MailSniper is a PowerShell-based penetration testing tool whose primary purpose is to search through email in a Microsoft Exchange environment for specific terms (i.e. passwords, insider intel, network architecture information, etc.). It can be used as a non-administrative user to search their own email, or by an Exchange administrator to search the mailboxes of every user in a domain.
MailSniper includes additional modules for attacking externally-facing Outlook Web Access (OWA) and Exchange Web Services (EWS) portals. With MailSniper, it is also possible to: perform password spraying attacks, enumerate internal domain names and usernames, locate inboxes with too broad permissions, and gather the Global Address List containing all email addresses of users at an organization from OWA and EWS.
- Exploitation
- Network Attacks
https://github.com/dafthack/MailSniper
Beau Bullock