Home

Awesome

msmailprobe

Office 365 and Exchange Enumeration

It is widely known that OWA (Outlook Webapp) is vulnerable to time-based user enumeration attacks. This tool leverages all known, and even some lesser-known services exposed by default Exchange installations to enumerate users. It also targets Office 365 for error-based user enumeration.

Getting Started

If you want to download and compile the simple, non-dependant code, you must first install GoLang! I will let the incredible documentation, and other online resources help you with this task.

https://golang.org/doc/install

You may also download the compiled release here.

Syntax

List examples of commands for this applications, but simply running the binary with the examples command:

./msmailprobe examples

You can also get more specific help by running the binary with the arguments you are interested in:

./msmailprobe identify
./msmailprobe userenum
./msmailprobe userenum --onprem
./msmailprobe userenum --o365

Usage

Identify Command

Flag to use:
	-t to specify target host

Example:
	./msmailprobe identify -t mail.target.com

Userenum (o365) Command

Flags to use:
	-E for email list OR -e for single email address
	-o [optional]to specify an out file for valid emails identified
	--threads [optional] for setting amount of requests to be made concurrently

Examples:
	./msmailprobe userenum --o365 -E emailList.txt -o validemails.txt --threads 25
	./msmailprobe userenum --o365 -e admin@target.com

Userenum (onprem) Command

Flags to use:
	-t to specify target host
	-U for user list OR -u for single username
	-o [optional]to specify an out file for valid users identified
	--threads [optional] for setting amount of requests to be made concurrently

Examples:
	./msmailprobe userenum --onprem -t mail.target.com -U userList.txt -o validusers.txt --threads 25
	./msmailprobe userenum --onprem -t mail.target.com -u admin

Acknowledgments

License

This project is licensed under the MIT License - see the LICENSE.md file for details