GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → dwisiswant0 → proxylogscan

dwisiswant0 / proxylogscan

Licence: MIT license
A fast tool to mass scan for a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and impersonating as the admin (CVE-2021-26855).

Programming Languages

go
31211 projects - #10 most used programming language

Labels

microsoft-exchangemicrosoft-exchange-serverssrfproxylogoncve-2021-26855cve-2021-27065microsoft-exchange-proxylogon

Projects that are alternatives of or similar to proxylogscan

exprolog
ProxyLogon Full Exploit Chain PoC (CVE-2021–26855, CVE-2021–26857, CVE-2021–26858, CVE-2021–27065)
Stars: ✭ 131 (-9.66%)
Mutual labels:  microsoft-exchange, ssrf, proxylogon, cve-2021-26855, cve-2021-27065, microsoft-exchange-proxylogon
ProxyLogon
ProxyLogon(CVE-2021-26855+CVE-2021-27065) Exchange Server RCE(SSRF->GetWebShell)
Stars: ✭ 112 (-22.76%)
Mutual labels:  microsoft-exchange, microsoft-exchange-server, proxylogon, cve-2021-26855, cve-2021-27065, microsoft-exchange-proxylogon
Blind-SSRF
Nuclei Templates to reproduce Cracking the lens's Research
Stars: ✭ 111 (-23.45%)
Mutual labels:  ssrf
CVE-2020-36179
CVE-2020-36179~82 Jackson-databind SSRF&RCE
Stars: ✭ 77 (-46.9%)
Mutual labels:  ssrf
Ssrf Testing
SSRF (Server Side Request Forgery) testing resources
Stars: ✭ 1,718 (+1084.83%)
Mutual labels:  ssrf
Resources For Beginner Bug Bounty Hunters
A list of resources for those interested in getting started in bug bounties
Stars: ✭ 7,185 (+4855.17%)
Mutual labels:  ssrf
Priest
Extract server and IP address information from Browser SSRF
Stars: ✭ 13 (-91.03%)
Mutual labels:  ssrf
SecExample
JAVA 漏洞靶场 (Vulnerability Environment For Java)
Stars: ✭ 228 (+57.24%)
Mutual labels:  ssrf
Eagle
Multithreaded Plugin based vulnerability scanner for mass detection of web-based applications vulnerabilities
Stars: ✭ 85 (-41.38%)
Mutual labels:  ssrf
Flag-Capture
Solutions and write-ups from security-based competitions also known as Capture The Flag competition
Stars: ✭ 84 (-42.07%)
Mutual labels:  ssrf
ssrf-agent
make http(s) request to prevent SSRF
Stars: ✭ 16 (-88.97%)
Mutual labels:  ssrf
SSRF payload
本脚本旨在生成各类畸形URL链接,进行探测使用的payload,尝试绕过服务端ssrf限制。
Stars: ✭ 28 (-80.69%)
Mutual labels:  ssrf
ctf
CTF programs and writeups
Stars: ✭ 22 (-84.83%)
Mutual labels:  ssrf
bulkssrf
Tests for SSRF by injecting a specified location into different headers. This is a Rust port of m4ll0k's tool.
Stars: ✭ 35 (-75.86%)
Mutual labels:  ssrf
Virtual-Host
Modified Nuclei Templates Version to FUZZ Host Header
Stars: ✭ 38 (-73.79%)
Mutual labels:  ssrf
ssrf-vuls
国光的手把手带你用 SSRF 打穿内网靶场源码
Stars: ✭ 235 (+62.07%)
Mutual labels:  ssrf
ssrf filter
A ruby gem for defending against Server Side Request Forgery (SSRF) attacks
Stars: ✭ 68 (-53.1%)
Mutual labels:  ssrf

proxylogscan

This tool to mass scan for a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and impersonating as the admin (CVE-2021-26855). By chaining this bug with another post-auth arbitrary-file-write vulnerability to get code execution (CVE-2021-27065). As a result, an unauthenticated attacker can execute arbitrary commands on Microsoft Exchange Server.

This vulnerability affects (Exchange 2013 Versions < 15.00.1497.012, Exchange 2016 CU18 < 15.01.2106.013, Exchange 2016 CU19 < 15.01.2176.009, Exchange 2019 CU7 < 15.02.0721.013, Exchange 2019 CU8 < 15.02.0792.010).

All components are vulnerable by default.

Installation

Go 1.13+ required.

$ go get dw1.io/proxylogscan

Or download pre-built binary at release page.

Usage

$ proxylogscan -h
Usage of proxylogscan:
  -m string
        Request method (default "GET")
  -p string
        Proxy URL (HTTP/SOCKSv5)
  -s    Silent mode (Only display vulnerable/suppress errors)
  -u string
        Target URL/list to scan

Examples

There are 3 ways to use this tool.

$ proxylogscan -u https://domain.tld
$ proxylogscan -u urls.txt
$ cat urls.txt | proxylogscan
$ subfinder -silent -d domain.tld | httpx -silent | proxylogscan

Supporting Materials

License

proxylogscan is distributed under MIT.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].