{"id":13803321,"url":"https://github.com/GoFetchAD/GoFetch","last_synced_at":"2025-05-13T15:33:09.046Z","repository":{"id":43308753,"uuid":"87922618","full_name":"GoFetchAD/GoFetch","owner":"GoFetchAD","description":"GoFetch is a tool to automatically exercise an attack plan generated by the BloodHound application.","archived":false,"fork":false,"pushed_at":"2017-06-20T14:15:10.000Z","size":1590,"stargazers_count":626,"open_issues_count":3,"forks_count":98,"subscribers_count":37,"default_branch":"master","last_synced_at":"2024-08-05T01:10:15.013Z","etag":null,"topics":["active-directory","blackhat2017","bloodhound","gofetch","powershell","security"],"latest_commit_sha":null,"homepage":"","language":"PowerShell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/GoFetchAD.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-04-11T10:45:23.000Z","updated_at":"2024-07-30T10:30:30.000Z","dependencies_parsed_at":"2022-09-23T12:54:11.202Z","dependency_job_id":null,"html_url":"https://github.com/GoFetchAD/GoFetch","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GoFetchAD%2FGoFetch","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GoFetchAD%2FGoFetch/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GoFetchAD%2FGoFetch/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/GoFetchAD%2FGoFetch/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/GoFetchAD","download_url":"https://codeload.github.com/GoFetchAD/GoFetch/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225239742,"owners_count":17442822,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["active-directory","blackhat2017","bloodhound","gofetch","powershell","security"],"created_at":"2024-08-04T01:00:28.915Z","updated_at":"2024-11-18T19:31:31.354Z","avatar_url":"https://github.com/GoFetchAD.png","language":"PowerShell","readme":"# GoFetch\n\nGoFetch is a tool to automatically exercise an attack plan generated by the [BloodHound](https://github.com/BloodHoundAD/BloodHound) application.\n\nGoFetch first loads a path of local admin users and computers generated by BloodHound and converts it to its own attack plan format. Once the attack plan is ready, GoFetch advances towards the destination according to plan step by step, by successively applying remote code execution techniques and compromising credentials with Mimikatz.\n\n[Watch Invoke-GoFetch in action](https://youtu.be/5SpDAxUx7Uk)\n\n\n#### GoFetch has two different versions:\n\n##### Chain reaction:\nInvoke-GoFetch (written in PowerShell to avoid Python installation prereq), implements a recursion that reads the full path, dumps the relevant credentials with Invoke-Mimikatz, and then copy and execute itself using Invoke-PsExec on the next relevant machine guided by the network path.\n\n##### One computer to rule them all:\nPython based code ([a video of this version demonstrated at BlackHat Europe 2016](https://www.youtube.com/watch?v=dPsLVE0R1Tg)), using a technique where one centralized computer is doing the job of connecting to each computer in the path, in the right order, to steal credentials (using Mimikatz), and use them to connect to the next machine in the path. \n\n## Getting started with Invoke-GoFetch\n\nPlace GoFetch folder on the first machine of the attack path, in a session of the first user.\n\n### Parameters\n\n* -PathToGraph - \nPath to the BloodHound exported Graph which includes a path between two users.\n\n* -PathToPayload (optional) -  \nPath to local payload file .exe/.bat/.ps1 to run on next nodes in the path.\n\n### Examples\n* Usage to get the credentials along the path:\n```\n.\\Invoke-GoFetch.ps1 -PathToGraph .\\pathFromBloodHound.json\n```\n* Usage to get the credentails along the path and execute additional payload on each:\n```\n.\\Invoke-GoFetch.ps1 -PathToGraph .\\graphExample.json -PathToPayload .\\payload.exe\n```\n\n### Prerequisites\n\n* Invoke-GoFetch is able to run from any version of Windows through Windows 7 that has PowerShell v2 or higher installed and .Net 3.5 or higher.\n* Invoke-Mimikatz - is included with a change in the Mimikatz DLL which allows the execution of the PowerShell file with additional arguments.\n* Invoke-Psexec - is included without changes. \n\n## Logic\n\n![Alt text](https://cloud.githubusercontent.com/assets/27280621/26783367/770afb40-4a00-11e7-8dc1-d45919d0b551.JPG \"Invoke-GoFetch Logic\")\n\n## Contributers\n* [Itai Grady](https://twitter.com/ItaiGrady) - *Changes in Mimikatz DLL \u0026 C.R*\n* [Man Nguyen (usrid0)]() - *Testing \u0026 Demo Video*\n* [Tal Be'ery](https://twitter.com/TalBeerySec) - *Name \u0026 Original Idea*\n* [Dan Mor](https://twitter.com/danmor84) - *Logo*\n* [Tal Maor](https://twitter.com/TaltheMaor) - *Code*\n\nSee also the list of [contributors](https://github.com/GoFetchAD/GoFetch/graphs/contributors) who participated in this project.\n\n## Acknowledgments\nThanks for great tools that reminds us every day to secure our machines. \n* [BloodHound](https://github.com/BloodHoundAD/BloodHound) - developed by [@_wald0](https://www.twitter.com/_wald0), [@CptJesus](https://twitter.com/CptJesus), and [@harmj0y](https://twitter.com/harmj0y).\n* [Invoke-Mimikatz](https://github.com/PowerShellMafia/PowerSploit/blob/master/Exfiltration/Invoke-Mimikatz.ps1) - [@JosephBialek](https://twitter.com/JosephBialek)\n* [Mimikatz](https://github.com/gentilkiwi/mimikatz) - [@gentilkiwi](https://twitter.com/gentilkiwi)\n* [Invoke-PsExec](https://github.com/EmpireProject/Empire/blob/master/data/module_source/lateral_movement/Invoke-PsExec.ps1) - [@harmj0y](https://twitter.com/harmj0y)\n\n## License\n\nThis project is licensed under the MIT License - see the [LICENSE.md](LICENSE.md) file for details\n","funding_links":[],"categories":["PowerShell","Tools","PowerShell (153)"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FGoFetchAD%2FGoFetch","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FGoFetchAD%2FGoFetch","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FGoFetchAD%2FGoFetch/lists"}