Using BloodHound (Legacy and CE) - SethBodine/audit-tools GitHub Wiki
Intro
Bloodhound is run within a separate container images, and this information should provide guidance on how to run both CE and Legacy versions
Bloodhound CE
Install
cd /opt && mkdir BloodHoundCE && cd BloodHoundCE
wget https://github.com/SpecterOps/BloodHound/raw/main/examples/docker-compose/docker-compose.yml -O docker-compose.yml && podman compose -f up
Note: podman compoise isn't happy with the oneline installation here
Running
- Navigate to http://localhost:8080
- Authenticate as Admin and with the password provided during Installation
- Change and record the new Password configured
Queries
Data Import
- Click Administration
- From the left menu under Data Collection, select File Ingest
- Click the button UPLOAD FILE(S), and either drag-drop the JSON files into the upload window, or click the upload window and select the JSON files from your file explorer
Note: Currently only JSON files can be ingested to BloodHound CE, therefore you must first unpack the ZIP file generated by the collectors
Custom Queries
Not available at this time, use built in queries
Reset Database
podman volume rm $(podman volume ls -q | grep neo4j-data)
Bloodhound Legacy
Install with Custom Query File
- Install Kali Linux in a VM
- Install Bloodhound Legacy
- Run bqm to create custom queries
Running
- Run GUI from Start Menu
Queries
Data Import
TBC
Custom Queries
TBC
Updates
Legacy BloodHound is EOL
Additional Reading
Bloodhound CE
BloodHound Documentation Docker Compose Readme