BloodHound
BloodHound uses graph theory to reveal hidden relationships within Active Directory environments. It helps both attackers and defenders identify complex attack paths and privilege relationships.
Description
BloodHound Community Edition is a single-page JavaScript web application that leverages graph theory to visualize and analyze Active Directory environments. Attackers use it to identify complex attack paths like 'Six Degrees of Domain Admin' that would be difficult to discover manually. Defenders use it to identify and eliminate these same attack paths, strengthening their environment.
Both blue and red teams benefit from BloodHound's ability to provide deeper understanding of privilege relationships in Active Directory. The tool maps relationships between users, groups, computers, and permissions, making it easier to understand the security posture of domain environments.
BloodHound integrates with Neo4j graph database and PostgreSQL, requiring proper setup of services and configuration files before use.
How It Works
BloodHound operates as a web application that stores and visualizes Active Directory data in a Neo4j graph database. It reveals relationships between domain objects (users, groups, computers, OUs) through graph theory algorithms. The backend API (configured in /etc/bhapi/bhapi.json) connects to Neo4j, while PostgreSQL handles additional database needs. Data collected from AD environments is ingested into the graph database, enabling pathfinding queries to identify privilege escalation paths.
Installation
sudo apt install bloodhoundFlags
Examples
sudo apt update && sudo apt install -y bloodhoundsudo bloodhound-setupsudo bloodhoundsudo env bhe_recreate_default_admin=true bloodhoundsudo vim /etc/bhapi/bhapi.jsonbloodhound -hbloodhound-setup -h