SharePwn

A tool for auditing SharePoint security settings and identifying common security holes.

Use:

Install Dependencies: pip install -r requirements.txt
Run: python sharepwn.py
-or-
Call specific functionality from the command-line:
sharepwn.py [-h] [-t T] [-p P] [-v] [-b] [-pe] [-u]

optional arguments:
  -h, --help  show this help message and exit
  -t T        URL of the target SP site
  -p P        Port/Protocol to target (80 or 443)
  -v        Perform Version Detection
  -b        Perform Brute-Force Browsing
  -pe      Perform Enumeration via People Service
  -u        Perform Brute-Force User ID Search

###Features:###

• Service Discovery
• Version Identification
• User Enumeration
• System/Machine Account Discovery
• NTLM Authentication

Known Issues:

• People Enumeration is not fully functional, primarily in success cases, as I need to stand up a testing environment in order to finish some of the details.

Short Term Development TO-DO items:

• Finish People Enumeration Success Parsing
• Finish support for Cookie-based Authentication
• Store/Save Results In Files or DB

Contributing:

Although I've written and released the initial development version of this tool myself, I am eager for any help in further development that I can get. I'm not a professional developer and could use the help! Create a Pull Request if you'd like to contribue something, or e-mail me at 0rigen[ at ]0rigen [d0t] net to discuss any work.