Dan Griffin's Blog

Comments on security, PKI, smart cards, cryptography, and entrepreneurship.

Check out SharePoint RegEx Search, a new open source pentesting tool on codeplex. Development was funded by JW Secure, Inc.

The purpose of the tool is to allow a security analyst to scan a SharePoint (WSS) or MOSS site for Office documents (Word, Excel, PowerPoint) containing text matching a specified pattern.

I know what you’re thinking: doesn’t SharePoint already provide search capability out of the box? And for public portals couldn’t you just use Google? Well, to the first question, SharePoint search is limited to the capabilities of the SQL ‘LIKE’ and ‘CONTAINS’ keywords. Regular expressions (”RegEx”), on the other hand, are much more powerful. For example, with RegEx, I can find all documents containing Social Security Numbers, phone numbers, strong passwords, credit card numbers, etc. That’s not feasible with the built-in SharePoint search.

Google doesn’t expose full RegEx capability either. And further more, the biggest security disclosure problem around SharePoint right now exists in intranets (as opposed to the internets ;)). In other words, sensitive corporate data exposed to anyone inside the firewall (in addition to the above, try searching for salaries).

A good introduction to the .NET regular expression library, as well as some useful sample patterns, can be found here.

Regarding SharePoint RegEx Search, contributions are of course welcome. A feature wish list is here. An introduction to the tool is here. And to try it out, the built win32 binary can be found here.

Permalink |

No Comments »

No comments yet.

RSS feed for comments on this post. TrackBack URL

Leave a comment