Abstract

Sparty is an open source tool written in python to audit web applications using sharepoint and frontpage architecture. The motivation behind this tool is to provide an easy and robust way to scrutinize the security configurations of sharepoint and frontpage based web applications. Due to the complex nature of these web administration software, it is required to have a simple and efficient tool that gathers information, check access permissions, dump critical information from default files and perform automated exploitation if security risks are identified. A number of automated scanners fall short of this and Sparty is a solution to that . In the first release, Sparty is capable of performing following tasks:

• Checking access permissions of sharepoint inherent webpages and directories
• Checking access permissions for deployed frontpage extensions and directories
• Dumping passwords from misconfigured default files
• Information gathering from the configured sharepoint and frontpage extensions
• Automated exploitation of vulnerable configurations of sharepoint and frontpage architectures

Sparty is tool that provides complete information regarding sharepoint and frontpage environments to design threat models which greatly assist penetration testers in manual verification of flaws. Sparty is really helpful in time critical security assessments.