Skip to content
/ Carbuncle Public

Tool for interacting with outlook interop during red team engagements

144 stars 25 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

checkymander/Carbuncle

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

30 Commits
Carbuncle
Carbuncle
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
Carbuncle.sln
Carbuncle.sln
 
 
README.md
README.md
 
 

Repository files navigation

Carbuncle

Tool for interacting with outlook interop during red team engagements.

Usage

Carbuncle Usage:
carbuncle.exe <action> <action arguments>

Actions:
	searchmail		Search for an e-mail in the users inbox
	attachments		Search for and download attachments
	read			Read a specific e-mail item
	send			Send an e-mail
	monitor			Monitor for new e-mail items

read:
	/entryid:		Read an e-mail by its specific unique ID
					carbuncle.exe read /entryid:00000000ABF08F38F774EF44BD800D54DA6135740700438C90E5F1E27549A26DD4C4CE7C884C0069B971A0EB00007E3487BFEF2F834F93D188D339E4EA4E00003BA5A49B0000
	
	/number:		Readn an e-mail by its numerical position in the inbox.
					carbuncle.exe read /number:3
					
	/subject		Read an e-mail by its subject
					carbuncle.exe read /subject:"Password Reset 05/20/2021"
					
	
searchmail:
	/body			Search by the content of the body. Supported search methods: /regex and /content
					carbuncle.exe searchmail /body /content:"Password" [/display]
					
	/senderaddress	Search by sender address. Supported search methods: /regex and /address
					carbuncle.exe searchmail /senderaddress:"checkymander@protonmail.com" [/display]
					
	/subject		Search by e-mail subject. Supported search methods: /regex and /content
					carbuncle.exe searchmail /subject /regex:"(checky).+" [/display]
	
	/attachment		Search by e-mail attachment. Supported serach methods: /regex and /name
					carbuncle.exe searchmail /regex:"(id_rsa).+" /downloadpath:"C:\\temp\\" [/display]
	
	/all			Gets all e-mails
					carbuncle.exe /all [/display]
	
	Optional Flags:
	/display 		Display the body of any matched e-mail.
	/downloadpath	Download any matching attachments to the specified location

monitor:
	Optional:
	/regex			Can specify a regex to only notify on new e-mails that match a specific regex
					carbuncle.exe monitor /regex:(id_rsa) [/display]
	
	/display		Display the e-mails in console as they arrive.
					carbuncle.exe monitor /display
					
attachments
	/all			Downloads all attachments to the specified download folder
					carbuncle.exe attachments /downloadpath:"C:\\temp\\" /all
					
	/entryid		Download attachment from a specified e-mail
					carbuncle.exe attachments /downloadpath:"C\\temp\\" /entryid:00000000ABF08F38F774EF44BD800D54DA6135740700438C90E5F1E27549A26DD4C4CE7C884C0069B971A0EB00007E3487BFEF2F834F93D188D339E4EA4E00003BA5A49B0000
					
					
send
	/subject		Sets the subject of the e-mail
 
	/recipients		A comma separated list of recipients for the e-mail to be sent to

	/body			Body of the e-mail to send.
			
	/attachment		The local file of the attachment to be included in the e-mail

	/attachmentname	(Optional) The name of the attachment. The default is the name of the file without the extension.
					carbuncle.exe send /subject:"test e-mail please ignore" /recipients:"email1@domain.com,email2@domain.com" /body:"Hello World" /attachment:"C:\\temp\\attachment.exe" /attachmentname:"Totally Legitimate"

About

Tool for interacting with outlook interop during red team engagements

Resources

Readme
Activity

Stars

144 stars

Watchers

7 watching

Forks

25 forks
Report repository

Releases 1

Carbuncle v0.2 Latest
May 25, 2021

Packages

No packages published

Languages