Skip to content

MayankPandey01/Sparty-2.0

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Sparty-2.0

Sparty-2.0 is an tool written in Python to audit web applications using Sharepoint and Frontpage Architecture. This Tool gathers information, check access permissions, dump critical information from default files and perform automated exploitation if security risks are identified.

sparty

Installation

  • git clone https://github.com/MayankPandey01/Sparty-2.0.git

Recommended Python Version:

This Tool Only Supports Python 3. The recommended version for Python 3 is 3.8.x.

Dependencies:

The dependencies can be installed using the requirements file:.

Installation on Windows:.

  • python.exe -m pip install -r requirements.txt.

Installation on Linux.

  • sudo pip install -r requirements.txt.

How it Works

This Tool uses 2 modules to Audit SharePoint, Exploitation and Enumeration You can use one or both of them at once. python Sparty-2.0 -u https://example.com -enum -exploit

Enumeration Module

  • Frontpage RPC Check
  • Frontpage Service Listing
  • Frontpage Config Check
  • Fingerprint Frontpage
  • Checks Fpr Exposed Services in the Frontpage/Sharepoint Directory
  • Sharepoint and Frontpage Version Detection!
  • Exposed Directory Check!
  • Installed File and Access Rights Check!
  • RPC Service Querying!
  • File Enumeration!

Exploitation Module

  • Dumps Sharepoint Headers
  • Dumps Password Files
  • Checks For FIle Upload
  • Remove Frontpage Folder

Please take this into consideration

  1. Always specify https | http explcitly !
  2. Always provide the proper directory structure where sharepoint/frontpage is installed !
  3. Do not specify '/' at the end of url !

Usage

Short Form Long Form Description
url url A URL to scan
-enum Enumeration Uses Enumeration Module
-exploit Exploitation Uses Exploitation Module
-h --help Displays help
-p --proxy Specify a proxy (ex: http://localhost:8080)
-hds --headers Specify a custom header (ex: 'Authorization=Basic: YOURTOKEN')

Note

Use This Tool Wisely.
Happy Hacking ✨ ✨