Published by Dajne Win, Security Testing and Assurance, 10 April 2024
Beautifying Snaffler: Parsing Snaffler Output into an Interactive Graphical Interface
Introduction
Efflanrs is a Python tool designed to enhance the usability of Snaffler’s (Sh3r4 & Loss (l0ss), 2023) output by transforming it into an HTML format that is both sortable and searchable. With Efflanrs, security professionals and administrators can easily analyse and navigate through the extensive data collected by Snaffler in a more intuitive and efficient manner.
Efflanrs has been written in-house and released by CyberCX for open source. This article explains how Efflanrs converts Snaffler’s output and how you can start using the streamlining tool today.
What is Snaffler?
Snaffler is a tool used by penetration testers to enumerate Windows Active Directory environments. It scans for file shares, identifies accessible files, and assists in locating potentially valuable information like credentials. Snaffler simplifies the process of finding sensitive data within large Windows environments, aiding in security assessments.
Efflanrs features
The HTML report generated by Efflanrs presents the Snaffler data in a structured and user-friendly format. The report includes tables that can be sorted based on the triage level, file path, creation date, or last modified date. This allows users to quickly identify patterns, outliers, or specific elements of interest. Additionally, search functionality is integrated into the report, enabling users to search for specific keywords, file types, or any other relevant information contained within the Snaffler output. This makes it easier to locate specific files, credentials, or other artifacts within a Windows environment.
How do I use Efflanrs?
Using Efflanrs has been made as simple as possible:
- Using a system with Python 3, Git, and Pip download the latest version from: https://github.com/CyberCX-STA/efflanrs
This can be done by running the following commands:
git clone https://github.com/CyberCX-STA/efflanrs cd efflanrs
- Now install the requirements for the Efflanrs script (make sure you use a Python virtual environment):
python3 -m venv venv && source venv/bin/activate pip3 install -r requirements.txt
- Once the requirements have been installed, Efflanrs can be used to parse any Snaffler output in either JSON or standard output format. Example data is provided in the repository, and can be run using the following command:
python3 efflanrs.py “example data/snaffler.json”
A browser window should open and filters, sorting, and searching can be performed from the interface. An example of Efflanrs running is shown in the video below.
Summary
With Efflanrs, the process of manually parsing and analysing Snaffler’s output is streamlined. By converting the data into a sortable and searchable HTML format, the tool empowers security professionals to facilitate faster identification of potentially sensitive files. Whether used for penetration testing, red teaming, or network administration, Efflanrs is a valuable companion tool that enhances the effectiveness and productivity of Snaffler. You can download it from GitHub and start using it today.
References
Sh3r4, & Loss (l0ss), M. (2023, 06 27). Snaffler. Retrieved from GitHub: https://github.com/SnaffCon/Snaffler
We are hiring! CyberCX currently have open offensive roles in penetration testing, adversary simulation, and AppSec for Australia and New Zealand. If you are interested in working with the largest and most capable team in the region in a fun, rewarding, and challenging environment, please send your CV to [email protected]
