SnaffPoint is a tool for pointesters who are in need of some sweetness in this world. It should help you find sensitive files available on SharePoint online and on shared OneDrive files for your company (or your customer).
Link: https://github.com/nheiniger/SnaffPoint
A Post-exploitation Toolset for Interacting with the Microsoft Graph API
invoke-SearchSharePointAndOneDrive -Tokens $tokens -SearchTerm 'password'
Link: https://github.com/dafthack/GraphRunner
A Python tool that leverages SharePoint’s _api/search/query endpoint to enumerate sensitive files potentially containing credentials and download them in bulk using authenticated session cookies.