{"id":13702235,"url":"https://github.com/mhaskar/ExchangeFinder","last_synced_at":"2025-05-05T04:30:55.874Z","repository":{"id":58098681,"uuid":"529412825","full_name":"mhaskar/ExchangeFinder","owner":"mhaskar","description":"Find Microsoft Exchange instance for a given domain and identify the exact version","archived":false,"fork":false,"pushed_at":"2023-01-30T09:14:33.000Z","size":519,"stargazers_count":187,"open_issues_count":9,"forks_count":24,"subscribers_count":3,"default_branch":"main","last_synced_at":"2024-11-13T09:40:46.498Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mhaskar.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2022-08-26T21:45:42.000Z","updated_at":"2024-09-24T16:59:17.000Z","dependencies_parsed_at":"2023-02-16T05:45:34.539Z","dependency_job_id":null,"html_url":"https://github.com/mhaskar/ExchangeFinder","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mhaskar%2FExchangeFinder","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mhaskar%2FExchangeFinder/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mhaskar%2FExchangeFinder/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mhaskar%2FExchangeFinder/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mhaskar","download_url":"https://codeload.github.com/mhaskar/ExchangeFinder/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252439458,"owners_count":21748008,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-02T21:00:32.612Z","updated_at":"2025-05-05T04:30:54.030Z","avatar_url":"https://github.com/mhaskar.png","language":"Python","funding_links":[],"categories":["[↑](#-table-of-contents) Microsoft Exchange","Python"],"sub_categories":["Tools"],"readme":"# ExchangeFinder ![](https://img.shields.io/badge/python-3-blue)\n\nExchangeFinder is a simple and open-source tool that tries to find Micrsoft Exchange instance for a given domain based on the top common DNS names for Microsoft Exchange.\n\nExchangeFinder can identify the exact version of Microsoft Exchange starting from `Microsoft Exchange 4.0` to `Microsoft Exchange Server 2019`.\n\n# How does it work?\n\nExchangeFinder will first try to resolve any subdomain that is commonly used for Exchange server, then it will send a couple of HTTP requests to parse the content of the response sent by the server to identify if it's using Microsoft Exchange or not.\n\nCurrently, the tool has a signature of every version from Microsoft Exchange starting from `Microsoft Exchange 4.0` to `Microsoft Exchange Server 2019`, and based on the build version sent by Exchange via the header `X-OWA-Version` we can identify the exact version.\n\nIf the tool found a valid Microsoft Exchange instance, it will return the following results:\n\n* Domain name.\n* Microsoft Exchange version.\n* Login page.\n* Web server version. \n\n# Installation \u0026 Requirements\n\nClone the latest version of `ExchangeFinder` using the following command:\n\n`git clone https://github.com/mhaskar/ExchangeFinder`\n\nAnd then install all the requirements using the command `poetry install`.