recon/technologies
Web Framework
Blazor
Accessibility of blazor.boot.json
Check if the blazor.boot.json file is accessible. This file may contain secrets or sensitive information.
_framework/blazor.boot.json
Review of Loaded Resources in the Browser
Inspect the loaded resources, especially DLL assemblies, to gather sensitive information using disassemblers.
_framework/*.dll
Navigation Routes
Check how routes are managed in Blazor and look for hidden or undocumented routes.
Inspect routing files like App.razor
Decompilation of Blazor WebAssembly (WASM)
Review downloaded WASM assemblies to ensure they do not contain secrets or critical information.
_framework/*.wasm
CMS (Content Management System)
WordPress
SharePoint
FrontPage Config Information
Check if the configuration information is available.
/_vti_inf.html
Frontpage Directory Permissions
Check the access permissions of the main FrontPage directories. Ensure that they are properly restricted to avoid unauthorized access to configuration files, logs, and services
/vti_pvt/
/_vti_bin/
/_vti_log/
/_vti_cnf/
/_vti_bot/
/_vti_bin/_vti_adm/
/_vti_bin/_vti_aut/
/_vti_txt/
FrontPage Sensitive File Enumeration
Check for sensitive information leaks in FrontPage-related paths. This involves looking for potentially exposed configuration files, logs, or admin scripts that may reveal system details or credentials.
/_vti_inf.html
/_vti_bin/shtml.dll/_vti_rpc
/_vti_bin/owssvr.dll
/_vti_bin/_vti_adm/admin.dll
/_vti_bin/_vti_adm/admin.exe
/_vti_bin/_vti_aut/author.exe
/_vti_bin/_vti_aut/WS_FTP.log
/_vti_bin/_vti_aut/ws_ftp.log
/_vti_bin/shtml.exe/_vti_rpc
/_vti_bin/_vti_aut/author.dll
Sensitive Files in /_vti_pvt/
Check the '/_vti_pvt/' directory for potentially exposed files that could contain sensitive data like passwords, configuration files, or other important information.
/ _vti_pvt/authors.pwd
/ _vti_pvt/administrators.pwd
/ _vti_pvt/users.pwd
/ _vti_pvt/service.pwd
/ _vti_pvt/service.grp
/ _vti_pvt/bots.cnf
/ _vti_pvt/service.cnf
/ _vti_pvt/access.cnf
/ _vti_pvt/writeto.cnf
/ _vti_pvt/botsinf.cnf
/ _vti_pvt/doctodep.btr
/ _vti_pvt/deptodoc.btr
/ _vti_pvt/linkinfo.cnf
/ _vti_pvt/services.org
/ _vti_pvt/structure.cnf
/ _vti_pvt/svcacl.cnf
/ _vti_pvt/uniqperm.cnf
/ _vti_pvt/service/lck
/ _vti_pvt/frontpg.lck
Sensitive Services in /_vti_bin/
Check for exposed services within the '/_vti_bin/' directory in FrontPage/SharePoint. Services exposed here can provide critical functionality that could be vulnerable to unauthorized access or exploitation.
/_vti_inf.html
/_vti_bin/shtml.dll/_vti_rpc
/_vti_bin/owssvr.dll
/_vti_bin/_vti_adm/admin.dll
/_vti_bin/_vti_adm/admin.exe
/_vti_bin/_vti_aut/author.exe
/_vti_bin/_vti_aut/WS_FTP.log
/_vti_bin/_vti_aut/ws_ftp.log
/_vti_bin/shtml.exe/_vti_rpc
/_vti_bin/_vti_aut/author.dll
/_vti_bin/spdisco.aspx
/_vti_bin/Admin.asmx
/_vti_bin/alerts.asmx
/_vti_bin/dspsts.asmx
/_vti_bin/forms.asmx
/_vti_bin/Lists.asmx
/_vti_bin/people.asmx
/_vti_bin/Permissions.asmx
/_vti_bin/search.asmx
/_vti_bin/UserGroup.asmx
/_vti_bin/versions.asmx
/_vti_bin/Views.asmx
/_vti_bin/webpartpages.asmx
/_vti_bin/webs.asmx
/_vti_bin/spsdisco.aspx
/_vti_bin/AreaService.asmx
/_vti_bin/BusinessDataCatalog.asmx
/_vti_bin/ExcelService.asmx
/_vti_bin/SharepointEmailWS.asmx
/_vti_bin/spscrawl.asmx
/_vti_bin/spsearch.asmx
/_vti_bin/UserProfileService.asmx
/_vti_bin/WebPartPages.asmx
Configuration Files in /_vti_bin/
Check for exposed SharePoint configuration files in the /_vti_bin/ directory. These files may contain important information about the SharePoint setup and could be a security risk if accessible.
/_vti_bin/microsoft.sharepoint.portal.xml
/_vti_bin/microsoft.sharepoint.xml
Sensitive Files in /Forms/ Directory
Check for exposed forms in the /Forms/ directory that can allow access to sensitive data, like list items or form submissions.
/Forms/DispForm.aspx
/Forms/DispForm.aspx?ID=1
/Forms/EditForm.aspx
/Forms/EditForm.aspx?ID=1
/Forms/Forms/AllItems.aspx
/Forms/MyItems.aspx
/Forms/NewForm.aspx
/Pages/default.aspx
/Pages/Forms/AllItems.aspx
Sensitive Files in /_layouts/ Directory
Check for exposed scripts and pages in the /_layouts/ directory that might provide unauthorized access to system functions.
/layouts/SP.UI.ApplicationPages.ClientPicker.aspx
/layouts/SP.UI.ApplicationPages.SelectWebPage.aspx
/layouts/SP.UI.ApplicationPages.Login.aspx
/layouts/SP.UI.ApplicationPages.EditForm.aspx
/layouts/SP.UI.ApplicationPages.DialogPage.aspx
/layouts/SP.SOD.js
/layouts/SP.Core.js
Sparty2.0
Sparty 2.0 is a reconnaissance tool used to detect and fingerprint SharePoint instances, including version info, exposed endpoints, and common misconfigurations. It includes two main modules:
Reconnaissance module: Performs enumeration and information gathering on the target SharePoint instance.
python Sparty-2.0 -u https://example.com -enumExploitation module: Attempts to detect and exploit known vulnerabilities in the SharePoint environment.
python Sparty-2.0 -u https://example.com -exploit
Drupal
Last updated