Created
July 28, 2024 13:29
-
-
Save puzzlepeaches/9fc2ae86d0951e26895378e5eca431d1 to your computer and use it in GitHub Desktop.
Get O365 tenant name using autodiscover.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # nuclei -t get-tenant-name.yaml -u acme.com -jsonl -or -silent -nm -ot | jq -r '."extracted-results"'[] | |
| id: o365-tenant-name | |
| info: | |
| name: Office 365 Tenant Name Discovery | |
| author: ed | |
| severity: info | |
| description: Discovers the tenant name for a given Office 365 domain using the Autodiscover service. | |
| requests: | |
| - method: POST | |
| path: | |
| - "https://autodiscover-s.outlook.com/autodiscover/autodiscover.svc" | |
| headers: | |
| Content-Type: text/xml; charset=utf-8 | |
| SOAPAction: http://schemas.microsoft.com/exchange/2010/Autodiscover/Autodiscover/GetFederationInformation | |
| User-Agent: AutodiscoverClient | |
| Accept-Encoding: identity | |
| body: | | |
| <?xml version="1.0" encoding="utf-8"?> | |
| <soap:Envelope xmlns:exm="http://schemas.microsoft.com/exchange/services/2006/messages" xmlns:ext="http://schemas.microsoft.com/exchange/2010/Autodiscover/Autodiscover/GetFederationInformation" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> | |
| <soap:Header> | |
| <a:Action soap:mustUnderstand="1">http://schemas.microsoft.com/exchange/2010/Autodiscover/Autodiscover/GetFederationInformation</a:Action> | |
| <a:To soap:mustUnderstand="1">https://autodiscover-s.outlook.com/autodiscover/autodiscover.svc</a:To> | |
| <a:ReplyTo> | |
| <a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address> | |
| </a:ReplyTo> | |
| </soap:Header> | |
| <soap:Body> | |
| <GetFederationInformationRequestMessage xmlns="http://schemas.microsoft.com/exchange/2010/Autodiscover"> | |
| <Request> | |
| <Domain>{{Host}}</Domain> | |
| </Request> | |
| </GetFederationInformationRequestMessage> | |
| </soap:Body> | |
| </soap:Envelope> | |
| matchers-condition: and | |
| matchers: | |
| - type: status | |
| status: | |
| - 200 | |
| extractors: | |
| - type: regex | |
| name: tenant_name | |
| part: body | |
| regex: | |
| - '(?i)<Domain>([^<>/.]+)\.onmicrosoft\.com</Domain>' | |
| group: 1 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment