Sparty is an open source Sharepoint and Frontpage auditing tool written in python to audit web applications using sharepoint and frontpage architecture. The motivation behind this tool is to provide an easy and robust way to scrutinize the security configurations of sharepoint and frontpage based web applications. Due to the complex nature of these web administration software, it is required to have a simple and efficient tool that gathers information, check access permissions, dump critical information from default files and perform automated exploitation if security risks are identified. A number of automated scanners fall short of this and Sparty is a solution to that.
Features
- Sharepoint and Frontpage Version Detection!
- Dumping Password from Exposed Configuration Files!
- Exposed Sharepoint/Frontpage Services Scan!
- Exposed Directory Check!
- Installed File and Access Rights Check!
- RPC Service Querying!
- File Enumeration!
- File Uploading Check
Usage
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 |
Usage: sparty.py [options] Options: --version show program's version number and exit -h, --help show this help message and exit Frontpage:: -f FRONTPAGE, --frontpage=FRONTPAGE <FRONTPAGE = pvt | bin> -- to check access permissions on frontpage standard files in vti or bin directory! Sharepoint:: -s SHAREPOINT, --sharepoint=SHAREPOINT <SHAREPOINT = forms | layouts | catalog> -- to check access permissions on sharepoint standard files in forms or layouts or catalog directory! Mandatory:: -u URL, --url=URL target url to scan with proper structure Information Gathering and Exploit:: -v FINGERPRINT, --http_fingerprint=FINGERPRINT <FINGERPRINT = ms_sharepoint | ms_frontpage> -- fingerprint sharepoint or frontpage based on HTTP headers! -d DUMP, --dump=DUMP <DUMP = dump | extract> -- dump credentials from default sharepoint and frontpage files (configuration errors and exposed entries)! -l DIRECTORY, --list=DIRECTORY <DIRECTORY = list | index> -- check directory listing and permissions! -e EXPLOIT, --exploit=EXPLOIT EXPLOIT = <rpc_version_check | file_upload | config_check> -- exploit vulnerable installations by checking RPC querying and file uploading -i SERVICES, --services=SERVICES SERVICES = <serv | services> -- checking exposed services ! services ! Authentication [devalias.net]: -a AUTHENTICATION, --auth-type=AUTHENTICATION AUTHENTICATION = <ntlm> -- Authenticate with NTLM user/pass ! General:: -x EXAMPLES, --examples=EXAMPLES running usage examples ! |
Requirements
This version uses following libraries:
- import urllib2
- import re
- import os, sys
- import optparse
- import httplib
Also note Python 2.6 is required.
You can download Sparty here:
Or read more here – the author can be found on Twitter here @AdityaKSood.