awesome-bloodhound
A curated list of awesome Bloodhound resources
This list is for links to learn and use the awesome Active Directory reconnaissance tool Bloodhound. It will for the most part consist of tools available on Github, videos demonstrating the tools, blog posts and wikis.
You can contribute by submitting pull requests, creating issues with suggestions or write to me @chryzsh or ping @crusher on the Bloodhound Slack. I have made a markdown template for adding new links here -> Contributing.
Join the Bloodhound Slack!
Thank you to all of the authors of the content referenced in this page, and to all who contribute here and in the Bloodhound Slack.
Table of Contents
Getting Started
If this is your first time using Bloodhound , the Bloodhound repository is the place to start. Its wiki will show you have to download, install and get started using Bloodhound.
- BloodHoundAD/BloodHound - The Bloodhound repository
- Bloodhound Wiki - The Bloodhound repository wiki
- Neo4j - Neo4j, Bloodhound's graph database
Features and updates
- Introducing BloodHound - Introducing BloodHound by wald0
- BloodHound 1.3 โ The ACL Attack Path Update - Description of the 1.3 feature update by @wald0
- SharpHound: Evolution of the BloodHound Ingestor - Description of the rewritten Sharphound ingestor by CptJesus.
- BloodHound 1.4: The Object Properties Update - Description of the 1.4 update.
- SharpHound: Technical Details - Technical details of the Sharphound ingestor
- SharpHound: Target Selection and API Usage - Description of how collection is done
- BloodHound 1.5: The Container Update - Description of the 1.5 update by CptJesus
- BloodHound 2.0 - Description of the 2.0 update by CptJesus
- BloodHound 2.1: The Fix Broken Stuff Update - Description of the 2.1 update by CptJesus
- Introducing BloodHound 3.0 - Introducing BloodHound 3.0 blog post
- BloodHound 3.0 - Video recording of the presentation of Bloodhound 3.0
- BloodHound 3.0 - Slide deck for the slides presenting Bloodhound 3.0
Usage guides
- BloodHound offical documentation - Official documentation on readthedocs.io
- SadProcessor/HandsOnBloodHound - Material for the "Hands-On BloodHound" Workshop
- HandsOnBloodHound.pdf - Slides for the above talk at Brucon2019, by @SadProcessor
- Bloodhound - BloodHound usage article, by pixis
- BloodHound Tips and Tricks - riccardoancarani.it - Tips and tricks for Bloodhound workflow and using the functionality.
Tools
- Bloodhound 3.0 - Working snapshot of the Bloodhound 3.0 release.
- BloodHoundAD/SharpHound3 - SharpHound 3, the Bloodhound 3.0 ingestor.
- BloodHoundAD/BloodHound-Tools - Miscellaneous tools for BloodHound
- BloodHound Database Creator - This python script will generate a randomized data set for testing BloodHound features and analysis.
- BloodHound Analytics - This python script will analyze existing BloodHound data in a neo4j database.
- BloodHoundAD/SharpHound - The BloodHound C# Ingestor
- fox-it/BloodHound.py - A Python based ingestor for BloodHound
- peterhgombos/bloodhounddemo - Docker container containing a quick demo database for Bloodhound using the official neo4j image.
- seajaysec/cypheroth - Automated, extensible toolset that runs cypher queries against Bloodhound's Neo4j backend and saves output to csv.
- SadProcessor/WatchDog - WatchDog is a BloodHound Data scanner [NodeWeight]
- SadProcessor/CypherDog - PowerShell Cmdlets to interact with BloodHound Data via Neo4j REST API.
- GoFetchAD/GoFetch - GoFetch is a tool to automatically exercise an attack plan generated by the BloodHound application.
- fox-it/aclpwn.py - Active Directory ACL exploitation with BloodHound.
- fox-it/bloodhound-import - Python based BloodHound data importer
- vysecurity/ANGRYPUPPY - Bloodhound Attack Path Automation in CobaltStrike
- porterhau5/BloodHound-Owned - A collection of files for adding and leveraging custom properties in BloodHound.
- Coalfire-Research/Vampire - Vampire is an aggressor script which integrates with BloodHound to mark nodes as owned.
- chrismaddalena/Fox -A companion tool for BloodHound offering Active Directory statistics and number crunching
- davidprowe/BadBlood - BadBlood by Secframe fills a Microsoft Active Directory Domain with a structure and thousands of objects.