\n\n```\n┌──(kali㉿kali)-[~/Desktop/ExchangeFinder]\n└─$ poetry install 1 ⨯\nInstalling dependencies from lock file\n\n\nPackage operations: 15 installs, 0 updates, 0 removals\n\n • Installing pyparsing (3.0.9)\n • Installing attrs (22.1.0)\n • Installing certifi (2022.6.15)\n • Installing charset-normalizer (2.1.1)\n • Installing idna (3.3)\n • Installing more-itertools (8.14.0)\n • Installing packaging (21.3)\n • Installing pluggy (0.13.1)\n • Installing py (1.11.0)\n • Installing urllib3 (1.26.12)\n • Installing wcwidth (0.2.5)\n • Installing dnspython (2.2.1)\n • Installing pytest (5.4.3)\n • Installing requests (2.28.1)\n • Installing termcolor (1.1.0)\n\nInstalling the current project: ExchangeFinder (0.1.0)\n \n┌──(kali㉿kali)-[~/Desktop/ExchangeFinder]\n\n```\n\n```\n┌──(kali㉿kali)-[~/Desktop/ExchangeFinder]\n└─$ python3 exchangefinder.py \n\n \n ______ __ _______ __ \n / ____/ __/ /_ ____ _____ ____ ____ / ____(_)___ ____/ /__ _____\n / __/ | |/_/ __ \\/ __ `/ __ \\/ __ `/ _ \\/ /_ / / __ \\/ __ / _ \\/ ___/\n / /____\u003e \u003c/ / / / /_/ / / / / /_/ / __/ __/ / / / / / /_/ / __/ / \n/_____/_/|_/_/ /_/\\__,_/_/ /_/\\__, /\\___/_/ /_/_/ /_/\\__,_/\\___/_/ \n /____/ \n \n Find that Microsoft Exchange server ..\n \n[-] Please use --domain or --domains option\n \n┌──(kali㉿kali)-[~/Desktop/ExchangeFinder]\n└─$ \n \n```\n\n# Usage\n\nYou can use the option `-h` to show the help banner:\n\n```\naskar•/opt/redteaming/ExchangeFinder(main⚡)» python3 exchangefinder.py -h \n\n \n ______ __ _______ __ \n / ____/ __/ /_ ____ _____ ____ ____ / ____(_)___ ____/ /__ _____\n / __/ | |/_/ __ \\/ __ `/ __ \\/ __ `/ _ \\/ /_ / / __ \\/ __ / _ \\/ ___/\n / /____\u003e \u003c/ / / / /_/ / / / / /_/ / __/ __/ / / / / / /_/ / __/ / \n/_____/_/|_/_/ /_/\\__,_/_/ /_/\\__, /\\___/_/ /_/_/ /_/\\__,_/\\___/_/ \n /____/ \n \n Find that Microsoft Exchange server ..\n \nusage: exchangefinder.py [-h] [--domain DOMAIN] [--domains DOMAINS] [--useragent USERAGENT] [--output OUTPUT] [--verbose]\n\nDNSStager main parser\n\noptional arguments:\n -h, --help show this help message and exit\n --domain DOMAIN The target domain you want to scan (example.com)\n --domains DOMAINS Path to domains file you want to scan (domains.txt)\n --useragent USERAGENT\n Useragent to use, the default is \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36.\"\n --output OUTPUT Export results to given .csv file\n --verbose Show detailed output\naskar•/opt/redteaming/ExchangeFinder(main⚡)» \n\n```\n### Scan single domain\nTo scan single domain you can use the option `--domain` like the following:\n\n```\naskar•/opt/redteaming/ExchangeFinder(main⚡)» python3 exchangefinder.py --domain dummyexchangetarget.com \n\n \n ______ __ _______ __ \n / ____/ __/ /_ ____ _____ ____ ____ / ____(_)___ ____/ /__ _____\n / __/ | |/_/ __ \\/ __ `/ __ \\/ __ `/ _ \\/ /_ / / __ \\/ __ / _ \\/ ___/\n / /____\u003e \u003c/ / / / /_/ / / / / /_/ / __/ __/ / / / / / /_/ / __/ / \n/_____/_/|_/_/ /_/\\__,_/_/ /_/\\__, /\\___/_/ /_/_/ /_/\\__,_/\\___/_/ \n /____/ \n \n Find that Microsoft Exchange server ..\n \n[!] Scanning domain dummyexchangetarget.com\n\t[+] The following MX records found for the main domain\n\t10 mx01.dummyexchangetarget.com.\n\n[!] \tScanning host (mail.dummyexchangetarget.com)\n[+] \tIIS server detected (https://mail.dummyexchangetarget.com)\n[!] \tPotential Microsoft Exchange Identified\n[+] \tMicrosoft Exchange identified with the following details:\n\n\tDomain Found : https://mail.dummyexchangetarget.com\n\tExchange version : Exchange Server 2016 CU22 Nov21SU\n\tLogin page : https://mail.dummyexchangetarget.com/owa/auth/logon.aspx?url=https%3a%2f%2fmail.dummyexchangetarget.com%2fowa%2f\u0026reason=0\n\tIIS/Webserver version: