Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/sensepost/spartan

Frontpage and Sharepoint fingerprinting and attack tool.
https://github.com/sensepost/spartan

Last synced: 5 days ago
JSON representation

Frontpage and Sharepoint fingerprinting and attack tool.

Host: GitHub
URL: https://github.com/sensepost/spartan
Owner: sensepost
Created: 2015-02-24T05:50:38.000Z (over 9 years ago)
Default Branch: master
Last Pushed: 2021-08-08T18:45:04.000Z (over 3 years ago)
Last Synced: 2024-11-03T05:30:19.438Z (11 days ago)
Language: Python
Homepage:
Size: 37.1 KB
Stars: 277
Watchers: 20
Forks: 77
Open Issues: 16
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

SPartan
=======
by Keiran Dennie

Requirements
-------------
The requests_ntlm and beautifulsoup4 libraries are required. Use the following command to install these with pip:

pip install -r requirements.txt

Overview
-------
SPartan is a Frontpage and Sharepoint fingerprinting and attack tool.
Features:
- Sharepoint and Frontpage fingerprinting
- Management of Friendly 404s
- Default Sharepoint and Frontpage file and folder enumeration
- Active Directory account enumeration
- Download interesting files and documents, including detection of uninterpreted ASP and ASPX
- Search for keywords in identified pages
- Saves state from previous scans
- Site crawling
- Accepts NTLM creds and session cookies for authenticated scans

Usage
-----

Some information needed for SPartan Usage:

python SPartan.py -u http://127.0.0.1 -f -c
*Note: You need to add 'http(s)://' to the URL*

* -u: host URL to scan including HTTP/HTTPS
* -c: crawl the site for links (CTRL-C to stop crawling)
* -f: perform frontpage scans
* -k: scrape identified pages for keywords (works well with crawl)
* -s: perform sharepoint scans
* --sps: discover sharepoint SOAP services
* --users: List users using Search Principals
* -r: (COMING SOON)execute a specified Frontpage RPC query
* -t: set maximum amount of threads (10 default)
* -p: (COMING SOON)find putable directories)
* --cookie: "use a cookie for authenticated scans
* -d: download pdf, doc, docx, txt, config, xml, xls, xlsx, webpart, config, conf, stp, csv and asp/aspx(uninterpreted)
* -l: provide credentials for authentication to Sharepoint e.g., domain\user:password
* -v: Render verbose output. By default SPartan will only render found resources.
* -i: Don't attempt to verify SSL

License
-------

SPartan by SensePost is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License (http://creativecommons.org/licenses/by-sa/4.0/) Permissions beyond the scope of this license may be available at http://sensepost.com/contact us/.