GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → 0xdevalias → Sparty

0xdevalias / Sparty

Licence: other
Sparty - MS Sharepoint and Frontpage Auditing Tool [Unofficial]

Programming Languages

python
139335 projects - #7 most used programming language
hack
652 projects

Labels

pentestsharepoint

Projects that are alternatives of or similar to Sparty

Cve 2019 0604
cve-2019-0604 SharePoint RCE exploit
Stars: ✭ 91 (+21.33%)
Mutual labels:  sharepoint, pentest
Cloakify
CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection
Stars: ✭ 1,136 (+1414.67%)
Mutual labels:  pentest
Pcwt
Stars: ✭ 46 (-38.67%)
Mutual labels:  pentest
Ska
Simple Karma Attack
Stars: ✭ 55 (-26.67%)
Mutual labels:  pentest
Ldapcp
This claims provider connects SharePoint 2019 / 2016 / 2013 with Active Directory and LDAP servers to enhance people picker with a great search experience in federated authentication (typically ADFS)
Stars: ✭ 48 (-36%)
Mutual labels:  sharepoint
Rfd Checker
RFD Checker - security CLI tool to test Reflected File Download issues
Stars: ✭ 56 (-25.33%)
Mutual labels:  pentest
Smersh
Smersh is a pentest oriented collaborative tool used to track the progress of your company's missions.
Stars: ✭ 43 (-42.67%)
Mutual labels:  pentest
Girsh
Automatically spawn a reverse shell fully interactive for Linux or Windows victim
Stars: ✭ 66 (-12%)
Mutual labels:  pentest
Dr0p1t Framework
A framework that create an advanced stealthy dropper that bypass most AVs and have a lot of tricks
Stars: ✭ 1,132 (+1409.33%)
Mutual labels:  pentest
Poshmon
A PowerShell-based server and farm monitoring solution
Stars: ✭ 54 (-28%)
Mutual labels:  sharepoint
Sudo killer
A tool to identify and exploit sudo rules' misconfigurations and vulnerabilities within sudo for linux privilege escalation.
Stars: ✭ 1,073 (+1330.67%)
Mutual labels:  pentest
Pythem
pentest framework
Stars: ✭ 1,060 (+1313.33%)
Mutual labels:  pentest
Pathwar
☠️ The Pathwar Project ☠️
Stars: ✭ 58 (-22.67%)
Mutual labels:  pentest
31 Days Of Api Security Tips
This challenge is Inon Shkedy's 31 days API Security Tips.
Stars: ✭ 1,038 (+1284%)
Mutual labels:  pentest
Sp Rest Explorer
Source code for SharePoint REST API Metadata Explorer
Stars: ✭ 67 (-10.67%)
Mutual labels:  sharepoint
Burp Suite Error Message Checks
Burp Suite extension to passively scan for applications revealing server error messages
Stars: ✭ 45 (-40%)
Mutual labels:  pentest
Macro pack
macro_pack is a tool by @EmericNasi used to automatize obfuscation and generation of Office documents, VB scripts, shortcuts, and other formats for pentest, demo, and social engineering assessments. The goal of macro_pack is to simplify exploitation, antimalware bypass, and automatize the process from malicious macro and script generation to final document generation. It also provides a lot of helpful features useful for redteam or security research.
Stars: ✭ 1,072 (+1329.33%)
Mutual labels:  pentest
Evilgrade
Evilgrade is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates.
Stars: ✭ 1,086 (+1348%)
Mutual labels:  pentest
Cloudflair
🔎 Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys.
Stars: ✭ 1,176 (+1468%)
Mutual labels:  pentest
Findsploit
Find exploits in local and online databases instantly
Stars: ✭ 1,160 (+1446.67%)
Mutual labels:  pentest
View All Similar Projects ➔

Sparty - Sharepoint/Frontpage Auditing Tool ! Authored by: Aditya K Sood |{0kn0ck}@secniche.org | 2013 Twitter: @AdityaKSood Powered by: SecNiche Security Labs !

