{"id":20402151,"url":"https://github.com/exploide/bloodhound-cli","last_synced_at":"2025-04-12T14:23:43.749Z","repository":{"id":224194103,"uuid":"759406733","full_name":"exploide/bloodhound-cli","owner":"exploide","description":"CLI tool to interact with the BloodHound CE API","archived":false,"fork":false,"pushed_at":"2024-09-17T16:08:53.000Z","size":84,"stargazers_count":10,"open_issues_count":0,"forks_count":1,"subscribers_count":3,"default_branch":"main","last_synced_at":"2024-09-17T20:17:32.268Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/exploide.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-02-18T14:09:52.000Z","updated_at":"2024-09-17T16:08:56.000Z","dependencies_parsed_at":null,"dependency_job_id":"1feb0a8b-2ee3-4dd3-9120-66698d061fb6","html_url":"https://github.com/exploide/bloodhound-cli","commit_stats":null,"previous_names":["exploide/bloodhound-cli"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/exploide%2Fbloodhound-cli","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/exploide%2Fbloodhound-cli/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/exploide%2Fbloodhound-cli/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/exploide%2Fbloodhound-cli/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/exploide","download_url":"https://codeload.github.com/exploide/bloodhound-cli/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":224732053,"owners_count":17360416,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-15T04:53:11.905Z","updated_at":"2025-04-12T14:23:43.735Z","avatar_url":"https://github.com/exploide.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# BloodHound CLI\n\nA CLI tool to interact with the [BloodHound CE](https://github.com/SpecterOps/BloodHound) API.\n\nBloodHound by SpecterOps is *the* tool to work with Active Directory attack paths, taking advantage of modeling security-relevant relationships in a graph with nodes and edges.\n\nOnce filled with data, the BloodHound database is also a great source of information useful beyond the BloodHound GUI.\nA lot of information you typically dump from LDAP is already available in BloodHound.\n`bhcli` makes this information accessible on the commandline.\nRetrieve lists of user names for further processing, grep in the description field, or even run custom Cypher queries.\n\n`bhcli` can also mark a bunch of objects as owned, import/export your custom queries and might perform an audit to search for interesting permissions.\nCheck the help message below for all features.\n\n\n## Installation\n\nThis tool is not published on PyPi yet, but as with any Python tool, just fetch the repository and install it.\nFor example using a virtualenv and `pip`:\n\n```console\n$ git clone https://github.com/exploide/bloodhound-cli.git\n$ cd bloodhound-cli\n$ python3 -m venv venv\n$ source venv/bin/activate\n$ pip install .\n```\n\nOr using `pipx` which handles the virtualenv automatically:\n\n```console\n$ git clone https://github.com/exploide/bloodhound-cli.git\n$ cd bloodhound-cli\n$ pipx install .\n```\n\n\n### Tab Completion\n\nThanks to the Click framework, you can get tab completion for the `bhcli` command for free.\nAt least if your shell is bash, zsh or fish.\nSee the [click documentation](https://click.palletsprojects.com/en/latest/shell-completion/#enabling-completion) if you want to enable this feature.\nCheck it out, everything is 3x more awesome with tab completions!\n\n\n## Usage\n\n```console\n$ bhcli --help\nUsage: bhcli [OPTIONS] COMMAND [ARGS]...\n\n  CLI tool to interact with the BloodHound CE API\n\nOptions:\n  --debug     Enable debug output.\n  --version   Show the version and exit.\n  -h, --help  Show this message and exit.\n\nCommands:\n  audit      Audit domains for potential security issues.\n  auth       Authenticate to the server and configure an API token.\n  computers  Get lists of computers.\n  cypher     Run a raw Cypher query and print the response as JSON.\n  domains    Get lists of domains.\n  groups     Get lists of groups.\n  mark       Mark objects as belonging to an asset group.\n  members    Get lists of group members.\n  queries    Import and export custom queries.\n  stats      Get statistics on domains.\n  upload     Upload and ingest files from the BloodHound collector.\n  users      Get lists of users.\n```\n\nPassing `-h` to any of the subcommands will show the usage for the specific subcommand.\n\n\n### auth\n\nThe `auth` subcommand is used to do the initial authentication to the BloodHound server, create a new API token and store it in the config file.\nThe config file is by default located at `$HOME/.config/bhcli/bhcli.ini` but respects `$XDG_CONFIG_HOME`.\n\n```console\n$ bhcli auth http://localhost:8080\nUsername: admin\nPassword:\nINFO: Authenticating to the BloodHound server...\nINFO: Creating new API token...