Join GitHub today
[WIP] Add External Module: office365userenum.py #10607
External python module compatible with v2 and v3.
Enumerate valid usernames (email addresses) from Office 365 using ActiveSync.
Note this behaviour appears to be limited to Office365, MS Exchange does not appear to be affected.
Microsoft Security Response Center stated on 2017-06-28 that this issue does not "meet the bar for security servicing". As such it is not expected to be fixed any time soon.
This script is maintaing the ability to run independently of MSF.
RHOSTS is automatically created as a required option despite my module not needing it and it not being specified in the metadata.
I think we need a different kind of module type to support what you want, which is non-automatic host resolution, and just plain URI-based targets. I think there are lots of other modules that also would prefer this method of operations rather than RHOSTS / RPORT, etc.
The RHOSTS argument comes from the underlying module template that gets instantiated automatically by Metasploit, as you noticed.