-
Notifications
You must be signed in to change notification settings - Fork 29
/
Copy pathproxyshell.nse
41 lines (34 loc) · 1.32 KB
/
proxyshell.nse
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
local http = require "http"
local shortport = require "shortport"
local stdnse = require "stdnse"
local string = require "string"
description = [[
Script by @psc4re for checking against Outlook Exchange Server ProxyShell Vulnerability CVE-2021-34473
Credits: https://twitter.com/bad_packets/status/1426968952278708225 & https://github.com/dinosn/proxyshell for packet info
]]
-- @usage
-- nmap --script proxyshell.nse -p443 <host>
--
-- @output
-- | proxyshell:
-- |_ Exchange ProxyShell: Vulnerable to ProxyShell Vulnerability CVE-2021-34473!
----------------------------------------------------------
author = "psc4re"
license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
categories = {"default", "discovery", "safe"}
portrule = shortport.http
local function getVulnStatus(host, port)
testpayload = "/autodiscover/[email protected]/owa/?&Email=autodiscover/autodiscover.json%[email protected]"
httpresp = http.get(host, port, testpayload)
if(httpresp['status'] == 302 ) then
return "Vulnerable to ProxyShell Vulnerability CVE-2021-34473!"
end
end
action = function(host, port)
local resp = http.get(host, port, "/owa")
local response = stdnse.output_table()
if resp.status == 200 then
response["Exchange ProxyShell"] = getVulnStatus(host, port)
end
return response
end