Linux command
bloodhound-python 命令
网络
复制后可按需替换文件名、目录或参数。
常用示例
Collect all Active Directory data
bloodhound-python -d [domain.local] -u [username] -p [password] -ns [dc_ip] -c all
Collect specific data
bloodhound-python -d [domain.local] -u [username] -p [password] -c [users,groups,computers]
Use NTLM hash
bloodhound-python -d [domain.local] -u [username] --hashes [LM:NT] -ns [dc_ip] -c all
Output to zip file
bloodhound-python -d [domain.local] -u [username] -p [password] -c all --zip
Use Kerberos authentication
bloodhound-python -d [domain.local] -u [username] -p [password] -k -c all
Specify DNS server
bloodhound-python -d [domain.local] -u [username] -p [password] -ns [dns_server] -c all
说明
bloodhound-python is a Python-based ingestor for BloodHound, an Active Directory security analysis tool. It collects information about AD objects (users, computers, groups) and their relationships, outputting JSON files for import into the BloodHound graph database. The tool uses graph theory to identify attack paths in Active Directory environments that would be difficult to detect manually, helping both attackers and defenders understand domain security.
参数
- -d, --domain _domain_
- Target Active Directory domain
- -u, --username _user_
- Username for authentication
- -p, --password _pass_
- Password for authentication
- --hashes _LM:NT_
- NTLM hash for pass-the-hash authentication
- -ns, --nameserver _ip_
- DNS server/Domain Controller IP address
- -c, --collectionmethod _method_
- Collection methods: all, users, groups, computers, trusts, sessions, acl, objectprops
- -k, --kerberos
- Use Kerberos authentication
- --zip
- Compress output to a zip file
- -o, --outputdir _dir_
- Output directory for JSON files
- --dns-tcp
- Use TCP for DNS queries
- -v
- Enable verbose output
FAQ
What is the bloodhound-python command used for?
bloodhound-python is a Python-based ingestor for BloodHound, an Active Directory security analysis tool. It collects information about AD objects (users, computers, groups) and their relationships, outputting JSON files for import into the BloodHound graph database. The tool uses graph theory to identify attack paths in Active Directory environments that would be difficult to detect manually, helping both attackers and defenders understand domain security.
How do I run a basic bloodhound-python example?
Run `bloodhound-python -d [domain.local] -u [username] -p [password] -ns [dc_ip] -c all` in a terminal, then adjust file names, paths, flags, or remote targets for your system.
What does -d, --domain _domain_ do in bloodhound-python?
Target Active Directory domain