{
	"id": "77939e25-3f9c-491b-a17d-8c18822915fe",
	"created_at": "2026-04-06T00:08:19.087276Z",
	"updated_at": "2026-04-10T13:11:28.401838Z",
	"deleted_at": null,
	"sha1_hash": "cade011975834cc7fb46d72948fefe22921f3163",
	"title": "GitHub - sensepost/ruler: A tool to abuse Exchange services",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 49478,
	"plain_text": "GitHub - sensepost/ruler: A tool to abuse Exchange services\r\nBy staaldraad\r\nArchived: 2026-04-05 14:08:16 UTC\r\nIntroduction\r\nRuler is a tool that allows you to interact with Exchange servers remotely, through either the MAPI/HTTP or\r\nRPC/HTTP protocol. The main aim is abuse the client-side Outlook features and gain a shell remotely.\r\nThe full low-down on how Ruler was implemented and some background regarding MAPI can be found in our\r\nblog posts:\r\nRuler release\r\nPass the Hash with Ruler\r\nOutlook forms and shells\r\nOutlook Home Page – Another Ruler Vector\r\nFor a demo of it in action: Ruler on YouTube\r\nWhat does it do?\r\nRuler has multiple functions and more are planned. These include\r\nEnumerate valid users\r\nCreate new malicious mail rules\r\nDump the Global Address List (GAL)\r\nVBScript execution through forms\r\nVBScript execution through the Outlook Home Page\r\nRuler attempts to be semi-smart when it comes to interacting with Exchange and uses the Autodiscover service\r\n(just as your Outlook client would) to discover the relevant information.\r\nGetting Started\r\nCompiled binaries for Linux, OSX and Windows are available. Find these in Releases information about setting\r\nup Ruler from source is found in the getting-started guide.\r\nUsage\r\nRuler has multiple functions, these have their own documentation that can be found in the wiki:\r\nBruteForce -- discover valid user accounts\r\nRules -- perform the traditional, rule based attack\r\nhttps://github.com/sensepost/ruler\r\nPage 1 of 2\n\nForms -- execute VBScript through forms\r\nHomepage -- use the Outlook 'home page' for shell and persistence\r\nGAL -- grab the Global Address List\r\nAttacking Exchange\r\nThe library included with Ruler allows for the creation of custom message using MAPI. This along with the\r\nExchange documentation is a great starting point for new research. For an example of using this library in another\r\nproject, see SensePost Liniaal.\r\nLicense\r\nLLiicceennssee CCCC BBYY--NNCC--SSAA 44..00\r\nRuler is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License\r\n(http://creativecommons.org/licenses/by-nc-sa/4.0/) Permissions beyond the scope of this license may be available\r\nat http://sensepost.com/contact/.\r\nSource: https://github.com/sensepost/ruler\r\nhttps://github.com/sensepost/ruler\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE",
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://github.com/sensepost/ruler"
	],
	"report_names": [
		"ruler"
	],
	"threat_actors": [],
	"ts_created_at": 1775434099,
	"ts_updated_at": 1775826688,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/cade011975834cc7fb46d72948fefe22921f3163.pdf",
		"text": "https://archive.orkl.eu/cade011975834cc7fb46d72948fefe22921f3163.txt",
		"img": "https://archive.orkl.eu/cade011975834cc7fb46d72948fefe22921f3163.jpg"
	}
}