Microsoft-IIS/10.0\n\n[!] \tScanning host (autodiscover.dummyexchangetarget.com)\n[+] \tIIS server detected (https://autodiscover.dummyexchangetarget.com)\n[!] \tPotential Microsoft Exchange Identified\n[+] \tMicrosoft Exchange identified with the following details:\n\n\tDomain Found : https://autodiscover.dummyexchangetarget.com\n\tExchange version : Exchange Server 2016 CU22 Nov21SU\n\tLogin page : https://autodiscover.dummyexchangetarget.com/owa/auth/logon.aspx?url=https%3a%2f%2fautodiscover.dummyexchangetarget.com%2fowa%2f\u0026reason=0\n\tIIS/Webserver version: Microsoft-IIS/10.0\n\naskar•/opt/redteaming/ExchangeFinder(main⚡)» \n\n```\n\n![Scan Single Domain](screenshots/screenshot1.png)\n\n\n### Scan multiple domains\nTo scan multiple domains (targets) you can use the option `--domains` and choose a file like the following:\n\n```\naskar•/opt/redteaming/ExchangeFinder(main⚡)» python3 exchangefinder.py --domains domains.txt \n\n \n ______ __ _______ __ \n / ____/ __/ /_ ____ _____ ____ ____ / ____(_)___ ____/ /__ _____\n / __/ | |/_/ __ \\/ __ `/ __ \\/ __ `/ _ \\/ /_ / / __ \\/ __ / _ \\/ ___/\n / /____\u003e \u003c/ / / / /_/ / / / / /_/ / __/ __/ / / / / / /_/ / __/ / \n/_____/_/|_/_/ /_/\\__,_/_/ /_/\\__, /\\___/_/ /_/_/ /_/\\__,_/\\___/_/ \n /____/ \n \n Find that Microsoft Exchange server ..\n \n[+] Total domains to scan are 2 domains\n[!] Scanning domain externalcompany.com\n\t[+] The following MX records found for the main domain\n\t20 mx4.linfosyshosting.nl.\n\t10 mx3.linfosyshosting.nl.\n\n[!] \tScanning host (mail.externalcompany.com)\n[+] \tIIS server detected (https://mail.externalcompany.com)\n[!] \tPotential Microsoft Exchange Identified\n[+] \tMicrosoft Exchange identified with the following details:\n\n\tDomain Found : https://mail.externalcompany.com\n\tExchange version : Exchange Server 2016 CU22 Nov21SU\n\tLogin page : https://mail.externalcompany.com/owa/auth/logon.aspx?url=https%3a%2f%2fmail.externalcompany.com%2fowa%2f\u0026reason=0\n\tIIS/Webserver version: Microsoft-IIS/10.0\n\n[!] Scanning domain o365.cloud\n\t[+] The following MX records found for the main domain\n\t10 mailstore1.secureserver.net.\n\t0 smtp.secureserver.net.\n\n[!] \tScanning host (mail.o365.cloud)\n[+] \tIIS server detected (https://mail.o365.cloud)\n[!] \tPotential Microsoft Exchange Identified\n[+] \tMicrosoft Exchange identified with the following details:\n\n\tDomain Found : https://mail.o365.cloud\n\tExchange version : Exchange Server 2013 CU23 May22SU\n\tLogin page : https://mail.o365.cloud/owa/auth/logon.aspx?url=https%3a%2f%2fmail.o365.cloud%2fowa%2f\u0026reason=0\n\tIIS/Webserver version: Microsoft-IIS/8.5\n\naskar•/opt/redteaming/ExchangeFinder(main⚡)» \n\n```\n\n![Scan Multiple Domains](screenshots/screenshot2.png)\n\n**Please note that the examples used in the screenshots are resolved in the lab only**\n\nThis tool is very simple and I was using it to save some time while searching for Microsoft Exchange instances, feel free to open PR if you find any issue or you have a new thing to add.\n\n# License\n\nThis project is licensed under the GPL-3.0 License - see the LICENSE file for details\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmhaskar%2FExchangeFinder","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmhaskar%2FExchangeFinder","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmhaskar%2FExchangeFinder/lists"}