Recon Tool: SauronEye
Reading Time: 2 Minutes
SauronEye
SauronEye by Vivami is a powerful recon search tool designed for red teams. It allows users to search for specific keywords, such as passwords and secrets, across multiple network drives and within the contents of files, including Microsoft Office files (such as .doc, .docx, .xls, and .xlsx) and even VBA macros in old 2003 .xls and .doc files. The tool leverages multi-threading for improved performance, supports regular expressions in search keywords, and is compatible with Cobalt Strike’s execute-assembly.
With the capability to search over 50,000 files totaling 1.3 TB on a network drive in under a minute, and a local drive in just 15 seconds, SauronEye is both fast and effective in finding critical information.
See Also: So you want to be a hacker?
Offensive Security Courses
Usage examples
C:\>SauronEye.exe -d C:\Users\vincent\Desktop\ --filetypes .txt .doc .docx .xls --contents --keywords password pass* -v`
=== SauronEye ===
Directories to search: C:\Users\vincent\Desktop\
For file types: .txt, .doc, .docx, .xls
Containing: wacht, pass
Search contents: True
Search Office 2003 files for VBA: True
Max file size: 1000 KB
Search Program Files directories: False
Searching in parallel: C:\Users\vincent\Desktop\
[+] C:\Users\vincent\Desktop\test\wachtwoord - Copy (2).txt
[+] C:\Users\vincent\Desktop\test\wachtwoord - Copy (3).txt
[+] C:\Users\vincent\Desktop\test\wachtwoord - Copy.txt
[+] C:\Users\vincent\Desktop\test\wachtwoord.txt
[+] C:\Users\vincent\Desktop\pass.txt
[*] Done searching file system, now searching contents
[+] C:\Users\vincent\Desktop\pass.txt
...the admin password=admin123...
[+] C:\Users\vincent\Desktop\test.docx:
...this is a testPassword = "welkom12...
Done. Time elapsed = 00:00:01.6656911
Trending: Recon Tool: ScopeHunter
Trending: Offensive Security Tool: Freeze
Search multiple directories, including network drives:
SauronEye.exe --directories C:\ \\SOMENETWORKDRIVE\C$ --filetypes .txt .bat .docx .conf --contents --keywords password pass*
Search paths and shares containing spaces:
SauronEye.exe -d "C:\Users\user\Path with a space" -d "\\SOME NETWORK DRIVE\C$" --filetypes .txt --keywords password pass*
Notes
SauronEye does not search %WINDIR% and %APPDATA%. Use the –systemdirs flag to search the contents of Program Files*. SauronEye relies on functionality only available from .NET 4.7.2, and so requires >= .NET 4.7.2 to run.
Clone the repo from here: GitHub Link
Recent Tools
Offensive Security Tool: emp3r0r
emp3r0r is a post-exploitation framework designed for both Linux and …Blue Team Tool: Ghostport
Ghostport is a sophisticated port spoofing tool designed to confuse …Red Teaming Tool: avred
Avred is a tool designed for Red Teamers to identify …Recon Tool: emailFinder
emailFinder is a web scraping tool that extracts email addresses …
Offensive Security & Ethical Hacking Course
Begin the learning curve of hacking now!
Information Security Solutions
Find out how Pentesting Services can help you.
