Discover various security weaknesses and vulnerabilities in web applications built on top of Microsoft SharePoint and FrontPage.
SharePoint Penetration Testing
The scanner allows you to speed-up your penetration test since it is already installed, configured and ready-to-go. Quickly discover incorrect SharePoint permissions, web services, version numbers, user enumeration and more.
Check if your own installation of SharePoint is updated and properly configured. Enumerate the existing permissions on sensitive _layouts, _catalogs and forms. Check if user enumeration is possible.
Third-Party Website Audit
If you are a web development company, you can also show this report to your clients and prove that you have implemented the proper security measures in the SharePoint application.
List of tests performed
The following tests are done everytime the scanner runs:
Gather information about the SharePoint version installed
Analyze SharePoint configuration settings
Verify public exposure of SharePoint web services
Attempt to do user enumeration
Check permissions on default SharePoint _layouts, _catalogs and forms
Find public information (indexed by Google) about the target
The SharePoint security assessment is performed remotely, in a black-box manner. The results of the scan should be interpreted from the perspective of an anonymous user who accesses the target website.
This is the URL of the SharePoint website that will be scanned. All URLs must start with 'http' or 'https'.
How it works
The scanner connects to the target SharePoint server and tries to retrieve certain default pages that indicate the presence of the mentioned vulnerabilities.
Furthermore, the HTTP response headers received from the server are also analyzed to find security issues.
This tool costs 50 credits but you have 40 credits left.