Snaffler reimplementation in Python - https://github.com/SnaffCon/Snaffler
Thank you to MANSPIDER for the helpful code that I stole: https://github.com/blacklanternsecurity/MANSPIDER
Tested with Python 3.10.6
This tool works by first sending a LDAP query to the specified target to discover other domain joined machines, and then attempts to login (authenticated or not) through SMB and retrieve interesting files (currently work in progress).
SnafflePy includes different options and methods of enumeration. It can discover AD joined computers automatically by performing specific LDAP queries to Active Directory and include them in its target list, or if you want to disable this, it can also manually take in a list of IPs, hostnames, or CIDR ranges as its targets. It can also return every share and filename that is readable on the target network, authenticated or unauthenticated. If the credentials provided fail, then SnafflePy will automatically attempt to login via a Guest user, and if that fails it will attempt to login via a “NULL” session. It also supports the original TOML rule formats from Snaffler and uses them to identify interesting share names and return them to the user. Currently, SnafflePy can identify common password files by extension and name, backup files by extension, and SSN by regex in file content.
- Classifier system from Snaffler to find interesting files
- Make it way faster
- Output to JSON
Sometimes you do not always have access to a domain joined windows machine when you want to Snaffle. With this tool, you can "snaffle" from a non windows machine!
-
Clone this repository
-
Optional but encouraged, create a virtual enviroment for this project
-
pip install -r requirements.txt
SnafflePy by @robert-todora
usage: snaffler.py [-h] [-u USERNAME] [-p PASSWORD] [-d DOMAIN] [-H HASH] [-v] [--go-loud] [-m size] [-n] [--no-download] targets [targets ...]
A "port" of Snaffler in python
positional arguments:
targets IPs, hostnames, CIDR ranges, or files contains targets to snaffle. If you are providing more than one target, the -n option must be used.
options:
-h, --help show this help message and exit
-u USERNAME, --username USERNAME
domain username
-p PASSWORD, --password PASSWORD
password for domain user
-d DOMAIN, --domain DOMAIN
FQDN domain to authenticate to, if this option is not provided, SnafflePy will attempt to automatically discover the domain for you
-H HASH, --hash HASH NT hash for authentication
-v, --verbose Show more info
--go-loud Don't try to find anything interesting, literally just go through every computer and every share and print out as many files as possible. Use at your own risk
-m size, --max-file-snaffle size
Max filesize to snaffle in bytes (any files over this size will be dropped)
-n, --disable-computer-discovery
Disable computer discovery, requires a list of hosts to do discovery on
--no-download Don't download files, just print found file names to stdout - this can only show the top level of files from the share and is unable to recurse into subdirectories.
- Snaffle all files, directories, and shares and output them to stdout, files will be downloaded to
PATH-TO-PROJECT/remotefiles/
python3 snaffler.py <IP> -u <username> -p <password> -d <domain> --go-loud
- Automatically discover the domain name and identify interesting shares and find a limited number of interesting files from them
python3 snaffler.py <IP> -u <username> -p <password> -v
Robert Todora - robert.todora@cisa.dhs.gov