Project Description
This project is a simple SharePoint security scanner that will search for user interface WebForms throughout the SharePoint environment, and whether the currently connected user can access said page. The application is broke up into two parts, the primary scan will execute against main SPWeb pages and web services, and report whether they are reached. The secondary scan option will iterate SPList objects within a SPWeb.ListCollection and attempt to access the related FormCollection associated with the list to interrogate related SPForm objects. Options are provided to either connect through the SharePoint object model or through web services.

The scanner is simple to use. Install the application using the provided setup package. It does not need to run directly on a SharePoint machine since the only explicit reference to SharePoint assemblies is abstracted through a runtime assembly though. Thus, the web services option will abstract the object model reference requirement.

Start the application:

Click Open Connection:

And choose the connection type, and credential specifications:

When done hit connect, and you will return to the main form. Fill in whether you want to iterate SPList objects:

You can manage the web related urls, since the SPFormCollections are automated, through the Manage Web Inclusion List:

Scan the site, then you can view the results:

Have fun.

Adam Buenz

SharePoint MVP


Last edited Jan 6, 2012 at 5:11 PM by AdamBuenz, version 2