reddit hackernews mail facebook facebook linkedin


Gather gather gather.

Jackdaw is here to collect all information in your domain, store it in a SQL database and show you nice graphs on how your domain objects interact with each-other an how a potential attacker may exploit these interactions. It also comes with a handy feature to help you in a password-cracking project by storing/looking up/reporting hashes/passwords/users.

- Data acquisition via: LDAP, SMB, Kerberos, LSASS dumps, DCSYNC results, manual upload.
- Graph: the framework can generate a graph using the available information in the database and plot it via the web UI (nest).
- Anomalies detection: the framework can identify common AD misconfigurations without graph generation.
- Password cracking: the framework does not performing any cracking, only organizing the hashes and the cracking results.
- Database backend.
- Web UI written in React.