SPartan: Frontpage & Sharepoint fingerprinting and attack tool

SPartan

SPartan is a Frontpage and Sharepoint fingerprinting and attack tool.

Features:

  • Sharepoint and Frontpage fingerprinting
  • Management of Friendly 404s
  • Default Sharepoint and Frontpage file and folder enumeration
  • Active Directory account enumeration
  • Download interesting files and documents, including detection of uninterpreted ASP and ASPX
  • Search for keywords in identified pages
  • Saves state from previous scans
  • Site crawling
  • Accepts NTLM creds and session cookies for authenticated scans

Install

git clone https://github.com/sensepost/SPartan.git
cd SPartan
pip install -r requirements.txt

Usage

usage: SPartan [-h] [-u URL] [-c] [-f] [-k KEYWORD] [-s] [–sps] [–users]
[-r RPC] [-t THREAD] [-p] [–cookie COOKIE] [-d]
[-l domain\user:password] [-v] [-i]

optional arguments:
-h, –help show this help message and exit
-u URL host URL to scan including HTTP/HTTPS
-c crawl the site for links (CTRL-C to stop crawling)
-f perform frontpage scans
-k KEYWORD scrape identified pages for keywords (works well with crawl)
-s perform sharepoint scans
–sps discover sharepoint SOAP services
–users List users using Search Principals
-r RPC (COMING SOON)execute a specified Frontpage RPC query
-t THREAD set maximum amount of threads (10 default)
-p (COMING SOON)find putable directories
–cookie COOKIE use a cookie for authenticated scans
-d download pdf, doc, docx, txt, config, xml, xls, xlsx, webpart, config, conf, stp, csv and
asp/aspx(uninterpreted)
-l domain\user:password provide credentials for authentication to Sharepoint
-v, –verbose Render verbose output. By default SPartan will only render found resources.
-i, –ignore-ssl-verification
Don’t attempt to verify SSL certificates as valid
before making a request. This is defaulted to false.

Author

Keiran Dennie

Source: https://github.com/sensepost/