Jackdaw – Windows Domain Information Gathering Tool

Posted on

Jackdaw is here to collect all information in your domain, store it in a SQL database and show you nice graphs on how your domain objects interact with each-other an how a potential attacker may exploit these interactions. It also comes with a handy feature to help you in a password-cracking project by storing/looking up/reporting hashes/passwords/users.

Features:

  • Data acquisition via: LDAP, SMB, Kerberos, LSASS dumps, DCSYNC results, manual upload.
  • Graph: the framework can generate a graph using the available information in the database and plot it via the web UI (nest).
  • Anomalies detection: the framework can identify common AD misconfigurations without graph generation.
  • Password cracking: the framework does not performing any cracking, only organizing the hashes and the cracking results.
  • Database backend.
  • Web UI written in React.

Quick usage info

  • If not using automatic collection (eg. not on Windows) you will need to create an initial empty database via dbinit
  • First you need to perform enum. This can be done automatically on windows by double-clicking on the executable, or typing jackdaw.exe auto.
  • Second you will need to run nest to get the web interface. By default it is served under http://127.0.0.1:5000/nest there is a SWAGGER documented API under http://127.0.0.1:5000/ui.
  • Web interface, you will need to go to the domain view and click on Generate graph cache only once to get the edge information in a cache file. it might take a while but in the command line you will see a progress bar.
  • After graph cache is done, you can play with the graph on the graph view but don’t forget to select the corrrect cache number on the top left.

GitHub

  • https://github.com/skelsec/jackdaw

 

Budak korporat yang hobi nulis. Pengguna Kali Linux sebagai daily driver. Kadang nonton anime di waktu luang.