-
Notifications
You must be signed in to change notification settings - Fork 152
Database
Flangvik edited this page Mar 8, 2026
·
7 revisions
The TeamFiltration database keeps track of information such as valid user accounts, previously attempted username and password combinations, valid username and password combinations, retrieved access tokens, and much more. This information is kept not only for later access and an easier reporting process, but also to avoid account lockouts and unnecessary login attempts.
The TeamFiltration database can be accessed interactively using the --database argument:
.\TeamFiltration.exe --outpath DemoClient --config config.json --database
╓╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╖
╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬
╬╬╬╬┤ ╟╬╬╜╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬
╬╬╬╬╡ │ ╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬
╬╬╬╬╡ ││ ╙╬╬╜╘ └╙╜╬╬╬╬╬╬
╬╬╬╬╡ ╓╥╥╬╬╬╬╬╬╥╥╖ ││ │ ╬╬╬╬╬
╬╬╬╬╡ ╓╬╫╬╜╜┘ ╙╜╜╬╫╬┐ ││ ││ └╬╬╬╬
╬╬╬╬┤ ╬╬╜╙╩╬╖╓ ╙╬╬╬ ││ ││ ╬╬╬╬
╬╬╬╬┤ ╬╜ ╙╬╫╖╖ ╓ ╙╬╖ ││ ├││ ╬╬╬╬
╬╬╬╬┤ ╬╬ ╓╖ ╙╬╬╬╬╬╬╦ ╬╬ │┌ ╓╬┤││ ╓╬╬╬╬
╬╬╬╬┤ ╓╬┤ ╬╬╬ ╬╬╬╬╬╬╬╬╜╜╜╬╬╖ ╟╬╬╬╬╬╬╬╬╬╕ ┌╬╬╬╬╬
╬╬╬╬┤ ╬╬┤ ╙╩┘ ╙╬╬╬╬╬╩ ╟╬╬ ╙╜╜╜╜╜╜╜╜╜╬╬╖╖╖╦╬╬╬╬╬╬╬
╬╬╬╬┤ ╬╬┤ ╟╬╬ ││ ╬╬╬╬╬╬╬╬╬╬╬╬
╬╬╬╬┤ ╬╬ ╦╖ ╗╖ ╬╬ ││ │ ╬╬╬╬
╬╬╬╬┤ └╬┐ ╙╬╖╖ ╓╬╬╜ ╓╬┘ ││ │ ╬╬╬╬
╬╬╬╬┤ └╬╖ ╙╩╨╬╬╬╩╨╜╜ ╒╬╬ ││ │ ╬╬╬╬
╬╬╬╬┤ ╙╬╬╬╖ ┌╖╫╬╜┘ ││ │ ╬╬╬╬
╬╬╬╬┤ ╙╩╬╬╬╥╥╥╥╥╥╫╬╬╜╜ ││ │ ╬╬╬╬
╬╬╬╬┤ ╙╙╜╜╜╛ ││ │ ╬╬╬╬
╬╬╬╬┤ ││ │ ╓╖╬╬╬╬╬
╬╬╬╬┤ ││ ╬╦╦╬╬╬╬╬╬╬╬╬
╬╬╬╬┤ ││ ╓╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬
╬╬╬╬┤ ╬╬╬╖╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬
╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬
└╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╬╜
╜╜╜╜╜╜╜╜╜╜╜╜╜╜╜╜╜╜╜╜╜╜╜╜╜╜╜╜╜╜╜╜╜╜╜╜╜╜╜╜╜╜╜╜╜╜╜╜╜╜╜╜
[♥] TeamFiltration VX.X.X PUBLIC, created by @Flangvik @TrustedSec
[+] Args parsed --outpath DemoClient --config config.json --database
[+] Attempting to load database file DemoClient\TeamFiltration.db
[+] Available commands:
show <emails|creds|attempts|summary>
export <emails|creds|attempts|summary> <csv|json> <path>
exit
[?] CMD #>
Once inside the interactive menu, you can show or export information from the database.
show prints a formatted table to the screen. export saves a full copy to disk in CSV or JSON format.
