# OWA brute force utility
use auxiliary/scanner/http/owa_login
# OWA Exchange Web Services (EWS) login scanner
use auxiliary/scanner/http/owa_ews_login# Brute force credentials
./ruler --domain $domain brute --users $userfile --passwords $passwordfile
# Stop after first valid credentials found
./ruler --domain $domain brute --users $userfile --passwords $passwordfile --stop
# Brute force credentials with a delay
./ruler --domain $domain brute --users $userfile --passwords $passwordfile --delay 2 --attempts 2{% embed url="https://www.ired.team/offensive-security/initial-access/password-spraying-outlook-web-access-remote-shell" %}
{% embed url="https://hunter2.gitbook.io/darthsidious/initial-access/password-spraying" %}