ExchangeFinder is a tool that attempts to identify Microsoft Exchange instances for a given domain based on the top common DNS names for Microsoft Exchange. Additionally, ExchangeFinder can identify the version of Microsoft Exchange utilized by the target.
# ExchangeFinder basic usage
python3 exchangefinder.py --domain $domainPOST /autodiscover/autodiscover.xml HTTP/1.1
Host: exch01.parzival.sh
User-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Outlook 16.0.10730; Pro)
Authorization: Basic Q09OVE9TT1x1c2VyMDE6UEBzc3cwcmQ=
Content-Length: 341
Content-Type: text/xml
<Autodiscover xmlns="http://schemas.microsoft.com/exchange/autodiscover/outlook/requestschema/2006">
<Request>
<EMailAddress>$email</EMailAddress>
<AcceptableResponseSchema>http://schemas.microsoft.com/exchange/autodiscover/outlook/responseschema/2006a</AcceptableResponseSchema>
</Request>
</Autodiscover>
{% embed url="https://swarm.ptsecurity.com/attacking-ms-exchange-web-interfaces/" %}