Sparty is an open source tool written in python to audit web applications using sharepoint and frontpage architecture. The motivation behind this tool is to provide an easy and robust way to scrutinize the security configurations of sharepoint and frontpage based web applications. Due to the complex nature of these web administration software, it is required to have a simple and efficient tool that gathers information, check access permissions, dump critical information from default files and perform automated exploitation if security risks are identified. A number of automated scanners fall short of this and Sparty is a solution to that.

Functionalities and capabilities !

  1. Sharepoint and Frontpage Version Detection!
  2. Dumping Password from Exposed Configuration Files!
  3. Exposed Sharepoint/Frontpage Services Scan!
  4. Exposed Directory Check!
  5. Installed File and Access Rights Check!
  6. RPC Service Querying!
  7. File Enumeration!
  8. File Uploading Check!

Additional notes about working and design

  1. This version of sparty is written in Python 2.6 (final) running on backtrack 5.0.
  2. This version (v 0.1) primarily includes assessment of configuration flaws.
  3. This version is based on the practical testing and assessment of frontpage & sharepoint.

Requirements

  1. This version uses following libraries: import urllib2 import re import os, sys import optparse import httplib

  2. Python 2.6 is required.

[+] Things to take care of while using sparty !

Please take this into consideration:

  1. Always specify https | http explcitly !
  2. Always provide the proper directory structure where sharepoint/frontpage is installed !
  3. Do not specify '/' at the end of url !

[+] Sparty Help

---------------------------------------------------------------

      _|_|_|    _|_|_|     _|_|    _|_|_|    _|_|_|_|_|  _|      _|
     _|        _|    _|  _|    _|  _|    _|      _|        _|  _|
       _|_|    _|_|_|    _|_|_|_|  _|_|_|        _|          _|
           _|  _|        _|    _|  _|    _|      _|          _|
     _|_|_|    _|        _|    _|  _|    _|      _|          _|

    SPARTY : Sharepoint/Frontpage Security Auditing Tool!
    Authored by: Aditya K Sood |{0kn0ck}@secniche.org  | 2013
    Twitter:     @AdityaKSood

--------------------------------------------------------------

Usage: sparty.py [options]

Options: --version show program's version number and exit -h, --help show this help message and exit

Frontpage:: -f FRONTPAGE, --frontpage=FRONTPAGE <FRONTPAGE = pvt | bin> -- to check access permissions on frontpage standard files in vti or bin directory!

Sharepoint:: -s SHAREPOINT, --sharepoint=SHAREPOINT <SHAREPOINT = forms | layouts | catalog> -- to check access permissions on sharepoint standard files in forms or layouts or catalog directory!

Mandatory:: -u URL, --url=URL target url to scan with proper structure

Information Gathering and Exploit:: -v FINGERPRINT, --http_fingerprint=FINGERPRINT <FINGERPRINT = ms_sharepoint | ms_frontpage> -- fingerprint sharepoint or frontpage based on HTTP headers! -d DUMP, --dump=DUMP <DUMP = dump | extract> -- dump credentials from default sharepoint and frontpage files (configuration errors and exposed entries)! -l DIRECTORY, --list=DIRECTORY <DIRECTORY = list | index> -- check directory listing and permissions! -e EXPLOIT, --exploit=EXPLOIT EXPLOIT = <rpc_version_check | file_upload | config_check> -- exploit vulnerable installations by checking RPC querying and file uploading -i SERVICES, --services=SERVICES SERVICES = <serv | services> -- checking exposed services ! services !

Authentication [devalias.net]: -a AUTHENTICATION, --auth-type=AUTHENTICATION AUTHENTICATION = -- Authenticate with NTLM user/pass !

General:: -x EXAMPLES, --examples=EXAMPLES running usage examples !

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].