• Stars
    star
    141
  • Rank 259,971 (Top 6 %)
  • Language
    Python
  • License
    MIT License
  • Created almost 6 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Python based BloodHound data importer

bloodhound-import

Python 2.7 and 3 compatible PyPI version License: MIT

Bloodhound-import is a tool to import bloodhound json files into neo4j.

Dependencies and installation

Bloodhound-import is compatible python 3.7+ and the latest version is only compatible with bloodhound 3 imports. It requires the neo4j-driver library.

Install with pip install bloodhound_import or clone the git and install with sudo python setup.py install.

bloodhound-import will be installed as a global command. Usage is as follows:

usage: bloodhound-import.py [-h] [-du DATABASE_USER] [-dp DATABASE_PASSWORD]
                            [--database DATABASE] [-p PORT] [-v]
                            files [files ...]

Example: bloodhound-import -du neo4j -dp neo4j ~/Desktop/SessionLoop_20190115133114*.json

If the -du and -dp options are not specified, the tool will try to auto detect these values from the bloodhound config file.

More Repositories

1

dissect

Dissect is a digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic artefacts from various disk and file formats, developed by Fox-IT (part of NCC Group).
779
star
2

aclpwn.py

Active Directory ACL exploitation with BloodHound
Python
632
star
3

log4j-finder

Find vulnerable Log4j2 versions on disk and also inside Java Archive Files (Log4Shell CVE-2021-44228, CVE-2021-45046, CVE-2021-45105)
Python
435
star
4

cve-2019-1040-scanner

Python
276
star
5

dissect.cstruct_legacy

A no-nonsense c-like structure parsing library for Python
Python
240
star
6

quantuminsert

Quantum Insert
HTML
211
star
7

LDAPFragger

C#
181
star
8

mkYARA

Generating YARA rules based on binary code
Python
179
star
9

linux-luks-tpm-boot

A guide for setting up LUKS boot with a key from TPM in Linux
Shell
175
star
10

Invoke-CredentialPhisher

PowerShell
170
star
11

dissect.cobaltstrike

Python library for dissecting and parsing Cobalt Strike related data such as Beacon payloads and Malleable C2 Profiles
Python
139
star
12

danderspritz-evtx

Parse evtx files and detect use of the DanderSpritz eventlogedit module
Python
139
star
13

cryptophp

CryptoPHP Indicators of Compromise
Python
128
star
14

cobaltstrike-extraneous-space

Historical list of {Cobalt Strike,NanoHTTPD} servers
125
star
15

cobaltstrike-beacon-data

Open Dataset of Cobalt Strike Beacon metadata (2018-2022)
Jupyter Notebook
114
star
16

OpenSSH-Session-Key-Recovery

Project containing several tools/ scripts to recover the OpenSSH session keys used to encrypt/ decrypt SSH traffic.
Python
72
star
17

acquire

acquire is a tool to quickly gather forensic artifacts from disk images or a live system into a lightweight container.
Python
57
star
18

OpenSSH-Network-Parser

Project to decrypt and parse SSH traffic
Python
54
star
19

bro-scripts

Bro-IDS scripts
Bro
51
star
20

cisco-ios-xe-implant-detection

Cisco IOS XE implant scanning & detection (CVE-2023-20198, CVE-2023-20273)
Python
38
star
21

dissect.cstruct

A Dissect module implementing a parser for C-like structures.
Python
30
star
22

operation-wocao

Operation Wocao - Indicators of Compromise
YARA
30
star
23

dissect.target

The Dissect module tying all other Dissect modules together. It provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets).
Python
27
star
24

dll-hijacking-poc

A quick POC on how to embed a meterpreter in Firefox via DLL hijacking
C
17
star
25

