Test SharePoint Security with this easy to use security vulnerability scan. Discover vulnerabilities, web server details and configuration errors.
SharePoint is a popular content management system built by Microsoft. Often used by corporations & enterprises it is a popular target for attackers. This SharePoint security scanner will test your Internet facing installation for security issues, configuration errors and poor reputation links so you can get to work mitigating the vulnerabilities.
Launch SharePoint Security Scan
Perform a Free SharePoint Security Scan with a low impact test.
Check any SharePoint based site and get a high level overview of the sites security posture. Once you see how easy it is grab a membership and test SharePoint with the dedicated Active Checks, Nikto, OpenVAS and more.
Sharepoint Security Testing is an essential part of managing any Sharepoint based site. Sharepoint is a content management system used by large enterprises, making it a popular target for attackers. Even a simple configuration error can lead to the exposure of sensitive data. Recent remote code execution vulnerabilities underscore the need for diligent security patching and system management.
We have a range of hosted tools for testing Sharepoint and other web platforms in a variety of use cases.
The freely available SharePoint check performs analysis from a simple page grab. Through examination of the HTML source code, javascript and a few other open publicly accessible pages it is possible to gain immediate insights into the state of security on the target site. This is without sending any aggressive security scanning, using only passive analysis methods.
Our second form of scanning involves using active security testing tools (OpenVAS, Nikto, Nmap are examples) that send hundreds of requests against the target site to find security issues (vulnerabilities) that are not immediately apparent from passive analysis.
617
published CVE's (vulnerabilities) for Sharepoint and its components
Comprehensive Security Testing
Get informed with detailed technical reporting
Assess the Security Posture of Any Web Site
Test underlying server and network accesses
Attack Surface Analysis with Bulk Testing
Intelligence for Red Teams, Blue Teams and Web Site Ops
Over the past 18 months there have been a number of critical security vulnerabilities identified in SharePoint. Following publication, high profile organisations have been compromised by both non-state and state actors (targeted state backed attackers).
Vulnerabilities are regularly discovered and patched (often monthly), however these recent vulnerabilities were remote code execution (RCE) - the worst type of vulnerability as it usually leads to complete server take over.
Microsoft SharePoint remains a high-value target for attackers, and recent incidents show why regular patching and security testing are essential. In 2025, Microsoft warned of active attacks against on-premises SharePoint Server, including vulnerabilities such as CVE-2025-49704, CVE-2025-49706, and later CVE-2025-53770 / CVE-2025-53771, which were linked to real-world compromise activity.
In 2026, serious SharePoint issues have continued, including CVE-2026-20963, a critical unauthenticated remote code execution vulnerability that has been observed in active exploitation and added to CISA’s Known Exploited Vulnerabilities catalog. Microsoft also released additional SharePoint security updates in March 2026 addressing further remote code execution and related flaws affecting supported on-premises SharePoint versions. These incidents are a strong reminder that SharePoint servers require ongoing patch management, exposure review, and regular security testing to reduce the risk of compromise.
End of Life (EOL) for SharePoint 2016 and 2019
The clock is ticking on this one. Keep this on your check list for those still on SharePoint on prem - July 14 2026 is EOL for these highly utilized products.
Simple Check List for SharePoint Security
SharePoint being backed by Microsoft is a robust product. However, there are a number of key items to be aware of when it comes to staying secure:
Apply Microsoft Updates: Patching is build into the automated Windows Update process. Ensure this is performed monthly to always get the latest security updates.
Regularly Audit Content: Always check that permissions are adequate across the site. Mistakes in assignment of permissions can lead to company data being leaked from simple mistakes.
Test Server for Vulnerabilities: Perform routine server vulnerability scanning to identify security issues that might otherwise be missed.
One of the things we love about open source security solutions is that you can not only run the tool and get results; but also dig into the code and understand what is being tested and why it is being tested. Knowledge is the key to a strong cyber security posture.
OpenVAS (now known as GVM) is a powerful framework developed by Greenbone Networks. As it is open source you are free to download, install and run on your own systems and Internal network. Here at hackertarget.com we simply offer a hosted version to save you time - so that you can get on doing what you do.
Discover
Vulnerability Scans & Network Intelligence
Map your attack surface, enumerate hosts, and identify open vulnerabilities across your perimeter.
