bloodhound-python

Collect all Active Directory data

$ bloodhound-python -d [domain.local] -u [username] -p [password] -ns [dc_ip] -c all

$ bloodhound-python -d [domain.local] -u [username] -p [password] -c [users,groups,computers]

$ bloodhound-python -d [domain.local] -u [username] --hashes [LM:NT] -ns [dc_ip] -c all

$ bloodhound-python -d [domain.local] -u [username] -p [password] -c all --zip

$ bloodhound-python -d [domain.local] -u [username] -p [password] -k -c all

$ bloodhound-python -d [domain.local] -u [username] -p [password] -ns [dns_server] -c all

bloodhound-python [options]

bloodhound-python is a Python-based ingestor for BloodHound, an Active Directory security analysis tool. It collects information about AD objects (users, computers, groups) and their relationships, outputting JSON files for import into the BloodHound graph database.
The tool uses graph theory to identify attack paths in Active Directory environments that would be difficult to detect manually, helping both attackers and defenders understand domain security.

-d, --domain domain

Target Active Directory domain

Username for authentication

Password for authentication

NTLM hash for pass-the-hash authentication

DNS server/Domain Controller IP address

Collection methods: all, users, groups, computers, trusts, sessions, acl, objectprops

Use Kerberos authentication

Compress output to a zip file

Output directory for JSON files

Use TCP for DNS queries

Enable verbose output

Requires valid domain credentials. Some collection methods (like sessions) require specific privileges. Output is compatible with BloodHound 4.1+. Use responsibly and only on systems you have authorization to test.

BloodHound was created by @_wald0, @CptJesus, and @harmj0y at SpecterOps, released in 2016. The Python ingestor (bloodhound-python) was developed by Dirk-jan Mollema as a cross-platform alternative to the C# SharpHound collector.

ldapsearch(1), impacket(1), crackmapexec(1)