Skip to content

Sec-Dan/CVE-2025-53770-Scanner

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
.gitattributes
.gitattributes
 
 
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 
spScanner.py
spScanner.py
 
 
splash.txt
splash.txt
 
 

Repository files navigation

CVE-2025-53770 Scanner by DanSec

A simple, effective reconnaissance tool to identify potential exposure to the critical SharePoint vulnerability CVE-2025-53770.

Warning

This tool is intended for authorised testing purposes only.
The author (DanSec) takes no responsibility for misuse or damage caused by unauthorised scanning or usage. Ensure you have explicit permission to scan any domain or service before using this tool.

About CVE-2025-53770

CVE-2025-53770 ("ToolShell") is a critical vulnerability affecting on-premises SharePoint Server versions 2016, 2019, and Subscription Edition.

It enables unauthenticated remote code execution (RCE) via:

  • Authentication bypass by header spoofing (CVE-2025-53771)
  • Upload of a malicious ASPX web shell (spinstall0.aspx)
  • Extraction of cryptographic secrets from web.config
  • Unsafe deserialization exploiting ViewState to execute code remotely

This vulnerability has been actively exploited, prompting urgent warnings from authorities worldwide.

For detailed information:

What Does This Scanner Do?

  • Performs subdomain enumeration (using Sublist3r and crt.sh) to identify potential SharePoint hosts.
  • Safely checks each discovered subdomain for signs of vulnerability to CVE-2025-53770.
  • Outputs results in a structured CSV file for easy review.

This scanner DOES NOT exploit the vulnerability. It merely identifies potential points of exposure.

Installation

Clone the repository and install dependencies:

git clone https://github.com/Sec-Dan/CVE-2025-53770-Scanner.git
cd CVE-2025-53770-scanner
pip install -r requirements.txt

Usage

python spScanner.py <target_domain> [options]

Example:

python spScanner.py example.com --threads 5 --retries 2

Available Flags

Flag Description Default
<target_domain> Root domain to scan (required) -
-o, --output CSV output filename CVE-2025-53770_output.csv
--passive Run a passive scan (skip subdomain enumeration) Disabled
--threads Number of concurrent scan threads 1
--retries Number of retries per host 1
--rate-limit Max requests per second (0 for unlimited) 0

Interpreting Results

  • VULNERABLE (Red): HTTP 200 OK responses, potentially vulnerable
  • CLEAN (Green): Other HTTP responses, likely not exposed
  • ERRORS (Yellow): Connection or network errors

The resulting CSV file will contain detailed status for each scanned subdomain.

Responsible Usage

  • Always obtain explicit authorization before scanning.
  • Inform stakeholders before initiating scans, especially in sensitive environments.
  • Use only on systems you own, manage, or have explicit consent to test.

Issues & Contributions

Found a bug or have a feature request? Open an issue or pull request!

Stay safe, and happy scanning!
DanSec

About

A Python-based reconnaissance scanner for safely identifying potential exposure to SharePoint vulnerability CVE-2025-53770.

Topics

osint vulnerability infosec sharepoint cve pentest blueteam sharepoint-2016 reconnaissance security-tool cve-2025-53770

Resources

Readme
Activity

Stars

2 stars

Watchers

0 watching

Forks

1 fork
Report repository

Contributors

Languages