push notification, a passkey or FIDO2 hardware key, or a certificate), and a full list of every authentication method that account has enrolled. This is useful in security assessments to understand an organization's attack surface: knowing which accounts still rely on passwords, for example, is relevant when planning authorized phishing tests. The tool works without any credentials or authentication of its own. It replicates the same unauthenticated check the Microsoft login page performs when a user types their email before entering a password. Results stream to the terminal as each email is checked and can be exported to a CSV file. Filtered output lists (such as all existing accounts or all accounts using passwordless authentication) can be saved to separate text files for further use. Installation takes one command via pipx or pip. You run it from the terminal with a single email address or a text file containing many addresses. It supports routing traffic through a proxy, which is useful when working with interception tools during authorized tests. The README includes a clear disclaimer stating this tool is for authorized security testing only, against systems you own or have explicit written permission to test.

prompts (copy fr)

prompt 1
I have a list of employee emails for a company I'm authorized to test. Show me how to run CredSpy against them and export results to CSV.
prompt 2
How do I use CredSpy with a Burp Suite proxy to inspect the GetCredentialType API requests during an authorized Entra ID assessment?
prompt 3
Show me how to use CredSpy's --save-password-preferred flag to extract accounts that still use password auth for a phishing simulation.
prompt 4
What does RemoteNGC mean in CredSpy output, and how do I identify accounts with passwordless push notification enrolled?
prompt 5
How do I filter CredSpy results to list only accounts with FIDO2 passkey authentication registered in Entra ID?

Frequently asked questions

what is credspy fr?

CredSpy is a command-line tool that queries the Microsoft Entra ID login API to check if email accounts exist and reveal which authentication methods (password, FIDO2, passkey, certificate) each account has enrolled.

What language is credspy written in?

Mainly Python. The stack also includes Python, pip, pipx.

How hard is credspy to set up?

Setup difficulty is rated easy, with roughly 5min to a first successful run.

Who is credspy for?

Mainly ops devops.

peek the repo → explain another one

This repo across BitVibe Labs

double-check against the repo, no cap.