CypherDog2.1
PoSh BloodHound Dog Whisperer
aka PowerShell Cmdlets to interact with BloodHound Data via Neo4j REST API
Index
| Cmdlet | Synopsis |
|---|---|
| Get-BloodHoundCmdlet | BloodHound RTFM - Get Cmdlet |
| Send-BloodHoundPost | BloodHound POST - Cypher to REST API |
| Get-BloodHoundNode | BloodHound Node - Get Node |
| Search-BloodHoundNode | BloodHound Node - Search Node |
| New-BloodHoundNode | BloodHound Node - Create Node |
| Set-BloodHoundNode | BloodHound Node - Update Node |
| Remove-BloodHoundNode | BloodHound Node - Delete Node |
| Get-BloodHoundNodeList | BloodHound Node - Get List |
| Get-BloodHoundNodeHighValue | BloodHound Node - Get HighValue |
| Get-BloodHoundNodeOwned | BloodHound Node - Get Owned |
| Get-BloodHoundNodeNote | BloodHound Node - Get Note |
| Set-BloodHoundNodeNote | BloodHound Node - Set Notes |
| Get-BloodHoundBlacklist | BloodHound Node - Get Blacklist |
| Set-BloodHoundBlacklist | BloodHound Node - Set Blacklist |
| Remove-BloodHoundBlacklist | BloodHound Node - Remove Blacklist |
| Get-BloodHoundEdge | BloodHound Edge - Get Target |
| Get-BloodHoundEdgeReverse | BloodHound Edge - Get Source |
| Get-BloodHoundEdgeCrossDomain | BloodHound Edge - Get CrossDomain |
| Get-BloodHoundEdgeCount | BloodHound Edge - Get Count |
| Get-BloodHoundEdgeInfo | BloodHound Edge - Get Info |
| New-BloodHoundEdge | BloodHound Edge - Create Edge |
| Remove-BloodHoundEdge | BloodHound Edge - Delete Edge |
| Get-BloodHoundPathShort | BloodHound Path - Get Shortest |
| Get-BloodHoundPathAny | BloodHound Path - Get Any |
| Get-BloodHoundPathCost | BloodHound Path - Get Cost |
| Get-BloodHoundPathCheap | BloodHound Path - Get Cheapest |
| Get-BloodHoundWald0IO | BloodHound Path - Get Wald0 Index |
Go to Notes
Get-BloodHoundCmdlet
Alias: BloodHound, CypherDog
Back to Index
Synopsis
BloodHound RTFM - Get Cmdlet
Description
Get Bloodhound [CypherDog] Cmdlets
Syntax
Get-BloodHoundCmdlet [-Online] [+]
Parameters
Online
| Mandatory | false |
| Type | switch |
| Position | named |
| Default | False |
| PipelineInput | false |
| Dynamic | False |
| Alias | |
Examples
-------------------------- EXAMPLE 1 --------------------------
BloodHoundBack to Cmdlet
Send-BloodHoundPost
Alias: DogPost
Back to Index
Synopsis
BloodHound POST - Cypher to REST API
Description
Post Cypher Query to DB REST API
DogPost $Query [$Params] [-expand <prop,prop>]
Syntax
Send-BloodHoundPost [-Query] <String> [[-Params] <Hashtable>] [[-Expand] <String[]>] [-Profile] [+]
Parameters
Query
| Mandatory | true |
| Type | string |
| Position | 1 |
| Default | |
| PipelineInput | false |
| Dynamic | False |
| Alias | |
Params
| Mandatory | false |
| Type | hashtable |
| Position | 2 |
| Default | |
| PipelineInput | false |
| Dynamic | False |
| Alias | |
Expand
| Mandatory | false |
| Type | string[] |
| Position | 3 |
| Default | @('data','data') |
| PipelineInput | false |
| Dynamic | False |
| Alias | x |
Profile
| Mandatory | false |
| Type | switch |
| Position | named |
| Default | False |
| PipelineInput | false |
| Dynamic | False |
| Alias | |
Examples
-------------------------- EXAMPLE 1 -------------------------- $query="MATCH
n:User
RETURN n"
DogPost $Query
-------------------------- EXAMPLE 2 -------------------------- $query = "MATCH
A:Computer {name: {ParamA}}
RETURN A"
$Params = @{ParamA="APOLLO.EXTERNAL.LOCAL"} DogPost $Query $Params
-------------------------- EXAMPLE 3 --------------------------
B
RETURN x"
$Params= @{ParamA="[email protected]";ParamB="DOMAIN [email protected]"} DogPost $Query $Params -Expand Data | ToPathObj
