Top Rating
- Top Contributors
  Discover the Top Open Source contributors by country or by language
- Interviews
  Discover real stories from Open Source developers
Discover

Discover your Favorite Language
Discover the top trending repositories and projects on Github. Explore the latest trends in your preferred languages.

F#

Ruby

Assembly

Crystal

MATLAB

R

CSS

Haskell

More Languages
Awesome

Awesome repositories
Discover the most awesome repositories and projects of your favorite languages. Inspired by the Awesome-* lists trend in GitHub.

C++

F#

Elm

PowerShell

Scala

Java

Go

C

More Languages
By Country

Rankings by Country
Discover the community of talented open source contributors in each country.

🇺🇬 Uganda

🇮🇶 Iraq

🇰🇵 North Korea

🇯🇲 Jamaica

🇧🇱 Saint Barthélemy

🇪🇭 Western Sahara

🇧🇲 Bermuda

🇫🇷 France

All Countries Compare Countries

sensepost/SPartan

Stars
277
Rank 148,875 (Top 3 %)
Language
Python
Created over 9 years ago
Updated over 3 years ago

sensepost/SPartan

sensepost

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Frontpage and Sharepoint fingerprinting and attack tool.

SPartan

by Keiran Dennie

Requirements

The requests_ntlm and beautifulsoup4 libraries are required. Use the following command to install these with pip:

pip install -r requirements.txt

Overview

SPartan is a Frontpage and Sharepoint fingerprinting and attack tool. Features:

Sharepoint and Frontpage fingerprinting
Management of Friendly 404s
Default Sharepoint and Frontpage file and folder enumeration
Active Directory account enumeration
Download interesting files and documents, including detection of uninterpreted ASP and ASPX
Search for keywords in identified pages
Saves state from previous scans
Site crawling
Accepts NTLM creds and session cookies for authenticated scans

Usage

Some information needed for SPartan Usage:

python SPartan.py -u http://127.0.0.1 -f -c Note: You need to add 'http(s)://' to the URL

-u: host URL to scan including HTTP/HTTPS
-c: crawl the site for links (CTRL-C to stop crawling)
-f: perform frontpage scans
-k: scrape identified pages for keywords (works well with crawl)
-s: perform sharepoint scans
--sps: discover sharepoint SOAP services
--users: List users using Search Principals
-r: (COMING SOON)execute a specified Frontpage RPC query
-t: set maximum amount of threads (10 default)
-p: (COMING SOON)find putable directories)
--cookie: "use a cookie for authenticated scans
-d: download pdf, doc, docx, txt, config, xml, xls, xlsx, webpart, config, conf, stp, csv and asp/aspx(uninterpreted)
-l: provide credentials for authentication to Sharepoint e.g., domain\user:password
-v: Render verbose output. By default SPartan will only render found resources.
-i: Don't attempt to verify SSL

License

SPartan by SensePost is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License (http://creativecommons.org/licenses/by-sa/4.0/) Permissions beyond the scope of this license may be available at http://sensepost.com/contact us/.

objection

📱 objection - runtime mobile exploration

gowitness

🔍 gowitness - a golang, web screenshot utility using Chrome Headless

reGeorg

The successor to reDuh, pwn a bastion webserver and create SOCKS proxies through the DMZ. Pivot and pwn.

ruler

A tool to abuse Exchange services

mana

*DEPRECATED* mana toolkit for wifi rogue AP attacks and MitM

DET

(extensible) Data Exfiltration Toolkit (DET)

godoh

🕳 godoh - A DNS-over-HTTPS C2

kwetza

Python script to inject existing Android applications with a Meterpreter payload.

Snoopy

Snoopy: A distributed tracking and data interception framework

hostapd-mana

SensePost's modified hostapd for wifi attacks.

rattler

Automated DLL Enumerator

DNS-Shell

DNS-Shell is an interactive Shell over DNS channel

USaBUSe

Universal Serial aBUSe is a project to demonstrate the risks of hardware bypasses of software security by Rogan Dawes at SensePost.

snoopy-ng

Snoopy v2.0 - modular digital terrestrial tracking framework

reDuh

Create a TCP circuit through validly formed HTTP requests

Frack

Frack - Keep and Maintain your breach data

autoDANE

Auto Domain Admin and Network Exploitation.

impersonate

A windows token impersonation tool

wiresocks

A sock, with a wire, so you can tunnel all you desire.

mallet

Mallet is an intercepting proxy for arbitrary protocols

UserEnum

Domain user enumeration tool

jack

Drag and Drop ClickJacking PoC development assistance tool.

wpa_sycophant

Evil client portion of EAP relay attack

wikto

Nikto for Windows with some extra features.

routopsy

Routopsy - Hacking Routers with Routers

heartbleed-poc

Test for SSL heartbeat vulnerability (CVE-2014-0160)

dwn

d(ockerp)wn - a docker pwn tool manager

gdi-palettes-exp

DC25 5A1F - Demystifying Windows Kernel Exploitation by Abusing GDI Objects

assless-chaps

Crack MSCHAPv2 challenge/responses quickly using a database of NT hashes

wadi

Wadi Fuzzing Harness

birp

Big Iron Recon & Pwnage

go-out

☄️ go-out - A Golang egress buster.

