fox-it/bloodhound-import

Stars
141
Rank 259,971 (Top 6 %)
Language
Python
License
MIT License
Created almost 6 years ago
Updated over 1 year ago

fox-it/bloodhound-import

fox-it

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Python based BloodHound data importer

bloodhound-import

Bloodhound-import is a tool to import bloodhound json files into neo4j.

Dependencies and installation

Bloodhound-import is compatible python 3.7+ and the latest version is only compatible with bloodhound 3 imports. It requires the neo4j-driver library.

Install with pip install bloodhound_import or clone the git and install with sudo python setup.py install.

bloodhound-import will be installed as a global command. Usage is as follows:

usage: bloodhound-import.py [-h] [-du DATABASE_USER] [-dp DATABASE_PASSWORD]
                            [--database DATABASE] [-p PORT] [-v]
                            files [files ...]

Example: bloodhound-import -du neo4j -dp neo4j ~/Desktop/SessionLoop_20190115133114*.json

If the -du and -dp options are not specified, the tool will try to auto detect these values from the bloodhound config file.

dissect

Dissect is a digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic artefacts from various disk and file formats, developed by Fox-IT (part of NCC Group).

aclpwn.py

Active Directory ACL exploitation with BloodHound

log4j-finder

Find vulnerable Log4j2 versions on disk and also inside Java Archive Files (Log4Shell CVE-2021-44228, CVE-2021-45046, CVE-2021-45105)

cve-2019-1040-scanner

dissect.cstruct_legacy

A no-nonsense c-like structure parsing library for Python

quantuminsert

LDAPFragger

mkYARA

Generating YARA rules based on binary code

linux-luks-tpm-boot

A guide for setting up LUKS boot with a key from TPM in Linux

Invoke-CredentialPhisher

dissect.cobaltstrike

Python library for dissecting and parsing Cobalt Strike related data such as Beacon payloads and Malleable C2 Profiles

danderspritz-evtx

Parse evtx files and detect use of the DanderSpritz eventlogedit module

cryptophp

CryptoPHP Indicators of Compromise

cobaltstrike-extraneous-space

Historical list of {Cobalt Strike,NanoHTTPD} servers

cobaltstrike-beacon-data

Open Dataset of Cobalt Strike Beacon metadata (2018-2022)

Jupyter Notebook

OpenSSH-Session-Key-Recovery

Project containing several tools/ scripts to recover the OpenSSH session keys used to encrypt/ decrypt SSH traffic.

acquire

acquire is a tool to quickly gather forensic artifacts from disk images or a live system into a lightweight container.

OpenSSH-Network-Parser

Project to decrypt and parse SSH traffic

bro-scripts

Bro-IDS scripts

cisco-ios-xe-implant-detection

Cisco IOS XE implant scanning & detection (CVE-2023-20198, CVE-2023-20273)

dissect.cstruct

A Dissect module implementing a parser for C-like structures.

operation-wocao

Operation Wocao - Indicators of Compromise

dissect.target

The Dissect module tying all other Dissect modules together. It provides a programming API and command line tools which allow easy access to various data sources inside disk images or file collections (a.k.a. targets).

dll-hijacking-poc

A quick POC on how to embed a meterpreter in Firefox via DLL hijacking

citrix-netscaler-triage

Dissect triage script for Citrix NetScaler devices

Decrypt-TFSSecretVariables

ponmocup

Ponmocup Indicators of Compromise

signed-phishing-email

pcap-broker

PCAP-over-IP server written in Golang

mofang

Mofang Indicators of Compromise

spookyssl-pcaps

SpookySSL PCAPS and Network Coverage

dissect.esedb

A Dissect module implementing a parser for Microsofts Extensible Storage Engine Database (ESEDB), used for example in Active Directory, Exchange and Windows Update.

dissect-docs

Dissect documentation project

log4shell-pcaps

Log4Shell PCAPS and Network Coverage

dissect.evidence

A Dissect module implementing a parsers for various forensic evidence file containers, currently: AD1, ASDF and EWF.

dissect.ntfs

A Dissect module implementing a parser for the NTFS file system, used by the Windows operating system.

dissect.eventlog

A Dissect module implementing parsers for the Windows EVT, EVTX and WEVT log file formats.

saitama-server

Server-side implementation for the Saitama implant, useful for detection engineering purposes

flow.record

Recordization library

django-auth-policy

Django Authentication Policy

psixbot

PsiXBot Indicators of Compromise

reasm

Extract parts of the malware and re-compile it on linux for decrypting stuff using same malware algorithms.

aws-lambda-kinesis-windowseventlog

AWS lambda to transform the json from AWS kinesis agent to useful json documents for elasticsearch

dissect.cim

A Dissect module implementing a parser for the Windows Common Information Model (CIM) database, used in the Windows operating system.

dissect.hypervisor

A Dissect module implementing parsers for various hypervisor disk, backup and configuration files.

Decrypt-OrchestratorSecretVariables

dissect.sql

A Dissect module implementing a parsers for the SQLite database file format, commonly used by applications to store configuration data.

blister-research

Scripts, YARA and IOCs from our research on the Blister malware 🩹

dissect.clfs

A Dissect module implementing a parser for the CLFS (Common Log File System) file system of Windows.

dissect.volume

A Dissect module implementing a parser for different disk volume and partition systems, for example LVM2, GPT and MBR.

dissect.ole

A Dissect module implementing a parser for the Object Linking & Embedding (OLE) format, commonly used by document editors on Windows operating systems.

dissect.vmfs

Dissect module implementing a parser for the VMFS file system, used by VMware virtualization software.

dissect.regf

A Dissect module implementing a parser for Windows registry file format, used to store application and OS configuration on Windows operating systems.

Invoke-BadPwdCountSprayer

dissect.fat

A Dissect module implementing parsers for the FAT and exFAT file systems, commonly used on flash memory based storage devices and UEFI partitions.

dissect.shellitem

A Dissect module implementing a parser for the Shellitem structures, commonly used by Microsoft Windows.

dissect.util

A Dissect module implementing various utility functions for the other Dissect modules.

dissect.ffs

A Dissect module implementing a parser for the FFS file system, commonly used by BSD operating systems.

dissect.xfs

A Dissect module implementing a parser for the XFS file system, commonly used by RedHat Linux distributions.

dissect-workflow-templates

Workflow templates for the dissect projects

dissect_legacy

Namespace and collection package for all dissect projects

dissect.extfs

A Dissect module implementing a parser for the ExtFS file system, the native filesystem for Linux operating systems.

dissect.btrfs

A Dissect module implementing a parser for the btrfs file system.

dissect.etl

A Dissect module implementing a parser for Event Trace Log (ETL) files, used by the Windows operating system to log kernel events.