Home Pentesting Tools Snaffler Output File Parser – Enhancing Data Analysis With Advanced Features

Pentesting Tools

Snaffler Output File Parser – Enhancing Data Analysis With Advanced Features

Tamil S

August 19, 2024

Especially in large environments, the Snaffler output gets very large and time-consuming to analyze.

This script parse the Snaffler output file (TSV format required) and:

Beautify it: Proper tables and different output formats like TXT, CSV, HTML, JSON or PS Gridview.
The HTML output file:
- Supports basic sorting and filtering (severity & extension)
- Highlights the finding keyword in the file preview text
- Contains direct links to the parent folder of the file and a download link for the file itself.
- Contains basing information about the Snaffler job.
Sorts based on the severity (black, red, yellow, green) and then by date or unc.
Can export all the shares to the Explorer++ config files as bookmarks.
Generate a list of all shares Snaffler was able to access (might be useful for your client).

Preconditions And Usage

Snaffler must be executed with the -y switch in order to create an output file in the TSV format.

Example: .\Snaffler.exe -o snafflerout.txt -s -y

Simple Parse

Simple parse the file my_snaffler_output.txt and write output with default sorting (severity, date modified) and default output files (TXT, CSV, HTML). .\snafflerparser.ps1 -in my_snaffler_output.txt

Output Options

The different file output options are:

-outformat all Write txt, csv, html and json
-outformat txt Write txt
-outformat csv Write csv
-outformat html Write html (includes clickable links)
-outformat json Write json

Those files can be splitted regarding the finding severity (black, red, yellow, green) using the -split switch.

Additonally a PS gridview output can be showed using “-gridview`.

Sorting

The output will always be sorted regarding the severity than it can be sorted by:

-sort modified File modified date (default)
-sort keyword Snaffler keyword
-sort unc File UNC Path
-sort rule Snaffler rule name

Explorer++ Integration

Explorer++ is an alternative file explorer on windows.

The great thing is that unlike the Windows Explorer it can be executed in another user’s context including the /netonly switch. This is useful when performing a pentest from a dedicated, non-domain joined pentest notebook or VM.

For more information click here.

Snaffler Output File Parser – Enhancing Data Analysis With Advanced Features

Preconditions And Usage

Simple Parse

Output Options

Sorting

Explorer++ Integration

LEAVE A REPLY Cancel reply

APPLICATIONS

Chlonium : Chromium Cookie Import / Export Tool

Storm-Breaker : Tool Social Engineering (Access Webcam, Microphone, OS Password Grabber And Location Finder)...

SharpNamedPipePTH : Pass The Hash To A Named Pipe For Token Impersonation

Manticore : Symbolic Execution Tool

HOT NEWS

Okta Terrify – Exposing Vulnerabilities In Passwordless Authentication

EVEN MORE NEWS

DependencyTrack 4.10.0 – Release Overview And Security Hashes

DependencyTrack 4.10.1 – Release Update And Verification Details

Dependency Track 4.11.0 – Enhancements, Bug Fixes, And Dependency Updates

POPULAR CATEGORY

ACLToolkit – The Ultimate ACL Abuse Toolkit Guide

Firefly : Revolutionizing Security Testing With Advanced Black-Box Fuzzing

EDRSandblast-GodFault: Advanced EDR Bypass Tool