This is a non-IMPACT record, meaning that access to the data is not controlled by IMPACT. For access, see the directions below.

Disclaimer:
This Resource is offered and provided outside of the IMPACT mediation framework. IMPACT and the IMPACT Coordination Council/Blackfire Technology, Inc. expressly disclaim all conditions, representations and warranties including but not limited to Resource availability, quality, accuracy, non-infringement, and non-interference. All Resource information and access is controlled by entities and under terms that are external to the IMPACT legal framework.

Summary

DS-1353
MailSniper
External Tool
External Data Source
GitHub
Unknown
Unknown
56 (lowest rank is 56)

Category & Restrictions

Other
cyber defense, penetration testing
Unrestricted
true

Description


MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords, insider intel, network architecture information, etc.). It can be used as a non-administrative user to search their own email, or by an administrator to search the mailboxes of every user in a domain.

MailSniper also includes additional modules for password spraying, enumerating users/domains, gathering the Global Address List from OWA and EWS, and checking mailbox permissions for every Exchange user at an organization.

A full list of options that can be used are:

ExchHostname - The hostname of the Exchange server to connect to if Autodiscover is failing.
Mailbox - Email address of the current user the PowerShell process is running as (i.e. the only mailbox the account can search).
Terms - Certain terms to search through each email subject and body for. By default the script looks for "*password*","*creds*","*credentials*".
ExchangeVersion - In order to communicate with Exchange Web Services the correct version of Microsoft Exchange Server must be specified. By default this script tries "Exchange2010". Additional options to try are    Exchange2007_SP1, Exchange2010, Exchange2010_SP1, Exchange2010_SP2, Exchange2013, or Exchange2013_SP1.
OutputCsv - Outputs the results of the search to a CSV file.
MailsPerUser - The total number of latest emails to search through in the mailbox. The default is set to the latest 100 emails in the inbox.

Additional Details

3.0MB
false
Unknown
mailsniper, 1353, corporation, inferlink corporation, external, inferlink, external data source, source, search, email, user, exchange, terms, microsoft, mailboxes, intel, administrator, tool, penetration, network, domain, architecture, searching, insider, specific, administrative, passwords, testing, environment, exchange2010, mailbox, default, sp1, server, emails, password, options, list, exchange2013, script, additional, account, total, inbox, current, web, enumerating, owa, organization, connect, sp2, gathering, process, spraying, services, file, running, domains, ews, powershell, permissions, exchhostname, hostname, body, autodiscover, csv, subject, correct, communicate, includes, version, exchange2007, mailsperuser, creds, outputcsv, global, credentials, other, checking, exchangeversion, failing, users, modules, outputs