\nINFO: Storing API token to config file: /home/user/.config/bhcli/bhcli.ini\nINFO: bhcli is now configured and ready to access the API.\n```\n\n\n### upload\n\nThe `upload` subcommand can be used to ingest data from JSON or ZIP files into the BloodHound database.\n\n```console\n$ bhcli upload *.zip\nINFO: Starting new file upload job...\nINFO: Uploading file 20240404165636_BloodHound.zip\nINFO: Ending file upload job...\nINFO: Now waiting for ingestion being complete...\nINFO: Ingestion completed, the data is now available.\n```\n\n\n### domains\n\nThe `domains` subcommand outputs the domains known to BloodHound.\n\n```console\n$ bhcli domains --sid\nDEV.CONTOSO.COM\tS-1-5-21-3196737421-3229850471-3263425470\nCONTOSO.COM\tS-1-5-21-1625355769-4140374492-270706875\n```\n\n\n### users\n\nThe `users` subcommand outputs lists of user objects.\n\n```console\n$ bhcli users --domain dev.contoso.com --enabled --description\nADMINISTRATOR@DEV.CONTOSO.COM\tBuilt-in account for administering the computer/domain\nAPACHESVC@DEV.CONTOSO.COM\nJULIA@DEV.CONTOSO.COM\nSQLSVC01@DEV.CONTOSO.COM\n...\n```\n\n\n### computers\n\nThe `computers` subcommand outputs lists of computer objects.\n\n```console\n$ bhcli computers --domain dev.contoso.com --sam\nDC02.DEV.CONTOSO.COM\tDC02$\nWEB06.DEV.CONTOSO.COM\tWEB06$\n...\n```\n\n\n### groups\n\nThe `groups` subcommand outputs lists of group objects.\n\n```console\n$ bhcli groups\nACCESS CONTROL ASSISTANCE OPERATORS@DEV.CONTOSO.COM\nACCOUNT OPERATORS@DEV.CONTOSO.COM\nADMINISTRATORS@DEV.CONTOSO.COM\nALLOWED RODC PASSWORD REPLICATION GROUP@DEV.CONTOSO.COM\n...\n```\n\n\n### members\n\nThe `members` subcommand outputs lists of group members.\n\n```console\n$ bhcli members --indirect 'DOMAIN ADMINS@DEV.CONTOSO.COM'\nADMINISTRATOR@DEV.CONTOSO.COM\nJULIA@DEV.CONTOSO.COM\n...\n```\n\n\n### stats\n\nThe `stats` subcommand is useful to get a statistical overview about the domain.\n\n```console\n$ bhcli stats -d contoso.com\n┌────────────────────┬─────────┬─────────┐\n│ CONTOSO.COM        │   all   │ enabled │\n├────────────────────┼─────────┼─────────┤\n│ User Accounts      │      40 │      25 │\n│ Computer Accounts  │      11 │      10 │\n│ Domain Admins      │       4 │       3 │\n│ Domain Controllers │       1 │       1 │\n│ Protected Users    │       0 │       0 │\n│ Groups             │      84 │         │\n│ Root CAs           │       1 │         │\n│ Enterprise CAs     │       2 │         │\n│ Cert Templates     │      43 │         │\n└────────────────────┴─────────┴─────────┘\n```\n\n\n### audit\n\nThe `audit` subcommand reports potential security issues within the domain, which might lead to a quick win.\n\n```console\n$ bhcli audit -d contoso.com\nCONTOSO.COM\n=========\n\n[*] Interesting privileges for domain users or computers\n    2 relations found\nGroup                                  Relation            Target                  Kind of Target\nAUTHENTICATED USERS@CONTOSO.COM        ADCSESC1            CONTOSO.COM             Domain\nEVERYONE@CONTOSO.COM                   GenericWrite        JANE@CONTOSO.COM        User\n\n[*] Interesting privileges for guests\n    0 relations found\n\n[*] Kerberoastable user accounts of high value (enabled, no MSA/gMSA)\n    1 accounts found\nADMINISTRATOR@CONTOSO.COM\n\n[*] AS-REP-roastable user accounts (enabled)\n    1 accounts found\nJOHN@CONTOSO.COM\n\n[*] Accounts trusted for unconstrained delegation (enabled, no DCs)\n    1 accounts found\nAPPSRV02.CONTOSO.COM\n```\n\n\n### mark\n\nThe `mark` subcommand allows to mark a bunch of user and computer objects as belonging to an asset group.\nBloodHound comes with the asset groups `owned` and `admin_tier_0` by default, but custom groups can be created, too.\n\n```console\n$ bhcli mark owned --file successful_password_spraying.txt\nINFO: Marked 6 objects as owned.\n```\n\n\n### queries\n\nThe `queries` subcommand allows to import and export custom Cypher queries.\nThe import file must either be in the format that the `--save` option produces or in the legacy Bloodhound's `customqueries.json` format.\nNote that not everything from the latter might be compatible.\n\n```console\n$ bhcli queries my-bloodhound-queries.json\nINFO: Imported 12 custom queries.\n```\n\n\n### cypher\n\nThe `cypher` subcommand lets you directly run a Cypher query against the database.\nIt outputs JSON data which can be further processed, e.g. with `jq`.\n\n```console\n$ bhcli cypher 'MATCH (c:Computer) RETURN c' | jq -c '.nodes[].properties | [.name, .haslaps]'\n[\"WEB06.DEV.CONTOSO.COM\",true]\n[\"DC02.DEV.CONTOSO.COM\",false]\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fexploide%2Fbloodhound-cli","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fexploide%2Fbloodhound-cli","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fexploide%2Fbloodhound-cli/lists"}