Snaffler
- Thiru T
- Dec 23, 2024
- 1 min read
Snaffler is an advanced credential scanner/collector for Active Directory environments. With a great README.
Snaffler uses a system of "classifiers", each of which examine shares or folders or files or file contents, passing some items downstream to the next classifier, and discarding others. Each classifier uses a set of rules to decide what to do with the items it classifies.
More information about Snaffler rules.
'Broadly speaking - it gets a list of Windows computers from Active Directory, then spreads out its snaffly appendages to them all to figure out which ones have file shares, and whether you can read them.' - Snaffler README (2023)
Install:
You can download the binary from the GitHub Releases Page.
Usage:
# Targeted local scan (less likely to trigger detections)
Snaffler.exe -s -i C:\
# Go in loud and find everything
snaffler.exe -s -o snaffler.log
Comments