Snaffler
Snaffler is a tool designed for pentesters and red teamers to discover credentials and other sensitive information within Windows Active Directory environments. It automates the process of enumerating file shares, identifying accessible shares, and analyzing file contents for potential security vulnerabilities.
Key Features:
- Automated Share Enumeration: Discovers Windows computers from Active Directory and identifies accessible file shares.
- File Content Analysis: Employs pattern matching (regex and keyword-based) to identify files containing sensitive data like passwords, API keys, and configuration details.
- Customizable Rules: Uses a flexible ruleset based on TOML configuration files, allowing users to define specific file types, patterns, and keywords to search for.
- Targeted Scanning: Offers options to limit scans to specific hosts, directories, or DFS shares for stealthier operations.
- Output Options: Supports various output formats, including plain text, TSV, and JSON, for easy integration with other tools.
- File Snaffling: Can automatically copy identified files for offline analysis.
- UltraSnaffler Support: (Separate build) Enables parsing of complex file formats like Office documents and PDFs.
Use Cases:
- Internal Penetration Testing: Identifying exposed credentials and sensitive data within an organization's network.
- Red Team Engagements: Discovering attack vectors and valuable information for lateral movement and privilege escalation.
- Compromised System Analysis: Quickly scanning a compromised system for stored credentials and sensitive files.
- Security Audits: Assessing the security posture of file shares and identifying potential data leakage risks.
