SAML2Spray
Python Script for SAML2 Authentication Passwordspraying against Sibboleth and SAP IDPs.
In a recent pentest I came accross the need to passwordspray a SAML2 authentication. As I couldn’t find a ready to go solution, nor was able to do it with burp, I created my own little script to do the job for me.
TL/DR;
The script needs some tweaking to fit you current situation:
The URL for the service you want to access
The URL for the Identity Provider which the Service Provider will redi…