- knavesec/Max - Maximizing BloodHound with a simple quite of tools. Includes bulk import of owned assets, the BloodHound Domain Password Audit Tool, new attack primitives and more
Methodology and reporting
- Introducing the Adversary Resilience Methodology โ Part One - Methodology using Bloodhound for defensive purposes, part one.
- Introducing the Adversary Resilience Methodology โ Part Two - Methodology using Bloodhound for defensive purposes, part two.
- Active Directory Security:Beyond the Easy Button - Defensive Active Directory by Sean Metcalf
- Troopers 2019: BloodHound and the Adversary Resilience Methodology - Slide set from the Bloodhound talk at Troopers 2019. See the Videos section for a video of this.
- BloodHound Head to Tail - Andy Robbins Rohan Vazarkar - Derbycon 2019 talk about Bloodhound. See Videos section for a video of this.
- BlackHat USA 2019 - Finding Our Path - BlackHat USA 2019 - Finding our Path: How We're Trying to Improve Active Directory Security
Cypher
- BloodHound: Intro to Cypher - Intro to Cypher
- awsmhacks/awsmBloodhoundCustomQueries - Collection of Cypher queries
- Bloodhound Cypher Cheatsheet - Cheatsheet detailing how to write Cypher queries.
- Neo4j Drivers & Language Guides - Neo4j drivers and language guides.
- Blue Hands On Bloodhound - Data manipulation with Bloodhound.
- Cypher Query Gallery - Cypher Query Gallery from the official Bloodhound wiki.
- RamblingCookieMonster/PSNeo4j - PSNeo4j is a simple Neo4j PowerShell module, allowing you to quickly build up graph data from any of the technologies PowerShell can interface with.
Videos
- Six Degrees of Domain Admin... - Presentation of Bloodhound from 2016 by Andy Robbins, Will Schroeder and Rohan Vazarkar.
- How BloodHound's Session Collection Works - Brief explanation of session collection by Andy Robbins (wald0).
- BloodHound 2.1's New Computer Takeover Attack - Brief explanation of a feature in Bloodhound 2.1, by Andy Robbins.
- TR19: BloodHound and the Adversary Resilience Methodology - Talk from Trooppers 2019 by the Bloodhound creators about using Bloodhound defensively.
- BloodHound Head to Tail - Andy Robbins Rohan Vazarkar - Derbycon 2019 talk about Bloodhound
- BloodHound - Analyzing Active Directory Trust Relationships - Short usage video on exploring trust relationships by Raphael Mudge.
- Extending BloodHound for Red Teamers - Talk about adapting and extending Bloodhound for red team usage.
- IppSec - Sizzle - IppSec demonstrates Bloodhound collection, ingestion and usage on the box Sizzle on Hackthebox.
- IppSec - Reel - IppSec demonstrates Bloodhound collection, ingestion and usage on the box Reel on Hackthebox.
- Course BloodHound Framework 2 Download BloodHound - Bloodhound course by Matt harr0ey.
- Active Directory Security Beyond the Easy Button - Active Directory Security Beyond the Easy Button - Sean Metcalf.
Ebooks
- The Dog Whispererโs Handbook - Thorough book detailing almost everything that can be done with Bloodhound written by @sadprocessor.
Social
- Join the BloodHound Slack - Slack channel for talk about Bloodhound and other shenanigans.
- The Official BloodHound Swag Store - The Official BloodHound Swag Store
- @CptJesus - Bloodhound creator and maintainer
- @wald0 - Bloodhound creator and maintainer
- @harmj0y - Bloodhound creator
- @SadProcessor - Writer of The Dog Whisperer's Handbook - See the Ebooks section for download.
- Bloodhound 3.0 tshirt release - Bloodhound 3.0 t-shirt.
Tips and tricks
- Submitting New Attack Primitives - Submitting New Attack Primitives in Bloodhound
- Stop Bloodhound data gathering? - @jeffmcjunkin - How to stop Bloodhound data gathering?
- Controlling AD Recon (Bloodhound) - @PyroTek3 - Controlling AD Recon (Bloodhound)
- Get help from Bloodhound - @wald0 - How do I abuse a relationship that #BloodHound is showing me?
- Computer objects in Bloodhound - @wald0 - Did you know...
- Unsupported OS - @aceb0nd - Find unsupported (and potentially vulnerable) Windows OS using this cypher query.
Contributing
If you want to contribute directly, you can use the following markdown template for creating new entries.
* [username/github-repo](https://github.com/username/github-repo) - Brief description.
* []() -