SharePoint Security Scan
About this tool
The SharePoint Security Scanner finds various security weaknesses in the target SharePoint installation, such as:
- Information about the SharePoint version installed
- Analysis of SharePoint configuration settings
- Public exposure of SharePoint web services
- User enumeration
- Permissions on default SharePoint _layouts, _catalogs and forms
- Finds public information (indexed by Google) about the target
The SharePoint security assessment is performed remotely, in a black-box manner. The results of the scan should be interpreted from the perspective of an anonymous user who accesses the target website.
- Target URL: This is the url of the SharePoint website that will be scanned. All urls must start with http or https.
How it works
The scanner connects to the target SharePoint server and tries to retrieve certain default pages that indicate the presence of the mentioned weaknesses.
Furthermore, the HTTP response headers received from the server are also analyzed to find security issues.