Skip to content
SharePoint Security Auditor
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.


A tool for auditing SharePoint security settings and identifying common security holes.


Install Dependencies: pip install -r requirements.txt
Run: python
Call specific functionality from the command-line: [-h] [-t T] [-p P] [-v] [-b] [-pe] [-u]

optional arguments:
  -h, --help  show this help message and exit
  -t T        URL of the target SP site
  -p P        Port/Protocol to target (80 or 443)
  -v        Perform Version Detection
  -b        Perform Brute-Force Browsing
  -pe      Perform Enumeration via People Service
  -u        Perform Brute-Force User ID Search


  • Service Discovery
  • Version Identification
  • User Enumeration
  • System/Machine Account Discovery
  • NTLM Authentication

Known Issues:

  • People Enumeration is not fully functional, primarily in success cases, as I need to stand up a testing environment in order to finish some of the details.

Short Term Development TO-DO items:

  • Finish People Enumeration Success Parsing
  • Finish support for Cookie-based Authentication
  • Store/Save Results In Files or DB


Although I've written and released the initial development version of this tool myself, I am eager for any help in further development that I can get. I'm not a professional developer and could use the help! Create a Pull Request if you'd like to contribue something, or e-mail me at 0rigen[ at ]0rigen [d0t] net to discuss any work.

You can’t perform that action at this time.