https://github.com/syss-research/ldif2bloodhound

Convert an LDIF file to JSON files ingestible by BloodHound
https://github.com/syss-research/ldif2bloodhound

active-directory bloodhound ldap ldif pentest

Last synced: about 1 year ago
JSON representation

Convert an LDIF file to JSON files ingestible by BloodHound

• Host: GitHub
• URL: https://github.com/syss-research/ldif2bloodhound
• Owner: SySS-Research
• License: mit
• Created: 2023-01-26T08:32:33.000Z (over 3 years ago)
• Default Branch: main
• Last Pushed: 2023-01-27T07:26:35.000Z (over 3 years ago)
• Last Synced: 2023-03-06T22:05:24.164Z (over 3 years ago)
• Topics: active-directory, bloodhound, ldap, ldif, pentest
• Language: Python
• Homepage:
• Size: 7.81 KB
• Stars: 21
• Watchers: 3
• Forks: 1
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
ldif2bloodhound

===============

Convert an LDIF file to JSON files ingestible by BloodHound.

The LDIF file should be retrieved like this with `ldapsearch`:

```console

$ for base in "" "CN=Schema,CN=Configuration," ; do \

    LDAPTLS_REQCERT=never ldapsearch \

    -H ldap:// \

    -D @corp.local \

    -w  \

    -b "${base}DC=corp,DC=local" \

    -x \

    -o ldif-wrap=no \

    -E pr=1000/noprompt \

    -E '!1.2.840.113556.1.4.801=::MAMCAQc=' \

    -LLL \

    -ZZ \

    '(objectClass=*)' \

    ; done >> output_$(date +%s).ldif

```

In case StartTLS does not work, remove the `-ZZ` flag and replace

`ldap://` with `ldaps://`. Or leave it at `ldap://` if you like to live

dangerously.

The second `-E` argument is needed so that ACLs are also dumped.

Then, the conversion works as follows:

```console

$ ldif2bloodhound output_*.ldif

```

For more options, run `ldif2bloodhound --help`.

The obvious limitation is that you won't get information about sessions or

local group memberships, just like with

[ADExplorerSnapshot.py](https://github.com/c3c/ADExplorerSnapshot.py).

Parsing LDIF data is more equivalent to running SharpHound with `-c DCOnly`

(perhaps even less).

[BloodHound.py](https://github.com/fox-it/BloodHound.py) is a better choice

to collect this data in most scenarios.

Installation

------------

Install with this command:

```console

$ pip install git+https://github.com/SySS-Research/ldif2bloodhound

```

Copyright and License

---------------------

SySS GmbH, Adrian Vollmer. MIT Licensed.