SharePoint Security Scanner
About the SharePoint Security Scanner
Finds various security weaknesses in web applications using SharePoint and FrontPage architecture.
List of tests performed
|Gather information about the SharePoint version installed|
|Analyze SharePoint configuration settings|
|Public exposure of SharePoint web services|
|Permissions on default SharePoint _layouts, _catalogs and forms|
|Finds public information (indexed by Google) about the target|
The SharePoint security assessment is performed remotely, in a black-box manner. The results of the scan should be interpreted from the perspective of an anonymous user who accesses the target website.
- Target URL: This is the url of the SharePoint website that will be scanned. All urls must start with http or https.
How it works
The scanner connects to the target SharePoint server and tries to retrieve certain default pages that indicate the presence of the mentioned weaknesses.
Furthermore, the HTTP response headers received from the server are also analyzed to find security issues.