technion/Exchange Version.nse

## Exchange Version.nse
local http = require "http"
local shortport = require "shortport"
local stdnse = require "stdnse"
local table = require "table"
local string = require "string"
author = {"technion@lolware.net"}
license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
categories = {"discovery", "safe"}

-- Detection rule based on: https://twitter.com/GossiTheDog/status/1424673929382268932
portrule = shortport.http

action = function(host, port)
    local output_info = {}
    local response = http.generic_request(host, port, "GET","/autodiscover/autodiscover.json?@abc.com/owa/?&Email=autodi
scover/autodiscover.json%3F@abc.com" )
    if response.status == 404 or response.status == 302 or response.status == nil then
        output_info.detected = "Exchange has not been detected"
        return output_info, stdnse.format_output(true, output_info)
    end

    output_info.owa_version = {}
    if response.header['x-owa-version'] then
        local owa_version = response.header['x-owa-version']
        table.insert(output_info.owa_version, "x-owa-version:" .. owa_version)
        if owa_version == '15.1.2308.20' or owa_version == '15.1.2375.17' then
            output_info.vuln = "November 9 Patches applied"
        elseif owa_version == '15.1.2375.12' or owa_version == '15.1.2308.15' then
            output_info.vuln = "October 12 2012 Patch level - Vulnerable to November 9 exploit"
        else
            output_info.vuln = "VULNERABLE TO PROXYSHELL"
        end
    else
        output_info.detected = "Exchange version has not been detected"
    end
    return output_info, stdnse.format_output(true, output_info)
end
	local http = require "http"
	local shortport = require "shortport"
	local stdnse = require "stdnse"
	local table = require "table"
	local string = require "string"
	author = {"technion@lolware.net"}
	license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
	categories = {"discovery", "safe"}

	-- Detection rule based on: https://twitter.com/GossiTheDog/status/1424673929382268932
	portrule = shortport.http

	action = function(host, port)
	local output_info = {}
	local response = http.generic_request(host, port, "GET","/autodiscover/autodiscover.json?@abc.com/owa/?&Email=autodi
	scover/autodiscover.json%3F@abc.com" )
	if response.status == 404 or response.status == 302 or response.status == nil then
	output_info.detected = "Exchange has not been detected"
	return output_info, stdnse.format_output(true, output_info)
	end

	output_info.owa_version = {}
	if response.header['x-owa-version'] then
	local owa_version = response.header['x-owa-version']
	table.insert(output_info.owa_version, "x-owa-version:" .. owa_version)
	if owa_version == '15.1.2308.20' or owa_version == '15.1.2375.17' then
	output_info.vuln = "November 9 Patches applied"
	elseif owa_version == '15.1.2375.12' or owa_version == '15.1.2308.15' then
	output_info.vuln = "October 12 2012 Patch level - Vulnerable to November 9 exploit"
	else
	output_info.vuln = "VULNERABLE TO PROXYSHELL"
	end
	else
	output_info.detected = "Exchange version has not been detected"
	end
	return output_info, stdnse.format_output(true, output_info)
	end