Update mfa_bombing_tester.py #2
Conversation
remove config file, and get the parameters as is
|
There was a problem hiding this comment.
Hi, great script! Regarding: mfa_bombing_tester.py: one challenge I have is that there is an API, Token, overall, and rate limit in Okta (example we have 2,000 accounts, but by default, it only MFA bombs 100 users). Maybe it would be possible to somehow export all the accounts in memory or to a file and then run it in phases. I've been able to achieve this by exporting the user list to a file via a browser extension and then having the script do a segment at a time. But it would be nice to somehow have this incorporated into the script itself. Just thought you may like to incorporate a similar feature. I would recommend API throttling and x accounts per y in chunks. Sources: https://developer.okta.com/docs/reference/rate-limits/ https://support.okta.com/help/s/article/API-Token-Rate-Limit-Violation?language=en_US https://developer.okta.com/docs/reference/rl-additional-limits/
remove config file, and get the parameters as is