Tool 1:Exchangefinder
| | _ _ _ _ | / / | | | | __ _ _ _ __ _ | () __ _____ _____ _ _
| || || | ' / | |/| _ \ |\ \ / | ' / | ' \/ _
/ -) |) | (-</ / _ \ V / -) '|
|_, |||_|| ||//__|||_,|||_, _|/|//___/_/_|_|
|/ |___/
Developed and designed by Lazaar Sami
lazaars@gmail.com
this is a tool to discover the Lync and MSExchange subdomains from a main domain. It allows to discover the links that are protected by NTLM authentication and therefore probably vulnerable to brute force attack.
Usage: python Exchangefinder.py
Dependencies: requests
we can use patator to perform brute force attack against the NTLM protected urls, Ex:
python patator.py http_fuzz url=https://mail.domain.com/EWS/Services.wsdl user_pass=FILE0:FILE1 0=users.txt 1=pass.txt -t 10 auth_type=ntlm method=get -x ignore:code=401
Tool 2:SSC_extractor.py, An Exchange Autodiscovery Domain User IDs grabber
_____ _ __ _ _
/__ \ |__ ___ /__\_ _| |_ _ __ __ _ ___| |_ ___ _ __
/ /\/ '_ \ / _ \/_\ \ \/ / __| '__/ _` |/ __| __/ _ \| '__|
/ / | | | | __//__ > <| |_| | | (_| | (__| || (_) | |
\/ |_| |_|\___\__/ /_/\_\\__|_| \__,_|\___|\__\___/|_|
Developed and designed by Lazaar Sami
inspired by adisenum.rb, http://h.foofus.net/goons/n8/tools/exchange/
lazaars@gmail.com
Microsoft Exchange Autodiscover User Account Enumeration Information Disclosure.
This tool extracts domain users ID by using an email address dictionary and exploiting a flaw in the Autodiscovery service of the Exchange server.
Usage:
python SSC_extractor.py
Dependencies: requests, urlparse, urllib2, httplib, prettytable, etaprogress, testchallenge (included in the Repository)
ex: pip install requests
email adresses are collected using https://github.com/laramies/theHarvester Ex:
theHarvester -d domain -b all