CMS Tests

Sharepoint Scanner

Find vulnerabilities in Internet-facing SharePoint installations.

Sign up for a Pro Account to perform in-depth SharePoint scanning and discover high-risk vulnerabilities.

Scan type
  • Light scan

  • Full scan

Reporting

Sample Report

Here is a Sharepoint Scanner sample report that gives you a taste of how our tools save you time and reduce repetitive manual work.

  • Includes the SharePoint components with incorrect permissions

  • Includes details of SharePoint users (when you extract them)

  • Shows the SharePoint version installed and web server information

  • Analyzes the HTTP server headers and the SharePoint information leaked

SharePoint Security Scanner Report Sample

How to use the pentesting tool

Use Cases for Sharepoint Scanner

Discover various security weaknesses and vulnerabilities in web applications built on top of Microsoft SharePoint and FrontPage.

  • SharePoint Penetration Testing

    You can use this tool to speed up your penetration testing engagements and quickly discover incorrect SharePoint permissions, web services, version numbers, user enumeration, and more.

  • Security Self-Assessment

    Check if your SharePoint installation is updated and properly configured. Enumerate the existing permissions on sensitive _layouts, _catalogs, and forms. Check if user enumeration is possible.

  • Third-Party Website Audit

    If you are a web development company, you can also show this pentesting report to your clients and prove that you have implemented the proper security measures in the SharePoint application.

Better vulnerability discovery. Faster pentest reporting.

Get instant access to custom vulnerability scanners and automation features that simplify the pentesting process and produce valuable results. The platform helps you cover all the stages of an engagement, from information gathering to website scanning, network scanning, exploitation and reporting.

Pentest-Tools.com SharePoint Security Scanner Sample Report

Sharepoint Scanner

Technical Details

List of tests performed

When the scanner runs, here are the tests performed:

  • Gather information about the SharePoint version installed
  • Analyze SharePoint configuration settings
  • Verify public exposure of SharePoint web services
  • Attempt to do user enumeration
  • Check permissions on default SharePoint _layouts, _catalogs, and forms
  • Find juicy information indexed by Google about the target

The SharePoint security assessment is performed remotely in a black-box manner. The scan results explain findings from an anonymous user's perspective who accesses the target website.

Parameters

ParameterDescription
Target URLThis is the URL of the SharePoint website that will be scanned. All URLs must start with http or https.

How it works

The scanner connects to the target SharePoint server and tries to retrieve certain default pages, discovering known vulnerabilities.

Furthermore, the HTTP response headers received from the server are also analyzed to find security issues.