Written by Rafael Silva

microsoft/CSS-Exchange

microsoft/CSS-Exchange

https://ift.tt/3v14eva

Security scripts

Test-ProxyLogon.ps1

Formerly known as Test-Hafnium, this script automates all four of the commands found in the Hafnium blog post. It also has a progress bar and some performance tweaks to make the CVE-2021-26855 test run much faster.

Download the latest release here:

Download Test-ProxyLogon.ps1

The most typical usage of this script is to check all Exchange servers and save the output,
by using the following syntax from Exchange Management Shell:

Get-ExchangeServer | .\Test-ProxyLogon.ps1 -OutPath $home\desktop\logs

To check the local server only, just run the script:

.\Test-ProxyLogon.ps1 -OutPath $home\desktop\logs

To display the results without saving them, pass -DisplayOnly:

.\Test-ProxyLogon.ps1 -DisplayOnly

BackendCookieMitigation.ps1

This mitigation will filter https requests that contain malicious X-AnonResource-Backend and malformed X-BEResource cookies which were found to be used in the SSRF attacks in the wild.
This will help with defense against the known patterns observed but not the SSRF as a whole. For more information, see the comments at the top of the script.

Download the latest release here:

Download BackendCookieMitigation.ps1

http-vuln-cve2021-26855.nse

This file is for use with nmap. It detects whether the specified URL is vulnerable to the Exchange Server SSRF Vulnerability (CVE-2021-26855).
For usage information, please read the top of the file.

Download the latest release here:

Download http-vuln-cve2021-26855.nse

via GitHub

March 7, 2021 at 06:32PM
bill-long