MailSniper vs Ruler
GitHub Stats
About MailSniper
MailSniper is a PowerShell tool for searching through email in Microsoft Exchange and Office 365 environments during penetration tests. It can log into mailboxes using stolen credentials and search for terms like 'password', 'creds', 'SSN', or custom keywords across the Global Address List. MailSniper supports Exchange Web Services (EWS), Exchange ActiveSync, and Office 365 REST API. It can enumerate valid usernames via timing attacks, perform password sprays against OWA/EWS, and extract valuable data from mail folders, contacts, and calendar entries. Essential for demonstrating email-based data exposure in enterprise assessments.
About Ruler
Ruler is a tool for interacting with Exchange servers through the MAPI/HTTP or RPC/HTTP protocol. It exploits legitimate Exchange and Outlook features (mail rules, forms, and home pages) to achieve remote code execution on target workstations. When a user opens Outlook, malicious rules trigger command execution, or injected forms/home pages render attacker-controlled content with script execution. Ruler can also enumerate valid credentials via brute-force, perform autodiscover probing, and extract the Global Address List. It demonstrates how Exchange features become attack vectors in enterprise environments.
Platform Support
Tags
Shared
MailSniper only
Ruler only