Skip to main content

SnafflerSQLSniper.ps1

This file finds SQL server names, user IDs and passwords from a raw snaffler output, then outputs a list of mssqlclient.py connection strings that you can easily copy and paste!

# Prompt for input file
$inputFile = Read-Host "Enter the path to the input file"

# Check if the file exists
if (-Not (Test-Path $inputFile)) {
    Write-Host "File not found. Exiting." -ForegroundColor Red
    exit
}

# Generate timestamp and output file name
$timestamp = Get-Date -Format "yyyy-MM-dd-HHmm"
$outputFile = "$($inputFile -replace '\.log$', '')_$timestamp.log"

# Process the file
Get-Content $inputFile |
    ForEach-Object -Begin { $lineNumber = 0 } -Process {
        $lineNumber++
        Write-Host "Analyzing line: $_" -ForegroundColor Yellow
        
        # Clean up the line by removing escape characters and handling XML entities
        $cleanLine = $_ -replace '\\\ ', ' ' -replace '\\r\\n', '' -replace '&', '&'
        
        # More comprehensive pattern matching
        if ($cleanLine -match '(?i)(Data Source|Server)\s*=\s*([^;,"\s]+)') {
            # Clean up the data source by removing everything after double backslashes
            $ds = $matches[2].Trim() -replace '\\\\.*$', ''
            Write-Host "Found DataSource: $ds" -ForegroundColor Green
            
            if ($cleanLine -match '(?i)(Initial Catalog|Database|dbName)\s*=\s*([^;,"\s]+)') {
                $db = $matches[2].Trim()
                Write-Host "Found Database: $db" -ForegroundColor Green
                
                if ($cleanLine -match '(?i)(User ID|uid|userName)\s*=\s*([^;,"\s]+)') {
                    $uid = $matches[2].Trim()
                    Write-Host "Found UserID: $uid" -ForegroundColor Green
                    
                    # More permissive password pattern with exclusion
                    if ($cleanLine -match '(?i)password\s*=\s*"?([^;,""\s\r\n]+)"?' -and 
                        $matches[1].Trim() -ne '.+(') {
                        $pwd = $matches[1].Trim()
                        Write-Host "Found Password: $pwd" -ForegroundColor Green
                        
                        [PSCustomObject]@{
                            DataSource = $ds
                            Database = $db
                            UserId = $uid
                            Password = $pwd
                            LineNumber = $lineNumber
                        }
                    }
                }
            }
        }
    } |
    Sort-Object -Property DataSource -Unique -CaseSensitive:$false |
    ForEach-Object {
        Write-Host "Writing match to file..." -ForegroundColor Magenta
        # Format the output with line number
        "Data Source=$($_.DataSource), database=$($_.Database), user id=$($_.UserId), password=$($_.Password) [Line: $($_.LineNumber)]"
    } |
    Out-File -FilePath $outputFile -Encoding UTF8

# Add MSSQL connection strings at the end
"" | Out-File -FilePath $outputFile -Append -Encoding UTF8
"MSSQL Connection Strings:" | Out-File -FilePath $outputFile -Append -Encoding UTF8
"----------------------" | Out-File -FilePath $outputFile -Append -Encoding UTF8
Get-Content $outputFile | 
    Where-Object { $_ -match "Data Source=(.*?), database=(.*?), user id=(.*?), password=(.*?) \[Line:" } |
    ForEach-Object {
        $ds = $matches[1]
        $uid = $matches[3]
        $pwd = $matches[4]
        [PSCustomObject]@{
            Server = $ds
            Command = "mssqlclient.py $($uid):'$($pwd)'@$($ds) -debug"
        }
    } |
    Sort-Object -Property Server -CaseSensitive:$false |
    ForEach-Object { $_.Command } |
    Out-File -FilePath $outputFile -Append -Encoding UTF8

Write-Host "Processing complete. Output saved to: $outputFile" -ForegroundColor Green