SharePointDumper is a PowerShell utility that extracts and audits SharePoint sites using Microsoft Graph. Designed for security operations center (SOC) and data loss prevention (DLP) testing, it’s particularly useful for purple teaming and basic red team assessments. The tool generates comprehensive reports detailing downloaded files and all HTTP requests made during the process, aiding SIEM correlation. It doesn't handle authentication itself; instead, it requires an existing OAuth2 access token with permissions like Sites.Read.All or Sites.ReadWrite.All. Users can enumerate SharePoint sites, drives, folders, and files without needing external dependencies, like Microsoft Graph PowerShell modules. Features include customizable user agents, download limits, filtering options for sites and file types, and adjustable request throttling. The tool manages token redaction and graceful shutdowns, ensuring reports and logs are complete even if interrupted. A resume mode allows users to skip files that have already been downloaded, enhancing efficiency. For authentication, SharePointDumper relies on tokens obtained from first-party Microsoft applications, such as Microsoft Teams or OneDrive. The documentation provides specific client IDs and PowerShell commands for easy token generation. Using EntraTokenAid can simplify this process, allowing for the acquisition of CAE-enabled tokens that remain valid for 24 hours, minimizing disruption during extensive operations.