Contact us
Request demo →
Contact us

Microsoft Exchange CVE: How to scan your systems for the vulnerability

by Cybersprint News, Analyst Report 8 Mar 2021

The breach and data leak of Microsoft’s Exchange Server email software leaves many, many organisations vulnerable to attacks. A vulnerability is being actively abused by hackers to gain access to organisation’s systems. This technical article aims to help IT Security professionals find out which parts of their infrastructure may be vulnerable.

The big challenge with this (type of) hack is that it's hard to determine where you are most vulnerable. How should you go about scanning your digital footprint for the vulnerability, when you don't know exactly how big your attack surface is? 

Microsoft has released code to help you scan for the vulnerability in your systems. We explain how IT Security professionals can use it step by step, and offer our own shell script based on Microsoft's code to automate the use in more complex digital footprints.

How does it work? 

Using the code, you can enter a port and netblock / IP address. The scanner will then detect whether or not the specified target has the vulnerable software or not. This helps you determine your risk exposure and prioritise the place where mitigation is most critical. 

Please note: 

  • Both scanning methods require you to input the target netblocks / IPs. We recommend you create an extensive list of your netblocks first. 
  • Disclaimer: do not use this script if you are unsure of what you're scanning. Scanning has risks, including crashing servers or services. We provide this script as an example of how to automate scanning in larger environments.

The Microsoft scanner

  1. You can find the Microsoft scanner via this GitHub link:
  2. Put the Microsoft script in the path:
  3. You have to update your nmap script database using the command:
    nmap --script-updatedb
  4. To scan a specific target for the vulnerability, use this command:

    nmap -p <port> --script http-vuln-cve2021-26855 <target>

    Set the port you want to scan, as well as the IP or netblock as the target.

    The output will show you whether the specific target is vulnerable or not.

  5. Repeat step 4 for the ports, IPs, and netblocks you want to scan.


The Cybersprint shell script

Cybersprint has built a shell script based on the Microsoft scanner to automate the process. The script can take a text file with a list of netblocks as input, allowing you to scan multiple targets in one go. This is more helpful for more complex attack surfaces, as you don’t need to enter every port and target separately.

Screenshot bash script Microsoft Exchange cve


Download our shell script here:

Download script (.sh)

  1. Create a text file with all the netblocks and IPs you want to scan.
  2. Run the script with the text file as input. It should look like this:
    ./ netblocks_file
  3. The script scans every IP address for open 80 and 443 ports
    (you can scan more ports).
  4. You will receive a result for each netblock, showing whether or not the port is open, and if an open port has the vulnerability.
    See the image below for an example of all three scenarios. 

    Example of scan results Microsoft Exchange CVE scanner
    The top result shows the scan of a netblock. It did not result in any IP addresses with open ports 80 or 443.

    The middle output shows one IP address in the netblock with port 80 and 443 open, but not vulnerable.

    The third result shows the scan of one IP address of which port 443 is open, and vulnerable. 

We hope the scripts will help you effectively scan your attack surface for the vulnerability, so that you can take the appropriate action. You can reach out to us if you have any questions on how to automatically map and monitor your attack surface. 

Contact us


Darktrace, a global leader in cyber security AI, today announced that it has entered into a definitive agreement to acquire the entire issued share capital of Cybersprint B.V. (“Cybersprint”), an attack surface management company that provides continuous, real-time insights from an outside-in perspective to eliminate blind spots and detect risks. The acquisition of Cybersprint is aligned with Darktrace’s vision of delivering a ‘Continuous Cyber AI Loop’ and complements its Self-Learning technology and inside-out view.

read more

Cybersprint partner of THESEUS: making patching happen

Cybersprint is proud to announce our partnership with project THESEUS. Project THESEUS aims to empower organisations to patch faster by radically changing the risk governance of patching.

read more

Lancering handleiding digitale veiligheid zó hack je een stad

Den Haag, 11 november 2021 - Vandaag heeft wethouder Saskia Bruines bij het ECP Jaarfestival 2021 de handleiding ‘Zó hack je een stad’ gelanceerd en deze overhandigd aan Tineke Netelenbos, voorzitter van ECP en lid van de Cyber Security Raad, het onafhankelijke adviesorgaan van het kabinet.

read more

Do you have a question?

Our experts have the answers

Contact us