https://github.com/0xdevalias/sparty

Sparty - MS Sharepoint and Frontpage Auditing Tool [Unofficial]
https://github.com/0xdevalias/sparty

frontpage hack pentest sharepoint sparty

Last synced: 3 months ago
JSON representation

Sparty - MS Sharepoint and Frontpage Auditing Tool [Unofficial]

• Host: GitHub
• URL: https://github.com/0xdevalias/sparty
• Owner: 0xdevalias
• License: other
• Archived: true
• Created: 2013-11-12T05:22:26.000Z (almost 11 years ago)
• Default Branch: master
• Last Pushed: 2013-11-12T08:04:58.000Z (almost 11 years ago)
• Last Synced: 2024-06-27T19:56:00.505Z (4 months ago)
• Topics: frontpage, hack, pentest, sharepoint, sparty
• Language: Python
• Homepage: http://sparty.secniche.org/
• Size: 148 KB
• Stars: 92
• Watchers: 10
• Forks: 41
• Open Issues: 9
• Metadata Files:
  • Readme: README
  • License: LICENSE

Awesome Lists containing this project

• awesome-hacking-lists - 0xdevalias/sparty - Sparty - MS Sharepoint and Frontpage Auditing Tool [Unofficial] (Python)

README

        
-------------------------------------------------

Sparty - Sharepoint/Frontpage Auditing Tool !

Authored by: Aditya K Sood |{0kn0ck}@secniche.org  | 2013

             Twitter:     @AdityaKSood

Powered by: SecNiche Security Labs !

------------------------------------------------

Sparty is an open source tool written in python to audit web applications using sharepoint and frontpage architecture. The motivation behind this tool is to provide an easy and robust way to scrutinize the security configurations of sharepoint and frontpage based web applications. Due to the complex nature of these web administration software, it is required to have a simple and efficient tool that gathers information, check access permissions, dump critical information from default files and perform automated exploitation if security risks are identified. A number of automated scanners fall short of this and Sparty is a solution to that.

-----------------------------------

Functionalities and capabilities !

-----------------------------------

1. Sharepoint and Frontpage Version Detection!

2. Dumping Password from Exposed Configuration Files!

3. Exposed Sharepoint/Frontpage Services Scan!

4. Exposed Directory Check!

5. Installed File and Access Rights Check!

6. RPC Service Querying!

7. File Enumeration!

8. File Uploading Check!

-----------------------------------------------

Additional notes about working and design

----------------------------------------------

1. This version of sparty is written in Python 2.6 (final) running on backtrack 5.0.

2. This version (v 0.1) primarily includes assessment of configuration flaws.

3. This version is based on the practical testing and assessment of frontpage & sharepoint.

----------------------------------------------

Requirements

----------------------------------------------

1. This version uses following libraries:

        import urllib2

        import re

        import os, sys

        import optparse

        import httplib

2. Python 2.6 is required.

-----------------------------------------------

[+] Things to take care of while using sparty !

-----------------------------------------------

Please take this into consideration:

1. Always specify https | http explcitly !

2. Always provide the proper directory structure where sharepoint/frontpage is installed !

3. Do not specify '/' at the end of url !

--------------------------

[+] Sparty Help

--------------------------

	---------------------------------------------------------------

          _|_|_|    _|_|_|     _|_|    _|_|_|    _|_|_|_|_|  _|      _|

         _|        _|    _|  _|    _|  _|    _|      _|        _|  _|

           _|_|    _|_|_|    _|_|_|_|  _|_|_|        _|          _|

               _|  _|        _|    _|  _|    _|      _|          _|

         _|_|_|    _|        _|    _|  _|    _|      _|          _|

        SPARTY : Sharepoint/Frontpage Security Auditing Tool!

        Authored by: Aditya K Sood |{0kn0ck}@secniche.org  | 2013

        Twitter:     @AdityaKSood

	--------------------------------------------------------------

Usage: sparty.py [options]

Options:

  --version             show program's version number and exit

  -h, --help            show this help message and exit

  Frontpage::

    -f FRONTPAGE, --frontpage=FRONTPAGE

                         -- to check access permissions

                        on frontpage standard files in vti or bin directory!

  Sharepoint::

    -s SHAREPOINT, --sharepoint=SHAREPOINT

                         -- to check

                        access permissions on sharepoint standard files in

                        forms or layouts or catalog directory!

  Mandatory::

    -u URL, --url=URL   target url to scan with proper structure

  Information Gathering and Exploit::

    -v FINGERPRINT, --http_fingerprint=FINGERPRINT

                         --

                        fingerprint sharepoint or frontpage based on HTTP

                        headers!

    -d DUMP, --dump=DUMP

                         -- dump credentials from

                        default sharepoint and frontpage files (configuration

                        errors and exposed entries)!

    -l DIRECTORY, --list=DIRECTORY

                         -- check directory listing

                        and permissions!

    -e EXPLOIT, --exploit=EXPLOIT

                        EXPLOIT =  -- exploit vulnerable installations by

                        checking RPC querying and file uploading

    -i SERVICES, --services=SERVICES

                        SERVICES =  -- checking exposed

                        services !

                     services !

  Authentication [devalias.net]:

    -a AUTHENTICATION, --auth-type=AUTHENTICATION

                        AUTHENTICATION =  -- Authenticate with NTLM

                        user/pass !

  General::

    -x EXAMPLES, --examples=EXAMPLES

                        running usage examples !