CyberCX has released its annual Digital Forensics and Incident Response Year in Review Report for 2023 →

Beautifying Snaffler

Technical

Published by Dajne Win, Security Testing and Assurance,  10 April 2024

 

Beautifying Snaffler: Parsing Snaffler Output into an Interactive Graphical Interface

 

Introduction

Efflanrs is a Python tool designed to enhance the usability of Snaffler’s (Sh3r4 & Loss (l0ss), 2023) output by transforming it into an HTML format that is both sortable and searchable. With Efflanrs, security professionals and administrators can easily analyse and navigate through the extensive data collected by Snaffler in a more intuitive and efficient manner.

Efflanrs has been written in-house and released by CyberCX for open source. This article explains how Efflanrs converts Snaffler’s output and how you can start using the streamlining tool today.

 

What is Snaffler?

Snaffler is a tool used by penetration testers to enumerate Windows Active Directory environments. It scans for file shares, identifies accessible files, and assists in locating potentially valuable information like credentials. Snaffler simplifies the process of finding sensitive data within large Windows environments, aiding in security assessments.

 

Efflanrs features

The HTML report generated by Efflanrs presents the Snaffler data in a structured and user-friendly format. The report includes tables that can be sorted based on the triage level, file path, creation date, or last modified date. This allows users to quickly identify patterns, outliers, or specific elements of interest. Additionally, search functionality is integrated into the report, enabling users to search for specific keywords, file types, or any other relevant information contained within the Snaffler output. This makes it easier to locate specific files, credentials, or other artifacts within a Windows environment.

 

How do I use Efflanrs?

Using Efflanrs has been made as simple as possible:  

  1. Using a system with Python 3, Git, and Pip download the latest version from: https://github.com/CyberCX-STA/efflanrs

This can be done by running the following commands:

git clone https://github.com/CyberCX-STA/efflanrs
cd efflanrs
  1. Now install the requirements for the Efflanrs script (make sure you use a Python virtual environment):
python3 -m venv venv && source venv/bin/activate
pip3 install -r requirements.txt
  1. Once the requirements have been installed, Efflanrs can be used to parse any Snaffler output in either JSON or standard output format. Example data is provided in the repository, and can be run using the following command:
python3 efflanrs.py “example data/snaffler.json”

A browser window should open and filters, sorting, and searching can be performed from the interface. An example of Efflanrs running is shown in the video below.

 

YouTube video

 

Summary

With Efflanrs, the process of manually parsing and analysing Snaffler’s output is streamlined. By converting the data into a sortable and searchable HTML format, the tool empowers security professionals to facilitate faster identification of potentially sensitive files. Whether used for penetration testing, red teaming, or network administration, Efflanrs is a valuable companion tool that enhances the effectiveness and productivity of Snaffler. You can download it from GitHub and start using it today.

 

References

Sh3r4, & Loss (l0ss), M. (2023, 06 27). Snaffler. Retrieved from GitHub: https://github.com/SnaffCon/Snaffler

 


 

We are hiring! CyberCX currently have open offensive roles in penetration testing, adversary simulation, and AppSec for Australia and New Zealand. If you are interested in working with the largest and most capable team in the region in a fun, rewarding, and challenging environment, please send your CV to [email protected]

 

Ready to get started?

Find out how CyberCX can help your organisation manage risk, respond to incidents and build cyber resilience.