Writing a poor man’s On-Prem Sharepoint file-enumerator

So i got tasked with searching through our on-prem Sharepoint at work for some sensitive files but my searches took way too long to do manually, so i needed something to automate my task.

I talked about my little problem with my coworkers and one of them pointed me to Nicolas Heinigers Tool SnaffPoint. It looked like the perfect solution for my problem but there was one small issue. The Enumerator only works for Sharepoint instances, which are hosted on Microsoft O365. So i had to look for another Solution (spoiler alert: which i did not find in the end).

I took a look at the SharePoint API documentation from Microsoft and found out that it supports searching through the entire Sharepoint.

After a bit of reading the documentation i came up with this powershell command:

$link = "https://" + $Domain + "/_api/search/query?querytext=%27" + $Keyword + "%27&rowlimit=1000&selectproperties=%27Path,HitHighlightedSummary%27"
$Results = (iwr -uri $link -UseDefaultCredentials).Content

This API call basically gives out all of the matches for the keyword that you provide (as long as you don’t have more than 50’000 results because SharePoints API can’t handle more :D).

If your company doesn’t use NTLM or Kerberos Authentication for SharePoint you maybe have to substitue the -UseDefaultCredentials for something that corresponds to your preferred authentication method (i.e. supplying credentials).

So now all that’s left to do is extract all of the sensitive file keywords from SnaffPoint and do some regex magic to parse out the info and Voilà! You got yourself a half decent SharePoint Enumerator :D. Try it out!

PR’s for this bad boy right here are always welcome :)