{"id":26665202,"url":"https://github.com/adscanpro/bloodhound-cli","last_synced_at":"2025-08-09T23:36:44.262Z","repository":{"id":279371137,"uuid":"938543986","full_name":"ADScanPro/bloodhound-cli","owner":"ADScanPro","description":"bloodhound-cli is a Python command-line tool designed to query and manage data from a BloodHound database running on Neo4j. It enables you to enumerate ACLs, computers, and users (including filtering by attributes like password not required or password never expires) in an Active Directory environment ingested by BloodHound.","archived":false,"fork":false,"pushed_at":"2025-06-23T20:49:02.000Z","size":1975,"stargazers_count":3,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-07-06T22:41:06.469Z","etag":null,"topics":["active-directory","automation","bloodhound","neo4j","pentesting","red-team"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ADScanPro.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-02-25T05:52:30.000Z","updated_at":"2025-06-23T20:49:08.000Z","dependencies_parsed_at":"2025-06-13T07:21:10.723Z","dependency_job_id":"60fc6d44-7c4f-488a-b923-0fe947aa39a7","html_url":"https://github.com/ADScanPro/bloodhound-cli","commit_stats":null,"previous_names":["adscanpro/bloodhound-cli"],"tags_count":32,"template":false,"template_full_name":null,"purl":"pkg:github/ADScanPro/bloodhound-cli","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ADScanPro%2Fbloodhound-cli","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ADScanPro%2Fbloodhound-cli/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ADScanPro%2Fbloodhound-cli/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ADScanPro%2Fbloodhound-cli/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ADScanPro","download_url":"https://codeload.github.com/ADScanPro/bloodhound-cli/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ADScanPro%2Fbloodhound-cli/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":269654062,"owners_count":24454318,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-09T02:00:10.424Z","response_time":111,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["active-directory","automation","bloodhound","neo4j","pentesting","red-team"],"created_at":"2025-03-25T17:28:09.742Z","updated_at":"2025-08-09T23:36:44.238Z","avatar_url":"https://github.com/ADScanPro.png","language":"Python","readme":"# bloodhound-cli\n\n**bloodhound-cli** is a Python command-line tool designed to query and manage data from a **BloodHound** legacy database running on **Neo4j**. It enables you to enumerate ACLs, computers, and users (including filtering by attributes like password not required or password never expires) in an Active Directory environment ingested by BloodHound.\n\n\u003eNote that this tool only work for legacy version of bloodhound and not for the Community Edition (CE). If you're looking for SpecterOps' version of bloodhound-cli, which helps users install BloodHound Community Edition, you're in the wrong place. Please head over to: \nhttps://github.com/specterOps/bloodHound-cli. Thanks! \n\n## Key Features\n\n1. **Configuration Management**\n    \n    - Save your Neo4j connection details (host, port, user, and password) to a local configuration file (`~/.bloodhound_config`) using the `set` subcommand.\n    - The configuration file is stored with restricted permissions (`chmod 600`) to protect your sensitive credentials.\n2. **ACL Queries (`acl` subcommand)**\n    \n    - Enumerate ACLs related to a single user by specifying `-u/--user`.\n    - Enumerate cross-domain ACLs for a domain by specifying `-d/--domain`.\n    - Optionally exclude multiple domains with `-bd/--blacklist-domains`.\n3. **Computer Queries (`computer` subcommand)**\n    \n    - Enumerate computers within a specified domain (`-d`).\n    - Optionally save results to a file (`-o`).\n    - Filter by LAPS status (`--laps True/False`).\n4. **User Queries (`user` subcommand)**\n\n    - Enumerate users within a specified domain (`-d`).\n    - Optionally save results to a file (`-o`).\n    - Use mutually exclusive filters to target specific user attributes:\n        - `--admin-count`: Show only privileged (admin) users.\n        - `--high-value`: Show only high-value users.\n        - `--password-not-required`: Show only users with `passwordnotreqd` enabled.\n        - `--password-never-expires`: Show only users with `pwdneverexpires` enabled.\n6. **Secure Credential Storage**\n\n    - The `set` subcommand saves your Neo4j credentials in a local file (`~/.bloodhound_config`) which is excluded from source control and has strict file permissions.\n\n## Installation\n\nIt is recommended to install **bloodhound-cli** using [pipx](https://github.com/pipxproject/pipx) to ensure it runs in an isolated environment. You can install it from PyPI:\n\n```sh\npipx install bloodhound-cli\n```\n\nAlternatively, you can use pip:\n\n```sh\npip install bloodhound-cli\n```\n\n## Usage\n\n1. **Set Neo4j Configuration**  \n    Before using any other subcommand, run:\n    \n    ```sh\n    bloodhound-cli set --host \u003cneo4j_host\u003e --port \u003cneo4j_port\u003e --db-user \u003cneo4j_user\u003e --db-password \u003cneo4j_password\u003e\n    ```\n    \n    This will create/update a configuration file at `~/.bloodhound_config`.\n    \n2. **Enumerate ACLs**\n    \n    - **For a single user:**\n        \n        ```sh\n        bloodhound-cli acl --user myuser\n        ```\n        \n    - **For cross-domain:**\n        \n        ```sh\n        bloodhound-cli acl --domain mydomain.local\n        ```\n        \n    - **Exclude multiple domains:**\n        \n        ```sh\n        bloodhound-cli acl --domain mydomain.local -bd EXCLUDED1 EXCLUDED2\n        ```\n        \n3. **Enumerate Computers**\n    \n    - **All computers in a domain:**\n        \n        ```sh\n        bloodhound-cli computer --domain mydomain.local\n        ```\n        \n    - **Filter by LAPS and save results:**\n        \n        ```sh\n        bloodhound-cli computer --domain mydomain.local --laps True -o computers_with_laps.txt\n        ```\n        \n4. **Enumerate Users**\n    \n    - **List all users in a domain:**\n        \n        ```sh\n        bloodhound-cli user --domain mydomain.local\n        ```\n        \n    - **List privileged (admin) users:**\n        \n        ```sh\n        bloodhound-cli user --domain mydomain.local --admin-count\n        ```\n        \n    - **List high-value users:**\n        \n        ```sh\n        bloodhound-cli user --domain mydomain.local --high-value\n        ```\n        \n    - **List users with password not required:**\n        \n        ```sh\n        bloodhound-cli user --domain mydomain.local --password-not-required\n        ```\n        \n    - **List users with password never expires:**\n        \n        ```sh\n        bloodhound-cli user --domain mydomain.local --password-never-expires\n        ```\n        \n    - **Save user query results:**\n        \n        ```sh\n        bloodhound-cli user --domain mydomain.local --admin-count -o admin_users.txt\n        ```\n\n## License\n\nThis project is licensed under the MIT License.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fadscanpro%2Fbloodhound-cli","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fadscanpro%2Fbloodhound-cli","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fadscanpro%2Fbloodhound-cli/lists"}