Quick C# tool for checking CVE-2020-0688 on multiple hosts with a non-intrusive method.
- Scan hosts from an input file.
- Passive check : grab exchange version by scraping html content.
- Produces an output file.
- Windows
- .NET framework 4.5.2
git clone https://github.com/onSec-fr/CVE-2020-0688-Scanner.git./CVE-2020-0688-Scanner.exe [path_to_input_file]Note : the input file can contain ip addresses, hostnames and FQDN.
This tool has been developed to test your own system or for authorized security testing. Make sure you check with your local laws before running this tool.
Since Exchange 2013, only the first 3 parts of the version number can be retrieved in this way. This means that sometimes the server may be vulnerable if it has not the very last cumulative update. In this case the server is flagged as "maybe patched".
- Unofficial build chart lists all of the known KB articles, hotfixes, update rollups and other builds of MS Exchange Server 2019, 2016, 2013, 2010, 2007, 2003, 2000, 5.5, 5.0 and 4.0 that have been released. : https://exchangeserverversions.blogspot.com/
- Analysis of CVE-2020-0688 : https://www.thezdi.com/blog/2020/2/24/cve-2020-0688-remote-code-execution-on-microsoft-exchange-server-through-fixed-cryptographic-keys
- https://fr.tenable.com/blog/cve-2020-0688-microsoft-exchange-server-static-key-flaw-could-lead-to-remote-code-execution
- nmap implementation by Kevin Beaumont : https://github.com/PwnPeter/0day-scripts/blob/2845b2d7a62c1baec581afab8fb065dde4f63413/nmap-nse/http-vuln-exchange.nse