TeamsPhisher: A Vital Pentesting Tool for Microsoft Teams

Estimated read time 2 min read

Hello, cyber warriors! Let’s delve into the workings of TeamsPhisher, a powerful Python3 program developed for pentesting Microsoft Teams. It’s particularly beneficial for organizations that have enabled external communications. Let’s take a detailed tour of its features.

Unraveling the TeamsPhisher Workflow

TeamsPhisher project on Github
TeamsPhisher project on Github

The architecture of TeamsPhisher is impressively straightforward, yet strikingly effective for conducting pentests.

TeamsPhisher flow
TeamsPhisher flow

Preparation Stage: To start with, you feed TeamsPhisher an attachment, a custom message, and a list of target Teams users.

It then uploads the attachment to the sender’s SharePoint and systematically cycles through the given list of targets.

User Verification: TeamsPhisher is cautious and does not rush blindly into operations. Its first step is to enumerate the target user.

It verifies if the user is active and can receive external messages before proceeding. Following successful verification, it creates a new thread with the target user.

Bypassing the Warning: One of the intriguing features of TeamsPhisher is its ability to circumvent the default warning splash screen on Teams.

This warning often alerts users to messages from external sources and can be a roadblock during pentesting. TeamsPhisher elegantly bypasses it, reducing the chances of the target users becoming suspicious.

Message Delivery: With the new thread created between our pentesting account and the target user, TeamsPhisher dispatches the pre-determined message, along with a SharePoint link to the attachment.

Post-Message Interaction: Once the initial message is delivered, the created thread appears in the sender’s Teams GUI.

It’s worth noting that these threads can be manually interacted with on a case-by-case basis, allowing for dynamic response strategies during your pentesting operations.

Prerequisites for TeamsPhisher

Remember, TeamsPhisher requires users to have a Microsoft Business account. That rules out personal accounts like @hotmail or @outlook. You’ll need a valid Teams and SharePoint license to operate it effectively. In simpler terms, you’ll require an AAD tenant and at least one user with a matching license.

In summary, TeamsPhisher is a valuable addition to the pentesting arsenal, especially when assessing the security posture of Microsoft Teams environments.


  • Get TeamsPhisher on Github (Link)

Done reading? Join our Telegram channel.

Reza Rafati

Reza Rafati, based in the Netherlands, is the founder of An industry professional providing insightful commentary on infosec, cybercrime, cyberwar, and threat intelligence, Reza dedicates his work to bolster digital defenses and promote cyber awareness.

You May Also Like

More From Author