Skip to content
/ ExchangeResponder Public

Exchange Online Blue Team PowerShell tool for email purging, hunting malicious inbox rules, and mailbox management.

2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

blwhit/ExchangeResponder

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
ExchangeResponder.ps1
ExchangeResponder.ps1
 
 
README.md
README.md
 
 

Repository files navigation

ExchangeResponder

PowerShell-based Blue Team tool for investigating and remediating Business Email Compromise and email-based threats in Microsoft 365 tenants.

Features

  • Email Search & Purge: Search and delete malicious emails tenant-wide, by subject/sender/etc
  • Inbox Rule Hunting: Find and remediate malicious inbox rules by name/action/etc
  • Mailbox Delegation: Grant/revoke temporary mailbox access for investigation
  • Batch Processing: Bypasses Microsoft Purview's 1,000+ mailbox search limit
  • CSV Export: Save findings to files for review/documentation

Installation

Clone this repository:

git clone https://github.com/blwhit/ExchangeResponder.git
cd ExchangeResponder

The script will automatically install required modules

Usage

Run the script:

.\ExchangeResponder.ps1

The interactive menu provides access to all functions:

image

Requirements

  • PowerShell 5.1 or later
  • ExchangeOnlineManagement module v3.9.0+
  • Exchange Online permissions

About

Exchange Online Blue Team PowerShell tool for email purging, hunting malicious inbox rules, and mailbox management.

Topics

blueteam exchange-online m365 microsoft365 purview-cli purview email-phishing

Resources

Readme
Activity

Stars

2 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages