Q: What is SharePointSpy?
A: Its a small Chrome extension that checks your access to sensitive areas of SharePoint base and sub sites. It also has some pre-configured search terms that can be used on the base and sub sites to look for files that could have sensitive information. The goal was to make SharePoint audits easier form the auditors POV.
###
Q: Why?
A: I wanted the ability to audit SharePoint sites and I originally looked at Bishop Fox's SharePoint Hacking Diggity Project but kept having issues and felt it could work better as a Chrome extension and could have more features. So I set out to mimic Bishop's SharePointURLBrute in Chrome, added a few things and here we are :)
###
Q: Where can I get it?
A: Githug.
It has a few issues and could use a few more features. 302 redirects break SPS, when it encounters a 302 is just hangs. I would like to be able to scan a site as an anonymous user but I have not figured that one out yet. If you know the secret to either of the above please let me know. That is all I got for now. Happy hacking!
Saturday, August 19, 2017
Subscribe to:
Posts (Atom)