search

digininja / CeWL

CeWL is a Custom Word List Generator
1.9k stars 255 forks source link

Anyone know how to scape a sharepoint site? #120

Open jaxjexjox opened 2 months ago

jaxjexjox commented 2 months ago

Sorry for the support question!

I am wanting to use this on an "internal" (so to speak) Azure hosted Sharepoint site, which obviously wants, trusted devices, single sign on and what have you.

I've fiddled with some of the commands to try and authenticate against this but had no luck. Has anyone managed to achieve this?

Example: sudo docker run -it --rm -v "${PWD}:/host" ghcr.io/digininja/cewl -d 2 -w file.txt --auth_user first.lastname@ourdomain.com --auth_pass MYAZUREPASS https://subdomain.sharepoint.com/sites/SITENAME/

I am going to guess this is particularly difficult to do? Does anyone know, if possible please. I do apologise for a bit of a run of the mill support question but I've tried a variety of things and had no luck

Any thoughts would be appreciated and thanks for the hard work.

digininja commented 2 months ago

What you will need to do is to login and work out which headers are required for authentication and then pass them all using multiple --header parameters.

Something like this:

./cewl.rb cewl.test --header auth:value1 --header authOther:value2

That will pass the headers on each request.

The problem you will have is if any of the values are updated on a per-request basis, if they are, then you are out of luck.

jaxjexjox commented 1 month ago

Thanks for the reply, I missed this.

It's M365 hosted sharepoint, so I can imagine it may demand some kind of verified device / certificates and all kinds of things. Would WSL potentially help in bypassing this? I'm guessing not.

Any tips on how to find these headers? I'm guessing the dev tools?

digininja commented 1 month ago

If you look in dev tools then it will show you all the cookies that are set.

WSL won't help as the that won't change what the till sends.

On Sun, 28 Jul 2024, 11:07 jaxjexjox, @.***> wrote:

Thanks for the reply, I missed this.

It's M365 hosted sharepoint, so I can imagine it may demand some kind of verified device / certificates and all kinds of things. Would WSL potentially help in bypassing this? I'm guessing not.

Any tips on how to find these headers? I'm guessing the dev tools?

— Reply to this email directly, view it on GitHub https://github.com/digininja/CeWL/issues/120#issuecomment-2254459712, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAA4SWN5NBWLTKELYQKMT4TZOS7ENAVCNFSM6AAAAABJ43QX3GVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDENJUGQ2TSNZRGI . You are receiving this because you commented.Message ID: @.***>