Another URL brute forcing. But this project is aimed Sharepoint platform. I included some trick to get more information than a static wordlist and better result than regular tools (dirb, gobuster)
python2, mechanize
Bruter.py is a script that automatic brute path from wordlist.
python Bruter.py <TARGET>
Modu.py is a script that test a list of functions can be used on target platform. This script needs a custom wordlist- If you want to test functions like: "add user", "edit user", "change password"
- run
python Modu.py <TARGET> adduser,edituser,changepassword
or create a text file and run python Modu.py <TARGET> $(cat <WORDLIST>)
- This script is not fully tested. Google dork can be better in some case
Brute forcing id maximum is 50. If you want to change this value, go to lib/actions.py
.
Goto bruteID
function at line 13
. It should look like this MAX_RANGE = 50
.
I don't change it because i want simple options
Based
https://the-infosec.com/2017/04/18/penetration-testing-sharepoint/
Penetration testing Sharepointhttps://github.com/danielmiessler/SecLists/blob/master/Discovery/Web-Content/CMS/sharepoint.txt
Sharepoint wordlist