...sine propero notiones

You are here: Kiko > SoftwareAndUtilities > OwaEnumProgram Printable | topic end

Start of topic | Skip to actions
Versão em Português

The owa-enum.pl Program

The owa-enum.pl program performs multiple queries to the user directory search page of a specified Microsoft Outlook Web Access (OWA) service and dumps the results in a text delimited file suitable for importing into database tools.


owa-enum.pl options base-url

base-url is the base address of the OWA service, say https://webmail.example.com

options are zero or more of the following:

-v Verbose mode, reports progress
-n Don't try to remove duplicates
-f text Text to put in empty fields
--delim str= Output field delimiter, | (vertical bar) by default


The program starts by trying each character from the alphabet [a-z 0-9]. If the search returns nothing, it goes to the next character. If it returns "too many items", it recursively adds more characters. If the search returns useful data, it is printed to the standard output.

The program's comments and messages are in Portuguese. Someday I'll have them translated.

Sample Session

# ./owa-enum.pl -v https://webmail.exemplo.com.br
Logando para pegar os cookies...
- Pagina inicial de logon
- Pagina de acesso anonimo
- Pagina do formulario
- Cookies pegos:
mail.exemplo.com.br; path_spec; discard; version=0
Buscando DN=a
Buscando DN=aa
Buscando DN=ab
|Abigail Exemplo da Silva||Abigail|||
|Abrolhos Cavalcanti de Teste|3456-7890|abrolhos|||
Buscando DN=az
|Azuretado de Oliveira||zureta|||

Ethical Issues

The kind of information this tool returns may be useful in "fingerprinting" a site, where a would be 'attacker' tries to get to know as much information as possible (such as know many users it has, what are their naming conventions, what are the users' real and login names, phone numbers, departments, etc.) from its tentative victim.

This may lead some to believe this is an attack tool. It is not -- it just automates what can be done by hand, just as Google automates finding useful web pages.

Besides, not everyone that performs site fingerprinting is necessarily an attacker -- they might just as well be collecting statistics for some study.

If you don't want people to enumerate your domain's contact lists, don't publish them.

License and Downloads

This program is licensed under the CC-GNU GPL 2.0.

Addendum on 2008-Feb-19

Previously, the sample in this page used data I got from running this script at www.procempa.com.br. Today I got this email from an account "admcorreio" (mailadmin) apparently from that domain saying (my translation to English):

Mr Marco Carnut
We would like to request that you remove the data regarding the users of
our site, since we have already blocked the search through the script "owa-enum.pl".

I don't have the foggiest idea whether this request really came from them (it's trivially easy to forge source email addresses) and I don't plan to check either. Nonetheless, I changed the example to use fake data.

Whoever the authors of the email, I regret they said they "blocked the search through the script owa-enum.pl" because that particular wording seems to reinforce the notion I've previously discussed above that this script might be a problem. The problem, if there is any, is having private data exposed on the Internet. (If the data wasn't private, then there would be no problem -- but then they wouldn't be asking me to remove it, would they?) I just hope they've blocked any kind of search, not only the one this script performs. I don't plan to go any deeper on this, though.

Let me also make it very clear: I don't have anything for or against this institution -- in fact, I don't know anyone there. I used them as example just because it was the first name that turned up in a Google search for sites using the old OWA version when I originally wrote this page a few years ago.


You are here: Kiko > SoftwareAndUtilities > OwaEnumProgram


Creative Commons License   The content of this site is made available under the terms of a Creative Commons License, except where otherwise noted.
  O conteúdo deste site está disponibilizado nos termos de uma Licença Creative Commons, exceto onde dito em contrário.