Create microsoft-echange-server-detect.yaml

2021-03-04 02:09:10 +07:00 · 2021-03-04 02:09:10 +07:00 · 9bc22f64bf
parent 6f9c901ca7
commit 9bc22f64bf
1 changed files with 34 additions and 0 deletions
--- a/technologies/microsoft-echange-server-detect.yaml
+++ b/technologies/microsoft-echange-server-detect.yaml
@ -0,0 +1,34 @@
+id: microsoft-echange-server-detect
+
+info:
+  name: Microsoft Exchange Server Detect
+  author: pikpikcu
+  severity: info
+  reference: https://github.com/GossiTheDog/scanning/blob/main/http-vuln-exchange.nse
+  description: |
+       Check for Issues Exchange Server CVEs CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 and CVE-2021-27065,using Outlook Web App path data.
+  
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/owa/"
+      - "{{BaseURL}}/owa/auth/logon.aspx"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+          - 302
+      - type: regex
+        regex:
+         - "X-Owa-Version: (15.2.720|15.1.2106|15.0.1496|14.0.496|14.3.513)"
+         - "Location: "
+        part: header
+ 
+    extractors:
+      - type: kval
+        part: header
+        kval:
+          - X-Owa-Version
+          - Location