This commit is contained in:
mgeeky 2021-11-02 18:44:03 +01:00
parent 9b3acc79b6
commit d4596931c7

View File

@ -871,7 +871,7 @@ class SMTPHeadersAnalysis:
'User Custom Flow (?) - custom mail flow rule applied on message?', 'User Custom Flow (?) - custom mail flow rule applied on message?',
{ {
'0' : 'No user custom mail rule applied.', '0' : 'No user custom mail rule applied.',
'1' : 'User custom mail rule applied.', '1' : logger.colored('User custom mail rule applied.', "yellow"),
} }
), ),
@ -887,7 +887,7 @@ class SMTPHeadersAnalysis:
'Folder Rules applied to this Message', 'Folder Rules applied to this Message',
{ {
'ExclusiveSettings' : '', 'ExclusiveSettings' : '',
'CustomRules' : 'An existing folder move rule was applied on this message.', 'CustomRules' : logger.colored('An existing folder move rule was applied on this message.', 'yellow'),
} }
), ),
@ -2099,17 +2099,45 @@ Results will be unsound. Make sure you have pasted your headers with correct spa
'description' : '', 'description' : '',
} }
@staticmethod
def getOffice365TenantNameById(tenantID):
url = 'https://login.microsoftonline.com/TENANT_ID/oauth2/authorize?client_id=TENANT_ID&response_type=id_token&redirect_uri=http%3a%2f%2flocalhost%2fmyapp%2f&response_mode=form_post&scope=openid&state=12345&nonce=678910'
url = url.replace('TENANT_ID', tenantID)
try:
r = requests.get(
url,
allow_redirects=True,
headers = {
'User-Agent' : 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4600.00 Safari/537.36',
})
out = r.text
if 'AADSTS700016'.lower() in out.lower():
m = re.search(r"was not found in the directory '([^']+)'", out, re.I)
if m:
return m.group(1)
except:
pass
return ''
def testO365TenantID(self): def testO365TenantID(self):
(num, header, value) = self.getHeader('X-MS-Exchange-CrossTenant-Id') (num, header, value) = self.getHeader('X-MS-Exchange-CrossTenant-Id')
if num == -1: return [] if num == -1: return []
value = SMTPHeadersAnalysis.flattenLine(value).strip().replace(' ', '') value = SMTPHeadersAnalysis.flattenLine(value).strip().replace(' ', '')
result = f'- Office365 Tenant ID: {self.logger.colored(value, "green")}\n' result = f'- Office365 Tenant ID: {self.logger.colored(value, "cyan")}\n'
try: try:
r = requests.get(f'https://login.microsoftonline.com/{value}/.well-known/openid-configuration') r = requests.get(f'https://login.microsoftonline.com/{value}/.well-known/openid-configuration')
out = r.json() out = r.json()
#
# https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-protocols-oidc
#
# #
# Sample response for "microsoft.com": # Sample response for "microsoft.com":
# https://login.microsoftonline.com/microsoft.com/.well-known/openid-configuration # https://login.microsoftonline.com/microsoft.com/.well-known/openid-configuration
@ -2184,7 +2212,13 @@ Results will be unsound. Make sure you have pasted your headers with correct spa
m = out['error'] m = out['error']
result += '\t- Office365 Tenant ' + self.logger.colored(f'does not exist: {m}\n', 'red') result += '\t- Office365 Tenant ' + self.logger.colored(f'does not exist: {m}\n', 'red')
else: else:
result += '\t- Office365 Tenant ' + self.logger.colored(f'exists.\n', 'green') result += '\t- Office365 Tenant ' + self.logger.colored(f'exists.', 'yellow')
name = SMTPHeadersAnalysis.getOffice365TenantNameById(value)
if len(name) > 0:
result += ' named as: ' + self.logger.colored(name, "green")
result += '\n'
tmp = '' tmp = ''
@ -2206,9 +2240,12 @@ Results will be unsound. Make sure you have pasted your headers with correct spa
result += '\n' + tmp + '\n' result += '\n' + tmp + '\n'
except: except:
self.logger.err(f'Could not fetch Office365 tenant OpenID configuration.') self.logger.err(f'Could not fetch Office365 tenant OpenID configuration. Use --debug for more details.')
result += self.logger.colored('\t- Error: Could not fetch information about Office365 Tenant.\n', 'red') result += self.logger.colored('\t- Error: Could not fetch information about Office365 Tenant.\n', 'red')
if options['debug']:
raise
return { return {
'header': header, 'header': header,
'value' : value, 'value' : value,
@ -5324,6 +5361,8 @@ def main(argv):
for test in tests: for test in tests:
(testId, testName, testFunc) = test (testId, testName, testFunc) = test
if test in b:
testName += ' (use -a to show its results)'
print(f'\t{testId: >7} - {testName}') print(f'\t{testId: >7} - {testName}')
print('\n') print('\n')