Pentesting Tools

Snaffler Output File Parser – Enhancing Data Analysis With Advanced Features

Especially in large environments, the Snaffler output gets very large and time-consuming to analyze.

This script parse the Snaffler output file (TSV format required) and:

  • Beautify it: Proper tables and different output formats like TXT, CSV, HTML, JSON or PS Gridview.
  • The HTML output file:
    • Supports basic sorting and filtering (severity & extension)
    • Highlights the finding keyword in the file preview text
    • Contains direct links to the parent folder of the file and a download link for the file itself.
    • Contains basing information about the Snaffler job.
  • Sorts based on the severity (black, red, yellow, green) and then by date or unc.
  • Can export all the shares to the Explorer++ config files as bookmarks.
  • Generate a list of all shares Snaffler was able to access (might be useful for your client).

Preconditions And Usage

Snaffler must be executed with the -y switch in order to create an output file in the TSV format.

Example: .\Snaffler.exe -o snafflerout.txt -s -y

Simple Parse

Simple parse the file my_snaffler_output.txt and write output with default sorting (severity, date modified) and default output files (TXT, CSV, HTML). .\snafflerparser.ps1 -in my_snaffler_output.txt

Output Options

The different file output options are:

  • -outformat all Write txt, csv, html and json
  • -outformat txt Write txt
  • -outformat csv Write csv
  • -outformat html Write html (includes clickable links)
  • -outformat json Write json

Those files can be splitted regarding the finding severity (black, red, yellow, green) using the -split switch.

Additonally a PS gridview output can be showed using “-gridview`.

Sorting

The output will always be sorted regarding the severity than it can be sorted by:

  • -sort modified File modified date (default)
  • -sort keyword Snaffler keyword
  • -sort unc File UNC Path
  • -sort rule Snaffler rule name

Explorer++ Integration

Explorer++ is an alternative file explorer on windows.

The great thing is that unlike the Windows Explorer it can be executed in another user’s context including the /netonly switch. This is useful when performing a pentest from a dedicated, non-domain joined pentest notebook or VM.

For more information click here.

Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

Leave a Comment
Share
Published by
Varshini
Tags: cybersecurityinformationsecuritykalilinuxkalilinuxtools
6 months ago

Recent Posts

Starship : Revolutionizing Terminal Experiences Across Shells

Starship is a powerful, minimal, and highly customizable cross-shell prompt designed to enhance the terminal…

7 hours ago

Lemmy : A Decentralized Link Aggregator And Forum For The Fediverse

Lemmy is an innovative, open-source platform designed for link aggregation and discussion, providing a decentralized…

7 hours ago

Massive UX Improvements, Custom Disassemblers, And MSVC Support In ImHex v1.37.0

The latest release of ImHex v1.37.0 introduces a host of exciting features and improvements, enhancing…

9 hours ago

Ghauri : A Powerful SQL Injection Detection And Exploitation Tool

Ghauri is a cutting-edge, cross-platform tool designed to automate the detection and exploitation of SQL…

12 hours ago

Writing Tools : Revolutionizing The Art Of Writing

Writing tools have become indispensable for individuals looking to enhance their writing efficiency, accuracy, and…

12 hours ago

PatchWerk : A Tool For Cleaning NTDLL Syscall Stubs

PatchWerk is a proof-of-concept (PoC) tool designed to clean NTDLL syscall stubs by patching syscall…

1 day ago