https://github.com/blwhit/exchangeresponder
Exchange Online Blue Team PowerShell tool for email purging, hunting malicious inbox rules, and mailbox management.
https://github.com/blwhit/exchangeresponder
blueteam email-phishing exchange-online m365 microsoft365 purview purview-cli
Last synced: 6 days ago
JSON representation
Exchange Online Blue Team PowerShell tool for email purging, hunting malicious inbox rules, and mailbox management.
- Host: GitHub
- URL: https://github.com/blwhit/exchangeresponder
- Owner: blwhit
- Created: 2025-10-02T01:42:04.000Z (9 months ago)
- Default Branch: main
- Last Pushed: 2025-10-02T02:18:13.000Z (9 months ago)
- Last Synced: 2025-10-02T03:32:18.212Z (9 months ago)
- Topics: blueteam, email-phishing, exchange-online, m365, microsoft365, purview, purview-cli
- Language: PowerShell
- Homepage:
- Size: 18.6 KB
- Stars: 0
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# ExchangeResponder
PowerShell-based Blue Team tool for investigating and remediating Business Email Compromise and email-based threats in Microsoft 365 tenants.
## Features
- **Email Search & Purge**: Search and delete malicious emails tenant-wide, by subject/sender/etc
- **Inbox Rule Hunting**: Find and remediate malicious inbox rules by name/action/etc
- **Mailbox Delegation**: Grant/revoke temporary mailbox access for investigation
- **Batch Processing**: Bypasses Microsoft Purview's 1,000+ mailbox search limit
- **CSV Export**: Save findings to files for review/documentation
## Installation
Clone this repository:
```
git clone https://github.com/blwhit/ExchangeResponder.git
cd ExchangeResponder
```
*The script will automatically install required modules*
## Usage
Run the script:
```powershell
.\ExchangeResponder.ps1
```
The interactive menu provides access to all functions:
## Requirements
- PowerShell 5.1 or later
- ExchangeOnlineManagement module v3.9.0+
- Exchange Online permissions