-------------------------- EXAMPLE 4 --------------------------
$Query="MATCHU:User -[r:MemberOf|:AdminTo*1..]-> C:Computer WITH U.name as n, COUNT DISTINCT C as c RETURN {Name: n, Count: c} as SingleColumn ORDER BY c DESC LIMIT 10" DogPost $Query -x Data
Back to Cmdlet
Get-BloodHoundNode
Alias: Get-Node, Node
Back to Index
Synopsis
BloodHound Node - Get Node
Description
Get BloodHound Node by Type and Name(s)
Syntax
Get-BloodHoundNode [-Type] {Computer | Domain | Group | User | GPO | OU} [-Label] [-Notes] [-Cypher] [+]
Parameters
Type
| Mandatory | true |
| Type | NodeType |
| Position | 1 |
| Default | |
| PipelineInput | false |
| Dynamic | False |
| Alias | |
Label
| Mandatory | false |
| Type | switch |
| Position | named |
| Default | False |
| PipelineInput | false |
| Dynamic | False |
| Alias | |
Notes
| Mandatory | false |
| Type | switch |
| Position | named |
| Default | False |
| PipelineInput | false |
| Dynamic | False |
| Alias | |
Cypher
| Mandatory | false |
| Type | switch |
| Position | named |
| Default | False |
| PipelineInput | false |
| Dynamic | False |
| Alias | |
Name
| Mandatory | |
| Type | string[] |
| Position | |
| Default | |
| PipelineInput | |
| Dynamic | True |
| Alias | |
Examples
-------------------------- EXAMPLE 1 --------------------------
Get-BloodhoundNode User-------------------------- EXAMPLE 2 --------------------------
Node User BRITNI_GIRARDIN@DOMAIN.LOCALBack to Cmdlet
Search-BloodHoundNode
Alias: NodeSearch, Search-Node
Back to Index
Synopsis
BloodHound Node - Search Node
Description
Search Nodes by partial Name or Properties
Syntax
Search-BloodHoundNode [[-Type] {Computer | Domain | Group | User | GPO | OU}] [-Key] <Regex> [-Sensitive] [-Cypher] [+]
Search-BloodHoundNode [[-Type] {Computer | Domain | Group | User | GPO | OU}] -Label <String> [-Cypher] [+]
Search-BloodHoundNode [[-Type] {Computer | Domain | Group | User | GPO | OU}] -Label <String> -NotExist [-Cypher] [+]
Search-BloodHoundNode [[-Type] {Computer | Domain | Group | User | GPO | OU}] -Property <String> [-Cypher] [+]
Search-BloodHoundNode [[-Type] {Computer | Domain | Group | User | GPO | OU}] -Property <String> -Value <String> [-Cypher] [+]
Search-BloodHoundNode [[-Type] {Computer | Domain | Group | User | GPO | OU}] -Property <String> -NotExist [-Cypher] [+]
Parameters
Type
Node Type
| Mandatory | false |
| Type | NodeType |
| Position | 1 |
| Default | |
| PipelineInput | false |
| Dynamic | False |
| Alias | |
Property
Property Name
| Mandatory | true |
| Type | string |
| Position | named |
| Default | |
| PipelineInput | false |
| Dynamic | False |
| Alias | |
Label
Label
| Mandatory | true |
| Type | string |
| Position | named |
| Default | |
| PipelineInput | false |
| Dynamic | False |
| Alias | |
Value
Property Name & Value
| Mandatory | true |
| Type | string |
| Position | named |
| Default | |
| PipelineInput | false |
| Dynamic | False |
| Alias | |
NotExist
Property/Label doesn't exists
| Mandatory | true |
| Type | switch |
| Position | named |
| Default | False |
| PipelineInput | false |
| Dynamic | False |
| Alias | |
Key
KeyWord
| Mandatory | true |
| Type | regex |
| Position | 2 |
| Default | |
| PipelineInput | false |
| Dynamic | False |
| Alias | |
Sensitive
Case Sensitive
| Mandatory | false |
| Type | switch |
| Position | named |
| Default | False |
| PipelineInput | false |
| Dynamic | False |
| Alias | |
Cypher
Show Cypher
| Mandatory | false |
| Type | switch |
