Sparty-2.0 is an tool written in Python to audit web applications using Sharepoint and Frontpage Architecture. This Tool gathers information, check access permissions, dump critical information from default files and perform automated exploitation if security risks are identified.
git clone https://github.com/MayankPandey01/Sparty-2.0.git
This Tool Only Supports Python 3. The recommended version for Python 3 is 3.8.x.
The dependencies can be installed using the requirements file:.
Installation on Windows:.
- python.exe -m pip install -r requirements.txt.
Installation on Linux.
- sudo pip install -r requirements.txt.
This Tool uses 2 modules to Audit SharePoint, Exploitation
and Enumeration
You can use one or both of them at once. python Sparty-2.0 -u https://example.com -enum -exploit
Enumeration Module
- Frontpage RPC Check
- Frontpage Service Listing
- Frontpage Config Check
- Fingerprint Frontpage
- Checks Fpr Exposed Services in the Frontpage/Sharepoint Directory
- Sharepoint and Frontpage Version Detection!
- Exposed Directory Check!
- Installed File and Access Rights Check!
- RPC Service Querying!
- File Enumeration!
Exploitation Module
- Dumps Sharepoint Headers
- Dumps Password Files
- Checks For FIle Upload
- Remove Frontpage Folder
- Always specify https | http explcitly !
- Always provide the proper directory structure where sharepoint/frontpage is installed !
- Do not specify '/' at the end of url !
Short Form | Long Form | Description |
---|---|---|
url | url | A URL to scan |
-enum | Enumeration | Uses Enumeration Module |
-exploit | Exploitation | Uses Exploitation Module |
-h | --help | Displays help |
-p | --proxy | Specify a proxy (ex: http://localhost:8080) |
-hds | --headers | Specify a custom header (ex: 'Authorization=Basic: YOURTOKEN') |
- Original Version Of Sparty https://github.com/adityaks/sparty
- This Tool may throw some False Positive , always double check the Output.
Use This Tool Wisely.
Happy Hacking ✨ ✨