Snaffler Impacket port - find credentials and sensitive data on SMB shares

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for totekuh from gravatar.com totekuh

Unverified details

These details have not been verified by PyPI
Meta
  • Author: totekuh
  • Requires: Python >=3.9
  • Provides-Extra: test
Report project as malware

Project description

snaffler-ng

Impacket port of Snaffler.

snaffler-ng is a post-exploitation / red teaming tool designed to discover readable SMB shares, walk directory trees, and identify credentials and sensitive data on Windows systems.

Features

  • SMB share discovery via SRVSVC (NetShareEnum)
  • DFS namespace discovery via LDAP (v1 + v2), merged and deduplicated with share enumeration
  • Recursive directory tree walking
  • Regex-based file and content classification
  • NTLM authentication (password or pass-the-hash)
  • Kerberos authentication
  • Multithreaded scanning (share / tree / file stages)
  • Optional file download (“snaffling”)
  • Resume support via SQLite state database
  • Compatible with original and custom TOML rule sets
  • Deterministic, ingestion-friendly logging (plain / JSON / TSV)
  • Pipe-friendly: accepts NetExec (nxc) --shares output via --stdin

Installation

pip install snaffler-ng

Quick Start

Full Domain Discovery

Providing only a domain triggers full domain discovery:

snaffler \
  -u USERNAME \
  -p PASSWORD \
  -d DOMAIN.LOCAL

This will automatically:

  • Query Active Directory for computer objects
  • Discover DFS namespace targets via LDAP (v1 fTDfs + v2 msDFS-Linkv2)
  • Enumerate SMB shares on discovered hosts
  • Merge and deduplicate DFS and SMB share paths
  • Scan all readable shares

When using Kerberos, set KRB5CCNAME to a valid ticket cache and use hostnames/FQDNs:

snaffler \
-k \
--use-kcache \
-d DOMAIN.LOCAL \
--dc-host CORP-DC02

Targeted Scans

Scan a specific UNC path (no discovery):

snaffler \
  -u USERNAME \
  -p PASSWORD \
  --unc //192.168.1.10/Share

snaffler-ng run

Scan multiple computers (share discovery enabled):

snaffler \
  -u USERNAME \
  -p PASSWORD \
  --computer 192.168.1.10 \
  --computer 192.168.1.11

Load target computers from file:

snaffler \
  -u USERNAME \
  -p PASSWORD \
  --computer-file targets.txt

Pipe from NetExec (nxc)

Pipe nxc smb --shares output directly into snaffler-ng with --stdin:

nxc smb 10.8.50.20 -u user -p pass --shares | snaffler -u user -p pass --stdin

This parses NXC's share output, extracts UNC paths, and feeds them into the file scanner. Snaffler's existing share/directory rules handle filtering.

Logging & Output Formats

snaffler-ng supports three output formats, each with a distinct purpose:

  • Plain (default, human-readable)
  • JSON (structured, SIEM-friendly)
  • TSV (flat, ingestion-friendly)

Resume Support

Large environments are expected.

You can resume interrupted scans using the --resume argument:

snaffler \
-u USERNAME \
-p PASSWORD \
--computer-file targets.txt \
--resume

State tracks processed shares, directories, and files to avoid re-scanning.

Authentication Options

  • NTLM username/password
  • NTLM pass-the-hash (--hash)
  • Kerberos (-k)
  • Kerberos via existing ccache (--use-kcache)

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for totekuh from gravatar.com totekuh

Unverified details

These details have not been verified by PyPI
Meta
  • Author: totekuh
  • Requires: Python >=3.9
  • Provides-Extra: test

Release history Release notifications | RSS feed

1.5.11

1.5.10

1.5.9

1.5.8

1.5.7

1.5.6

1.5.5

1.5.4

1.5.3

1.5.2

1.5.1

1.5.0

1.4.1

1.4.0

1.3.0

1.2.1

1.1.2

1.1.1

This version

1.1.0

1.0.2

1.0.1

1.0.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

snaffler_ng-1.1.0.tar.gz (60.3 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

snaffler_ng-1.1.0-py3-none-any.whl (90.8 kB view details)

Uploaded Python 3

File details

Details for the file snaffler_ng-1.1.0.tar.gz.

File metadata

  • Download URL: snaffler_ng-1.1.0.tar.gz
  • Upload date:
  • Size: 60.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for snaffler_ng-1.1.0.tar.gz
Algorithm Hash digest
SHA256 a2efd3858022d4a1362140207547f8aac7abaa0be090f5ed807c3c4c05b5d524
MD5 82bce94b4ee22b7d450e15fe0c208038
BLAKE2b-256 2bafe8040f640ff690ec4c40b374b4334f08135e12259daf72337aae3d28fede

See more details on using hashes here.

File details

Details for the file snaffler_ng-1.1.0-py3-none-any.whl.

File metadata

  • Download URL: snaffler_ng-1.1.0-py3-none-any.whl
  • Upload date:
  • Size: 90.8 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for snaffler_ng-1.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 913c9df5770b0e25dbed78ca37baca79f02f17732e350ea9d029713bab99b28f
MD5 4fa611e8d2ef9506c4f103e20a7a92b4
BLAKE2b-256 474890b8a2bb6011fe032a87174fd7e5ca64497290742504c37f55d17ee96623

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page