Last active
April 14, 2023 21:19
-
-
Save JosephGregg/260f3b80d9b970a70968bd4c715d3481 to your computer and use it in GitHub Desktop.
hulk smash email filtering
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import sys | |
import lxml.etree as etree | |
from urllib import request | |
import dns.resolver | |
def main(domain): | |
get_expensive_solution(domain) | |
get_federation_info(domain) | |
def get_expensive_solution(domain): | |
try: | |
mx_records = dns.resolver.resolve(domain, 'MX') | |
has_mimecast = False | |
has_proofpoint = False | |
for mx_record in mx_records: | |
if "mimecast.com" in str(mx_record.exchange): | |
has_mimecast = True | |
elif "ppe-hosted.com" in str(mx_record.exchange): | |
has_proofpoint = True | |
if has_mimecast: | |
print(f"Mimecast detected for {domain}") | |
if has_proofpoint: | |
print(f"Proofpoint detected for {domain}") | |
except dns.exception.DNSException as e: | |
print(f"Error while fetching MX records for {domain}: {e}") | |
def get_federation_info(domain): | |
autodiscover_post_body = f"""<?xml version="1.0" encoding="utf-8"?> | |
<soap:Envelope xmlns:exm="http://schemas.microsoft.com/exchange/services/2006/messages" xmlns:ext="http://schemas.microsoft.com/exchange/services/2006/types" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> | |
<soap:Header> | |
<a:Action soap:mustUnderstand="1">http://schemas.microsoft.com/exchange/2010/Autodiscover/Autodiscover/GetFederationInformation</a:Action> | |
<a:To soap:mustUnderstand="1">https://autodiscover-s.outlook.com/autodiscover/autodiscover.svc</a:To> | |
<a:ReplyTo> | |
<a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address> | |
</a:ReplyTo> | |
</soap:Header> | |
<soap:Body> | |
<GetFederationInformationRequestMessage xmlns="http://schemas.microsoft.com/exchange/2010/Autodiscover"> | |
<Request> | |
<Domain>{domain}</Domain> | |
</Request> | |
</GetFederationInformationRequestMessage> | |
</soap:Body> | |
</soap:Envelope>""" | |
autodiscover_post_headers = { | |
"Content-Type": "text/xml; charset=utf-8", | |
"SOAPAction": '"http://schemas.microsoft.com/exchange/2010/Autodiscover/Autodiscover/GetFederationInformation"', | |
"User-Agent": "AutodiscoverClient" | |
} | |
autodiscover_post_url = 'https://autodiscover-s.outlook.com/autodiscover/autodiscover.svc' | |
autodiscover_request = request.Request(autodiscover_post_url, | |
autodiscover_post_body.encode('utf-8'), | |
autodiscover_post_headers) | |
response_raw = request.urlopen(autodiscover_request) | |
response_xml = etree.fromstring(response_raw.read()) | |
for domain in response_xml.xpath("//*[local-name() = 'Domain']//text()"): | |
if "mail.onmicrosoft.com" in domain: | |
#print(domain) | |
try: | |
mx_records = dns.resolver.resolve(domain, 'MX') | |
has_outlook = False | |
for mx_record in mx_records: | |
if "outlook.com" in str(mx_record.exchange): | |
print(f"MX record containing outlook.com.\nTry relaying mail through this server: {mx_record.exchange}") | |
except dns.exception.DNSException as e: | |
print(f"Error while fetching MX records for {domain}: {e}") | |
if __name__ == '__main__': | |
if len(sys.argv) < 2: | |
print("Please provide a domain name as an argument when running the program.") | |
sys.exit(1) | |
main(sys.argv[1]) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment