{"id":13438536,"url":"https://github.com/sensepost/ruler","last_synced_at":"2025-05-14T13:07:10.415Z","repository":{"id":41176450,"uuid":"66006898","full_name":"sensepost/ruler","owner":"sensepost","description":"A tool to abuse Exchange services","archived":false,"fork":false,"pushed_at":"2024-06-10T11:03:07.000Z","size":7656,"stargazers_count":2219,"open_issues_count":14,"forks_count":362,"subscribers_count":99,"default_branch":"master","last_synced_at":"2025-04-09T03:11:23.065Z","etag":null,"topics":["exchange","mapi","pentesting","shells"],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/sensepost.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-08-18T15:05:13.000Z","updated_at":"2025-04-08T13:43:06.000Z","dependencies_parsed_at":"2024-06-09T10:42:05.655Z","dependency_job_id":"57ff9fb4-bce6-4cb2-aee5-80ac6cc41ba5","html_url":"https://github.com/sensepost/ruler","commit_stats":{"total_commits":256,"total_committers":9,"mean_commits":"28.444444444444443","dds":0.16796875,"last_synced_commit":"1e5ee2d80fd0452e2c898aa3a2073edf54640f42"},"previous_names":[],"tags_count":21,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sensepost%2Fruler","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sensepost%2Fruler/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sensepost%2Fruler/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/sensepost%2Fruler/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/sensepost","download_url":"https://codeload.github.com/sensepost/ruler/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254149957,"owners_count":22022851,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["exchange","mapi","pentesting","shells"],"created_at":"2024-07-31T03:01:06.283Z","updated_at":"2025-05-14T13:07:05.397Z","avatar_url":"https://github.com/sensepost.png","language":"Go","readme":"# Introduction\n\nRuler is a tool that allows you to interact with Exchange servers remotely, through either the MAPI/HTTP or RPC/HTTP protocol. The main aim is abuse the client-side Outlook features and gain a shell remotely.\n\nThe full low-down on how Ruler was implemented and some background regarding MAPI can be found in our blog posts:\n* [Ruler release]\n* [Pass the Hash with Ruler]\n* [Outlook forms and shells]\n* [Outlook Home Page – Another Ruler Vector]\n\nFor a demo of it in action: [Ruler on YouTube]\n\n## What does it do?\n\nRuler has multiple functions and more are planned. These include\n\n* Enumerate valid users\n* Create new malicious mail rules\n* Dump the Global Address List (GAL)\n* VBScript execution through forms\n* VBScript execution through the Outlook Home Page\n\nRuler attempts to be semi-smart when it comes to interacting with Exchange and uses the Autodiscover service (just as your Outlook client would) to discover the relevant information.\n\n# Getting Started\n\nCompiled binaries for Linux, OSX and Windows are available. Find these in [Releases]\ninformation about setting up Ruler from source is found in the [getting-started guide].\n\n# Usage\n\nRuler has multiple functions, these have their own documentation that can be found in the [wiki]:\n\n* [BruteForce] -- discover valid user accounts\n* [Rules] -- perform the traditional, rule based attack\n* [Forms] -- execute VBScript through forms\n* [Homepage] -- use the Outlook 'home page' for shell and persistence\n* [GAL] -- grab the Global Address List\n\n# Attacking Exchange\n\nThe library included with Ruler allows for the creation of custom message using MAPI. This along with the Exchange documentation is a great starting point for new research. For an example of using this library in another project, see [SensePost Liniaal].\n\n# License\n[![License: CC BY-NC-SA 4.0](https://img.shields.io/badge/License-CC%20BY--NC--SA%204.0-lightgrey.svg)](http://creativecommons.org/licenses/by-nc-sa/4.0/)\n\nRuler is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License (http://creativecommons.org/licenses/by-nc-sa/4.0/) Permissions beyond the scope of this license may be available at http://sensepost.com/contact/.\n\n\n[Ruler Release]: \u003chttps://sensepost.com/blog/2016/mapi-over-http-and-mailrule-pwnage/\u003e\n[Pass the hash with Ruler]: \u003chttps://sensepost.com/blog/2017/pass-the-hash-with-ruler/\u003e\n[Outlook forms and shells]: \u003chttps://sensepost.com/blog/2017/outlook-forms-and-shells/\u003e\n[Outlook Home Page – Another Ruler Vector]: \u003chttps://sensepost.com/blog/2017/outlook-home-page-another-ruler-vector/\u003e\n[Ruler on YouTube]:\u003chttps://www.youtube.com/watch?v=C07GS4M8BZk\u003e\n[Releases]: \u003chttps://github.com/sensepost/ruler/releases\u003e\n[SensePost Liniaal]:\u003chttps://github.com/sensepost/liniaal\u003e\n[wiki]:\u003chttps://github.com/sensepost/ruler/wiki\u003e\n[BruteForce]:\u003chttps://github.com/sensepost/ruler/wiki/Brute-Force\u003e\n[Rules]:\u003chttps://github.com/sensepost/ruler/wiki/Rules\u003e\n[Forms]:\u003chttps://github.com/sensepost/ruler/wiki/Forms\u003e\n[Homepage]:\u003chttps://github.com/sensepost/ruler/wiki/Homepage\u003e\n[GAL]:\u003chttps://github.com/sensepost/ruler/wiki/GAL\u003e\n[getting-started guide]:\u003chttps://github.com/sensepost/ruler/wiki/Getting-Started\u003e\n","funding_links":[],"categories":["Asset Discovery","\u003ca id=\"683b645c2162a1fce5f24ac2abfa1973\"\u003e\u003c/a\u003e漏洞\u0026\u0026漏洞管理\u0026\u0026漏洞发现/挖掘\u0026\u0026漏洞开发\u0026\u0026漏洞利用\u0026\u0026Fuzzing","MS Exchange","[↑](#contents)Business Communication Infrastructure Discovery","Go","Go (531)","[↑](#table-of-contents) [Initial Access](http://attack.mitre.org/tactics/TA0001/)","Windows Utilities","Operating Systems","Tools"],"sub_categories":["Business Communication Infrastructure Discovery","\u003ca id=\"41ae40ed61ab2b61f2971fea3ec26e7c\"\u003e\u003c/a\u003e漏洞利用","OWA EWS and EAS Password Spraying","[T1203 - Exploitation for Client Execution](https://attack.mitre.org/techniques/T1203)","Penetration Testing Report Templates","Web Exploitation Books","Windows","Windows Utilities"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsensepost%2Fruler","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsensepost%2Fruler","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsensepost%2Fruler/lists"}