SauronEye v0.0.9 releases: find specific files containing specific words

SauronEye

SauronEye is a search tool built to aid red teams in finding files containing specific keywords.

Features:

• Search multiple (network) drives
• Search contents of files
• Search contents of Microsoft Office files (.doc, .docx, .xls, .xlsx)
• Search multiple drives multi-threaded for increased performance
• Compatible with Cobalt Strike’s execute-assembly

It’s also quite fast, can do 50k files, totaling 1,3 TB on a network drive in under a minute (with realistic file filters). Searches a C:\ (on a cheap SATA SSD) in about 15 seconds.

Changelog v0.0.9

• Fixed a bug where uppercase variants of a keyword would not be detected. This makes SauronEye case-insensitive (for now).

Download

Use

SauronEye.exe -Dirs C:\, \\SOMENETWORKDRIVE\C$ -FileTypes .txt,.bat,.docx, .conf -Contents -Keywords password,pass -SystemDirs

C:\>SauronEye.exe -Dirs C:\, -FileTypes .docx -Contents -Keywords password



         === SauronEye ===



Directories to search: c:\

For file types:.docx

Containing:password

Search contents: True

Searching dir: c:\



[!] Done searching file system, now searching contents

[+] c:\Users\vincent\Desktop\test.docx:

  this is a  testPassword = "welcome123"



Time elapsed=00:00:06.4837851

Notes

SauronEye does not search for %WINDIR% and %APPDATA%. Use the -SystemDirs flag to search the contents of Program Files*. SauronEye relies on multi-threading libraries only available from .NET 4.0, and so requires >= .NET 4.0 to run.

Copyright (C) 2019 vivami 

Source: https://github.com/vivami/