SauronEye is a search tool built to aid red teams in finding files containing specific keywords.

Features:

• Search multiple (network) drives
• Search contents of files
• Search contents of Microsoft Office files (.doc, .docx, .xls, .xlsx)
• Search multiple drives multi-threaded for increased performance
• Supports regular expressions in search keywords
• Compatible with Cobalt Strike's execute-assembly

It's also quite fast, can do 50k files, totaling 1,3 TB on a network drive in under a minute (with realistic file filters). Searches a C:\ (on a cheap SATA SSD) in about 15 seconds.

SauronEye.exe -Dirs C:\, \\SOMENETWORKDRIVE\C$ -FileTypes .txt,.bat,.docx, .conf -Contents -Keywords password,pass* -SystemDirs

C:\>SauronEye.exe -Dirs C:\Users\vincent\Desktop\ -Keywords wacht*, pass* -Filetypes .txt, .doc, .docx, .xls -Contents

	=== SauronEye ===

Directories to search: c:\users\vincent\desktop\
For file types: .txt, .doc, .docx, .xls
Containing: wacht*, pass*
Search contents: True
Search Program Files directories: False

Searching in parallel: c:\users\vincent\desktop\
[+] c:\users\vincent\desktop\test\wachtwoord - Copy (2).txt
[+] c:\users\vincent\desktop\test\wachtwoord - Copy (3).txt
[+] c:\users\vincent\desktop\test\wachtwoord - Copy.txt
[+] c:\users\vincent\desktop\test\wachtwoord.txt
[+] c:\users\vincent\desktop\pass.pdf
[+] c:\users\vincent\desktop\pass.txt
[+] c:\users\vincent\desktop\pass.xls
[*] Done searching file system, now searching contents

[+] c:\users\vincent\desktop\test.docx:
         is a testPassword = "Welcome123"


 Done. Time elapsed = 00:00:00.3114729

SauronEye does not search %WINDIR% and %APPDATA%. Use the -SystemDirs flag to search the contents of Program Files*. SauronEye relies on multi-threading libraries only available from .NET 4.0, and so requires >= .NET 4.0 to run.