-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
65 changed files
with
159,747 additions
and
0 deletions.
There are no files selected for viewing
Binary file not shown.
Binary file not shown.
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| # http://editorconfig.org | ||
| root = true | ||
|
|
||
| [*] | ||
| indent_style = space | ||
| indent_size = 4 | ||
| end_of_line = lf | ||
| charset = utf-8 | ||
| trim_trailing_whitespace = true | ||
| insert_final_newline = true | ||
|
|
||
| [*.md] | ||
| trim_trailing_whitespace = false |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,7 @@ | ||
| build/ | ||
| *.egg-info | ||
| dist/ | ||
| *.pyc | ||
| *.csv | ||
| *.json | ||
| *.zip |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,45 @@ | ||
| FROM python:3.7-alpine | ||
| LABEL maintainer h4rm0ny | ||
| WORKDIR /bloodhound-data | ||
| VOLUME /bloodhound-data | ||
|
|
||
| COPY . /tmp/ | ||
| RUN apk update && \ | ||
| apk add --no-cache --virtual .build-deps \ | ||
| build-base \ | ||
| openssl \ | ||
| bzip2 \ | ||
| dbus \ | ||
| glib \ | ||
| git \ | ||
| gcc \ | ||
| musl-dev \ | ||
| python3-dev \ | ||
| libffi-dev \ | ||
| libxslt \ | ||
| libxslt-dev \ | ||
| libgcrypt-dev \ | ||
| libxml2 \ | ||
| libxml2-dev \ | ||
| openssl-dev \ | ||
| dbus-libs \ | ||
| dbus-dev \ | ||
| dbus-glib-dev \ | ||
| linux-headers \ | ||
| rust \ | ||
| cargo \ | ||
| make && \ | ||
| apk add --no-cache bash && \ | ||
| pip3 install --upgrade setuptools && \ | ||
| pip install git+https://github.com/SecureAuthCorp/impacket && \ | ||
| pip install pycryptodome && \ | ||
| cd /tmp/ && \ | ||
| python setup.py install && \ | ||
| apk del .build-deps | ||
|
|
||
| # Enable MD4 | ||
| RUN sed -i 's/default = default_sect/default = default_sect\nlegacy = legacy_sect/g' /etc/ssl/openssl.cnf | ||
| RUN sed -i 's/# activate = 1/activate = 1\n\n[legacy_sect]\nactivate = 1/' /etc/ssl/openssl.cnf | ||
|
|
||
| ENTRYPOINT /bin/bash | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,21 @@ | ||
| MIT License | ||
|
|
||
| Copyright (c) 2018 Fox-IT | ||
|
|
||
| Permission is hereby granted, free of charge, to any person obtaining a copy | ||
| of this software and associated documentation files (the "Software"), to deal | ||
| in the Software without restriction, including without limitation the rights | ||
| to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | ||
| copies of the Software, and to permit persons to whom the Software is | ||
| furnished to do so, subject to the following conditions: | ||
|
|
||
| The above copyright notice and this permission notice shall be included in all | ||
| copies or substantial portions of the Software. | ||
|
|
||
| THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | ||
| IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | ||
| FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE | ||
| AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | ||
| LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, | ||
| OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE | ||
| SOFTWARE. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,53 @@ | ||
| # BloodHound.py | ||
|  | ||
|  | ||
|  | ||
|
|
||
| BloodHound.py is a Python based ingestor for [BloodHound](https://github.com/BloodHoundAD/BloodHound), based on [Impacket](https://github.com/CoreSecurity/impacket/). | ||
|
|
||
| This branch is **only compatible with BloodHound CE**. | ||
|
|
||
| ## Limitations | ||
| BloodHound.py currently has the following limitations: | ||
| - Supports most, but not all BloodHound (SharpHound) features. Currently GPO local groups are not supported, all other collection methods are implemented. | ||
|
|
||
| ## Installation and usage | ||
| You can install the ingestor via pip with `pip install bloodhound`, or by cloning this repository and running `pip install .` from the project directory. | ||
| BloodHound.py requires `impacket`, `ldap3` and `dnspython` to function. | ||
|
|
||
| The installation will add a command line tool `bloodhound-python` to your PATH. | ||
|
|
||
| To use the ingestor, at a minimum you will need credentials of the domain you're logging in to. | ||
| You will need to specify the `-u` option with a username of this domain (or `username@domain` for a user in a trusted domain). If you have your DNS set up properly and the AD domain is in your DNS search list, then BloodHound.py will automatically detect the domain for you. If not, you have to specify it manually with the `-d` option. | ||
|
|
||
| By default BloodHound.py will query LDAP and the individual computers of the domain to enumerate users, computers, groups, trusts, sessions and local admins. | ||
| If you want to restrict collection, specify the `--collectionmethod` parameter, which supports the following options (similar to SharpHound): | ||
| - *Default* - Performs group membership collection, domain trust collection, local admin collection, and session collection | ||
| - *Group* - Performs group membership collection | ||
| - *LocalAdmin* - Performs local admin collection | ||
| - *RDP* - Performs Remote Desktop Users collection | ||
| - *DCOM* - Performs Distributed COM Users collection | ||
| - *Container* - Performs container collection (GPO/Organizational Units/Default containers) | ||
| - *PSRemote* - Performs Remote Management (PS Remoting) Users collection | ||
| - *DCOnly* - Runs all collection methods that can be queried from the DC only, no connection to member hosts/servers needed. This is equal to Group,Acl,Trusts,ObjectProps,Container | ||
| - *Session* - Performs session collection | ||
| - *Acl* - Performs ACL collection | ||
| - *Trusts* - Performs domain trust enumeration | ||
| - *LoggedOn* - Performs privileged Session enumeration (requires local admin on the target) | ||
| - *ObjectProps* - Performs Object Properties collection for properties such as LastLogon or PwdLastSet | ||
| - *All* - Runs all methods above, except LoggedOn | ||
| - *Experimental* - Connects to individual hosts to enumerate services and scheduled tasks that may have stored credentials | ||
|
|
||
| Multiple collectionmethods should be separated by a comma, for example: `-c Group,LocalAdmin` | ||
|
|
||
| You can override some of the automatic detection options, such as the hostname of the primary Domain Controller if you want to use a different Domain Controller with `-dc`, or specify your own Global Catalog with `-gc`. | ||
|
|
||
| ## Docker usage | ||
| 1. Build container | ||
| ```docker build -t bloodhound .``` | ||
| 2. Run container | ||
| ```docker run -v ${PWD}:/bloodhound-data -it bloodhound``` | ||
| After that you can run `bloodhound-python` inside the container, all data will be stored in the path from where you start the container. | ||
|
|
||
| ## Credits | ||
| BloodHound.py was originally written by Dirk-jan Mollema, Edwin van Vliet and Matthijs Gielen from [Fox-IT (NCC Group)](https://fox-it.com/). BloodHound.py is currently maintained by Dirk-jan Mollema from [Outsider Security](https://outsidersecurity.nl). The implementation and data model is based on the original tool from [SpecterOps](https://specterops.io). Many thanks to everyone who contributed by testing, submitting issues and pull requests over the years. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| #! /usr/bin/env python | ||
|
|
||
| import bloodhound | ||
|
|
||
| bloodhound.main() |
Binary file not shown.
Oops, something went wrong.