zimbra-attack
CommunityEnumerate and test Zimbra mail server flaws.
Authoruphiago
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill solves the problem of manually identifying and assessing security weaknesses in Zimbra Collaboration Suite deployments, which are commonly used for email and collaboration across government, enterprise, and university environments, cutting down reconnaissance time from hours to minutes.
Core Features & Use Cases
- Unauthenticated SOAP User Enumeration: Identify valid user accounts on Zimbra instances without credentials by analyzing SOAP API response differences for valid and invalid usernames.
- Critical CVE Exploitation Testing: Automate checks for CVE-2022-37042 (UploadServlet path traversal) and other high-severity Zimbra vulnerabilities that enable unauthenticated remote code execution.
- Internal SSRF and Admin Console Probing: Test for internal service access via the /service/proxy endpoint and exposed Zimbra admin consoles that could lead to full system compromise.
- Use Case: A penetration tester assessing a government agency's webmail infrastructure can use this Skill to quickly confirm Zimbra presence, enumerate valid user accounts, and test for critical unauthenticated exploits without manual configuration.
Quick Start
Use the zimbra-attack skill to scan a target Zimbra webmail URL for user enumeration, critical CVE exploits, and internal SSRF vectors.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: zimbra-attack Download link: https://github.com/uphiago/recon-skills/archive/main.zip#zimbra-attack Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 536,000+ vetted skills library on demand.