Show valid credentials found so far from password spraying:
[?] CMD #> show creds
+-------+-----------------------+--------------+-------+-------------------+-----------------------------------+-------------+
| Id | DateTime | Disqualified | Valid | ConditionalAccess | Username | Password |
+-------+-----------------------+--------------+-------+-------------------+-----------------------------------+-------------+
| 33280 | 8/24/2022 3:32:37 PM | False | True | False | jennifer.smith@legitcorp.net | Summer2022 |
+-------+-----------------------+--------------+-------+-------------------+-----------------------------------+-------------+
| 64143 | 8/25/2022 6:07:22 PM | False | True | True | john.williams@legitcorp.net | Autumn2022 |
+-------+-----------------------+--------------+-------+-------------------+-----------------------------------+-------------+
| 67895 | 8/27/2022 1:46:20 PM | False | True | False | michael.jones@legitcorp.net | Autumn2022! |
+-------+-----------------------+--------------+-------+-------------------+-----------------------------------+-------------+
| 70489 | 8/28/2022 2:04:41 PM | False | True | True | ahmed.mohamed@legitcorp.net | Autumn2022! |
+-------+-----------------------+--------------+-------+-------------------+-----------------------------------+-------------+
Export valid credentials to CSV:
[?] CMD #> export creds csv DemoClient_ValidCredentials.csv
Show all validated email addresses found during enumeration:
[?] CMD #> show emails
+--------------------------------------+--------------------------------------------+--------------------------------------+
| Id | Username | objectId |
+--------------------------------------+--------------------------------------------+--------------------------------------+
| 0003d477-0ac1-d44d-b230-000dce480314 | maria.rodriguez@legitcorp.net | cc712fac-ab08-48d0-ac3d-5db0157799d1 |
+--------------------------------------+--------------------------------------------+--------------------------------------+
| 0007b1c8-29d4-3501-bcce-32490fd23959 | amandeep.singh@legitcorp.net | 67615e8a-9de3-43b2-93ff-ab680b554b84 |
+--------------------------------------+--------------------------------------------+--------------------------------------+
| 0018d044-3cdc-8e2b-92e2-ce9780b24137 | manish.sharma@legitcorp.net | 9f152508-3aa1-4bd9-9f21-1c2022e58cf6 |
+--------------------------------------+--------------------------------------------+--------------------------------------+
| 002ad941-93bc-df0f-bcc3-874c17d96a5c | justin.williams@legitcorp.net | 040cacb1-99eb-4261-9f54-6fcec4b26497 |
+--------------------------------------+--------------------------------------------+--------------------------------------+
Export valid emails to CSV:
[?] CMD #> export emails csv DemoClient_ValidEmails.csv
Show all login attempts (all attempted username/password combinations) from spraying:
[?] CMD #> show attempts
+--------+-----------------------+--------------+-------+-------------------+--------------------------------------------+----------------+
| Id | DateTime | Disqualified | Valid | ConditionalAccess | Username | Password |
+--------+-----------------------+--------------+-------+-------------------+--------------------------------------------+----------------+
| 1 | 8/23/2022 11:20:22 AM | False | False | False | mike.williams@legitcorp.net | Welcome@2022! |
+--------+-----------------------+--------------+-------+-------------------+--------------------------------------------+----------------+
| 2 | 8/23/2022 11:20:22 AM | False | False | False | michael.davis@legitcorp.net | Welcome@2022! |
+--------+-----------------------+--------------+-------+-------------------+--------------------------------------------+----------------+
| 3 | 8/23/2022 11:20:23 AM | False | False | False | ashley.williams@legitcorp.net | Welcome@2022! |
+--------+-----------------------+--------------+-------+-------------------+--------------------------------------------+----------------+
Export all login attempts to CSV:
[?] CMD #> export attempts csv DemoClient_AllAttempts.csv
Show a summary of password spraying rounds:
[?] CMD #> show summary
+-----------------------+-----------------------+----------------+-------------+------------+
| StartTime | StopTime | Password | SuccesCount | TotalCount |
+-----------------------+-----------------------+----------------+-------------+------------+
| 8/23/2022 11:20:22 AM | 8/23/2022 11:40:44 AM | Welcome@2022! | 0 | 3761 |
+-----------------------+-----------------------+----------------+-------------+------------+
| 8/23/2022 12:59:59 PM | 8/23/2022 1:25:38 PM | Summer2022 | 1 | 3761 |
+-----------------------+-----------------------+----------------+-------------+------------+
| 8/23/2022 7:57:14 PM | 8/23/2022 8:24:16 PM | Welcome2022 | 0 | 3761 |
+-----------------------+-----------------------+----------------+-------------+------------+
| 8/23/2022 9:36:14 PM | 8/23/2022 9:57:34 PM | Welcome123! | 0 | 3742 |
+-----------------------+-----------------------+----------------+-------------+------------+
| 8/23/2022 10:09:17 PM | 8/23/2022 11:43:41 PM | Autumn2022 | 1 | 3742 |
+-----------------------+-----------------------+----------------+-------------+------------+
| 8/24/2022 1:02:30 AM | 8/24/2022 1:37:29 AM | Autumn2022! | 2 | 3742 |
+-----------------------+-----------------------+----------------+-------------+------------+
Export spraying summary to CSV:
[?] CMD #> export summary csv DemoClient_SprayingSummary.csv