citrix-netscaler-triage

Dissect triage script for Citrix NetScaler devices
Python
17
star
26

Decrypt-TFSSecretVariables

PowerShell
15
star
27

ponmocup

Ponmocup Indicators of Compromise
13
star
28

signed-phishing-email

Python
11
star
29

pcap-broker

PCAP-over-IP server written in Golang
Go
11
star
30

mofang

Mofang Indicators of Compromise
10
star
31

spookyssl-pcaps

SpookySSL PCAPS and Network Coverage
10
star
32

dissect.esedb

A Dissect module implementing a parser for Microsofts Extensible Storage Engine Database (ESEDB), used for example in Active Directory, Exchange and Windows Update.
Python
10
star
33

dissect-docs

Dissect documentation project
7
star
34

log4shell-pcaps

Log4Shell PCAPS and Network Coverage
Java
7
star
35

dissect.evidence

A Dissect module implementing a parsers for various forensic evidence file containers, currently: AD1, ASDF and EWF.
Python
7
star
36

dissect.ntfs

A Dissect module implementing a parser for the NTFS file system, used by the Windows operating system.
Python
7
star
37

dissect.eventlog

A Dissect module implementing parsers for the Windows EVT, EVTX and WEVT log file formats.
Python
6
star
38

saitama-server

Server-side implementation for the Saitama implant, useful for detection engineering purposes
Python
6
star
39

flow.record

Recordization library
Python
6
star
40

django-auth-policy

Django Authentication Policy
Python
6
star
41

psixbot

PsiXBot Indicators of Compromise
5
star
42

reasm

Extract parts of the malware and re-compile it on linux for decrypting stuff using same malware algorithms.
Python
5
star
43

aws-lambda-kinesis-windowseventlog

AWS lambda to transform the json from AWS kinesis agent to useful json documents for elasticsearch
Python
5
star
44

dissect.cim

A Dissect module implementing a parser for the Windows Common Information Model (CIM) database, used in the Windows operating system.
Python
5
star
45

dissect.hypervisor

A Dissect module implementing parsers for various hypervisor disk, backup and configuration files.
Python
4
star
46

Decrypt-OrchestratorSecretVariables

PowerShell
4
star
47

dissect.sql

A Dissect module implementing a parsers for the SQLite database file format, commonly used by applications to store configuration data.
Python
4
star
48

blister-research

Scripts, YARA and IOCs from our research on the Blister malware 🩹
Python
3
star
49

dissect.clfs

A Dissect module implementing a parser for the CLFS (Common Log File System) file system of Windows.
Python
3
star
50

dissect.volume

A Dissect module implementing a parser for different disk volume and partition systems, for example LVM2, GPT and MBR.
Python
3
star
51

dissect.ole

A Dissect module implementing a parser for the Object Linking & Embedding (OLE) format, commonly used by document editors on Windows operating systems.
Python
3
star
52

dissect.vmfs

Dissect module implementing a parser for the VMFS file system, used by VMware virtualization software.
Python
3
star
53

dissect.regf

A Dissect module implementing a parser for Windows registry file format, used to store application and OS configuration on Windows operating systems.
Python
3
star
54

Invoke-BadPwdCountSprayer

2
star
55

dissect.fat

A Dissect module implementing parsers for the FAT and exFAT file systems, commonly used on flash memory based storage devices and UEFI partitions.
Python
2
star
56

dissect.shellitem

A Dissect module implementing a parser for the Shellitem structures, commonly used by Microsoft Windows.
Python
2
star
57

dissect.util

A Dissect module implementing various utility functions for the other Dissect modules.
Python
2
star
58

dissect.ffs

A Dissect module implementing a parser for the FFS file system, commonly used by BSD operating systems.
Python
2
star
59

dissect.xfs

A Dissect module implementing a parser for the XFS file system, commonly used by RedHat Linux distributions.
Python
2
star
60

dissect-workflow-templates

Workflow templates for the dissect projects
2
star
61

dissect_legacy

Namespace and collection package for all dissect projects
Python
2
star
62

dissect.extfs

A Dissect module implementing a parser for the ExtFS file system, the native filesystem for Linux operating systems.
Python
1
star
63

dissect.btrfs

A Dissect module implementing a parser for the btrfs file system.
Python
1
star
64

dissect.etl

A Dissect module implementing a parser for Event Trace Log (ETL) files, used by the Windows operating system to log kernel events.
Python
1
star