Python3 terminal application that contains 200+
Neo4j cyphers for BloodHound data sets.
BloodHound is a staple tool for every red teamer. However, there are some negative side effects based on its design. I will cover the biggest pain points I’ve experienced and what this tool aims to address:
- My tools think in lists – until my tools parse exported
JSONgraphs, I need graph results in a line-by-line format
- Copy/pasting graph results – this plays into the first but do we need to explain this one?
- Graphs can be too large to draw – the information contained in any graph can aid our goals as the attacker and we need to be able to view all data efficiently
- Manually running custom cyphers is time-consuming – let’s automate it 🙂
This tool can also help blue teams to reveal detailed information about their Active Directory environments as well.
Take back control of your
BloodHound data with
- 206 cyphers as of date
- Set cyphers to search based on user input (user, group, and computer-specific)
- User-defined regex cyphers
- User-defined exporting of all results
- Default export will be just end object to be used as target list with tools
- Raw export option available in
Make sure to have
python3 installed and run:
python3 -m pip install -r requirements.txt
Start the program with:
python3 cypherhound.py -u <neo4j_username> -p <neo4j_password>
The full command menu is shown below:
Command Menu set - used to set search parameters for cyphers, double/single quotes not required for any sub-commands sub-commands user - the user to use in user-specific cyphers (MUST include @domain.name) group - the group to use in group-specific cyphers (MUST include @domain.name) computer - the computer to use in computer-specific cyphers (SHOULD include .domain.name or @domain.name) regex - the regex to use in regex-specific cyphers example set user [email protected] set group domain [email protected] set computer dc01.domain.local set regex .*((?i)web).* run - used to run cyphers parameters cypher number - the number of the cypher to run example run 7 export - used to export cypher results to txt files parameters cypher number - the number of the cypher to run and then export output filename - the number of the output file, extension not needed raw - write raw output or just end object (optional) example export 31 results export 42 results2 raw list - used to show a list of cyphers parameters list type - the type of cyphers to list (general, user, group, computer, regex, all) example list general list user list group list computer list regex list all q, quit, exit - used to exit the program clear - used to clear the terminal help, ? - used to display this help menu
The program is configured to use the default
Neo4j database and
- Add cyphers for
Issues and Support
Please be descriptive with any issues you decide to open and if possible provide output (if applicable).