BloodHound
Bloodhound Legacy
Install
# Install and run neo4j
sudo apt-get install neo4j
sudo neo4j console
# Download Bloodhound legacy binary, unpack and execute
wget "https://github.com/SpecterOps/BloodHound-Legacy/releases/download/v4.3.1/BloodHound-linux-x64.zip"
unzip BloodHound-linux-x64.zip
cd BloodHound-linux-x64
./BloodHound --no-sandbox --disable-gpu
Ingestors
Standard
# Standard local execution
./SharpHound.exe --CollectionMethods All,GPOLocalGroup
Invoke-BloodHound -CollectionMethod "All,GPOLocalGroup"
ShadowHound
# ShadowHound (PowerShell): https://github.com/Friends-Security/ShadowHound
ShadowHound-DS -Server "DC01.securirty.local" -OutputFile "$PWD\ldap_output.txt"
# Split large output files if required (https://github.com/Friends-Security/ShadowHound/blob/main/split_output.py)
python3 split_output.py -i ldap_output.txt -o pyldapsearch_ldap -n 100
# use bofhound to convert into JSON data (pipx install bofhound)
python3 bofhound.py -i ./folder -p All --parser ldapsearch
Custom Queries
Replace the customqueries.json
with one of the below files to update the custom queries within Bloodhound. Remember to restart Bloodhound after changing the JSON file.
Locate custom queries file
find ~/ -type f -name customqueries.json 2>/dev/null
Add one of the queries below:
# CompassSecurity
curl -sSL "https://raw.githubusercontent.com/CompassSecurity/BloodHoundQueries/master/BloodHound_Custom_Queries/customqueries.json" -o ~/.config/bloodhound/customqueries.json
# hausec
curl -sSL "https://raw.githubusercontent.com/hausec/Bloodhound-Custom-Queries/refs/heads/master/customqueries.json" -o ~/.config/bloodhound/customqueries.json
# ZephrFish
curl -sSL "https://raw.githubusercontent.com/ZephrFish/Bloodhound-CustomQueries/refs/heads/main/customqueries.json" -o ~/.config/bloodhound/customqueries.json
Purging Neo4j Database
This will wipe the database of all data. Requires setting new credentials again on http://localhost:7474/browser/
# Remove relevent database files (Ensure to restart neo4j after)
sudo rm -Rf /etc/neo4j/data/databases/* data/transactions/*
sudo rm -Rf /etc/neo4j/data/transactions/*
Bloodhound Community Edition
Install
sudo apt-get install docker-compose
curl -L https://ghst.ly/getbhce | docker compose -f - up
# When finished search through the terminal (if first run) for a generated password.
# go to http://localhost:8080 and login with Admin and the password
Resources
Last updated