mail-in-the-middle

mydumbedr

liniaal

Liniaal - A communication extension to Ruler

frida-windows-playground

A collection of Frida hooks for experimentation on Windows platforms.

ms16-098

Windows 8.1 x64 Exploit for MS16-098 RNGOBJ_Integer_Overflow

notruler

The opposite of Ruler, provides blue teams with the ability to detect Ruler usage against Exchange.

offensive-rpc

Offensive RPC PoC

anapickle

Toolset for writing shellcode in Python's Pickle language and for manipulating pickles to inject shellcode.

autoresponder

Quick python script to automatically load NTLM hashes from Responder logs and fires up Hashcat to crack them

xrdp

A rudimentary remote desktop tool for the X11 protocol exploiting unauthenticated x11 sessions

apostille

peanuts

Peanuts is a free and open source wifi tracking tool. Based on the SensePosts Snoopy-NG project that is now closed.

WiFi-Rifle

Creating a wireless rifle de-authentication gun, which utilized a yagi antenna and a Raspberry Pi.

punch-q

👊 A small utility to play with IBM MQ

hash-cracker

Script to perform some hashcracking logic automagically

common-substr

Simple tool to extract the most common substrings from an input text. Built for password cracking.

shinai-fi

Docker images for learning wifi hacking

thumbscr-ews

Exchangelib wrapper for pentesting

wsproxy

A websocket proxy

BiLE-suite

The Bi-directional Link Extractor.

go-derper

Memcache hacking tool.

yeti

SensePost's network footprinting and enumeration tool. You can't pwn what you don't know about.

understanding-eap

A repository with toy implementations of MSCHAPv2, MPEE and WPA/2 to understand EAP better

sockstlsproxy

ntcrack

Left To My Own Devices - NT hash tools

dual-pod-shock

policies

Collection of information security policies.

Suru

Suru is one of the original Man In The Middle (MITM) proxies that sits between the user's browser and the web application.

steampipe-plugin-projectdiscovery

A steampipe plugin to query projectdiscovery.io tools.

squeeza

SQL Injection without the pain of syringes.

x11-active-displays

Checks X11 and outputs a screenshot to of the display if allowed and the display is active

wpa3-vuln

hostapd and wpa_supplicant 2.7 vulnerable to Mathy's WPA3 bugs

SapCap

SApCap is a SAP packet sniffer and decompression tool for analysing SAP GUI (DIAG) traffic

6thSense

A while back antirez, in a post to Bugtraq, detailed a new Tcp portscan method.

maltego-mvs

Tools to combine MVS data with external sources and visualise the output in Maltego.

password-tools

Service desk password tools.

cipherchecks

visually see issues with supported cipher suites

ntp_monlist

Basic script to pull addresses from a NTP server using the monlist command.

XAPSpy

Runtime analysis of windows phone 7 applications.

esp-vnc

Our fork of the esp-link firmware with a built in VNC server for passing input events to an AVR. Part of our Universal Serial aBUSe project.

casper

Casper is a tiny system tray application that can be used to view the invisible windows on your desktop.

SAPProx

SAPProx is a proof of concept tool for intercepting and modifying SAP GUI (DIAG protocol) traffic.

JBaah

HTTP Brute Forcer (Java replacement for SP's CrowBar).

SP-DNS-mine

Google DNS name / sub domain miner.

SpUD

SensePost Unified Data API (SPUD) is a wrapper for apps requiring use of the deprecated Google API.

neverevercookie

GUI for cleaning out evercookie persistence locations.

dresscode

berate_radius

Alpine hostapd-mana based RADIUS server

Manifestor

Android Manifest.xml tool

ClashofSpamTitan

BilePublic

BiLE stands for Bi-directional Link Extraction. It is used in the footprinting process to find non-obvious relationships between different web sites.

glypeahead

Port scan through Glype proxies.

finder

Finder.pl remotely checks IIS Servers for most of the methods used by WebDAV.

jcertchecker

JCertChecker is used to check HTTPS certificates.

desperate

MonSoen

Proxy Server network scanner and tunnelling tool.

Scully

Scully is a client interface to MSSQL and MySQL database servers.

hash-cracker-apple-silicon

Script to perform some hashcracking logic automagically

sconwar

a bring your own client programming game

CarbanakCheck

Check squid logs for possible Carbanak malware.

go

Seriously primitive portscanner using Squid proxy.

pudding

IDS evasion for web-based exploits via encoding built into a "proxy"

gr-protocoldecoder

A simple way to decode a known protocol in GRC in real time.

mpdchecker

Confirm the presence of HTTP methods per directory.

unitools

For working with IIS servers with the Unicode bug

file-read-experiments

A few short scripts to look at the performance of various file read strategies.

ctf-challenges

A collection of CTF challenges

sensedecode

Sensedecode includes 2 perl scripts which exploit the IIS url decoding bug.