Jackdaw is here to collect all information in your domain, store it in a SQL database and show you nice graphs on how your domain objects interact with each-other an how a potential attacker may exploit these interactions. It also comes with a handy feature to help you in a password-cracking project by storing/looking up/reporting hashes/passwords/users.
Features:
- Data acquisition via: LDAP, SMB, Kerberos, LSASS dumps, DCSYNC results, manual upload.
- Graph: the framework can generate a graph using the available information in the database and plot it via the web UI (nest).
- Anomalies detection: the framework can identify common AD misconfigurations without graph generation.
- Password cracking: the framework does not performing any cracking, only organizing the hashes and the cracking results.
- Database backend.
- Web UI written in React.
Quick usage info
- If not using automatic collection (eg. not on Windows) you will need to create an initial empty database via dbinit
- First you need to perform enum. This can be done automatically on windows by double-clicking on the executable, or typing jackdaw.exe auto.
- Second you will need to run nest to get the web interface. By default it is served under http://127.0.0.1:5000/nest there is a SWAGGER documented API under http://127.0.0.1:5000/ui.
- Web interface, you will need to go to the domain view and click on Generate graph cache only once to get the edge information in a cache file. it might take a while but in the command line you will see a progress bar.
- After graph cache is done, you can play with the graph on the graph view but don’t forget to select the corrrect cache number on the top left.
GitHub
- https://github.com/skelsec/jackdaw