| Position | named |
| Default | False |
| PipelineInput | false |
| Dynamic | False |
| Alias | |
Examples
-------------------------- EXAMPLE 1 --------------------------
NodeSearch Group admin-------------------------- EXAMPLE 2 --------------------------
Nodesearch User -Property sensitive -Value $trueBack to Cmdlet
New-BloodHoundNode
Alias: New-Node, NodeCreate
Back to Index
Synopsis
BloodHound Node - Create Node
Description
Create New Node by type
Syntax
New-BloodHoundNode [-Type] {Computer | Domain | Group | User | GPO | OU} [-Name] <String[]> [-Cypher] [+]
New-BloodHoundNode [-Type] {Computer | Domain | Group | User | GPO | OU} [-Name] <String[]> [[-Property] <Hashtable>] [-Cypher] [+]
New-BloodHoundNode [-Type] {Computer | Domain | Group | User | GPO | OU} [-Name] <String[]> -Clone [-Cypher] [+]
Parameters
Type
Node Type [Mandatory]
| Mandatory | true |
| Type | NodeType |
| Position | 1 |
| Default | |
| PipelineInput | false |
| Dynamic | False |
| Alias | |
Name
Node Name [Mandatory]
| Mandatory | true |
| Type | string[] |
| Position | 2 |
| Default | |
| PipelineInput | true (ByValue) |
| Dynamic | False |
| Alias | |
Property
Specify Node Properties [Option]
| Mandatory | false |
| Type | hashtable |
| Position | 3 |
| Default | |
| PipelineInput | false |
| Dynamic | False |
| Alias | |
Clone
Clone similar Node Properties [Option]
| Mandatory | true |
| Type | switch |
| Position | named |
| Default | False |
| PipelineInput | false |
| Dynamic | False |
| Alias | |
Cypher
Cypher [Option]
| Mandatory | false |
| Type | switch |
| Position | named |
| Default | False |
| PipelineInput | false |
| Dynamic | False |
| Alias | |
Examples
-------------------------- EXAMPLE 1 --------------------------
New-BloodHoundNode -Type User -name Bob-------------------------- EXAMPLE 2 --------------------------
NodeCreate User BobBack to Cmdlet
Set-BloodHoundNode
Alias: NodeUpdate, Set-Node
Back to Index
Synopsis
BloodHound Node - Update Node
Description
Update BloodHound Node Properties
Syntax
Set-BloodHoundNode [-Type] {Computer | Domain | Group | User | GPO | OU} [-Cypher] [+]
Set-BloodHoundNode [-Type] {Computer | Domain | Group | User | GPO | OU} -Delete [-Cypher] [+]
Set-BloodHoundNode [-Type] {Computer | Domain | Group | User | GPO | OU} [-Cypher] -Label [+]
Set-BloodHoundNode [-Type] {Computer | Domain | Group | User | GPO | OU} -Delete [-Cypher] -Label [+]
Parameters
Type
| Mandatory | true |
| Type | NodeType |
| Position | 1 |
| Default | |
| PipelineInput | false |
| Dynamic | False |
| Alias | |
Delete
| Mandatory | true |
| Type | switch |
| Position | named |
| Default | False |
| PipelineInput | false |
| Dynamic | False |
| Alias | |
Cypher
| Mandatory | false |
| Type | switch |
| Position | named |
| Default | False |
| PipelineInput | false |
| Dynamic | False |
| Alias | |
Label
| Mandatory | true |
| Type | switch |
| Position | named |
| Default | False |
| PipelineInput | false |
| Dynamic | False |
| Alias | |
Name
| Mandatory | |
| Type | string[] |
| Position | |
| Default | |
| PipelineInput | |
| Dynamic | True |
| Alias | |
Property
| Mandatory | |
| Type | hashtable |
| Position | |
| Default | |
| PipelineInput | |
| Dynamic | True |
| Alias | |
Examples
-------------------------- EXAMPLE 1 --------------------------
Set-BloodHoundNode User Bob @{MyProp='This'}Back to Cmdlet
Remove-BloodHoundNode
Alias: NodeDelete, Remove-Node
Back to Index
Synopsis
BloodHound Node - Delete Node
Description
Delete Bloodhound Node from Database
Syntax
Remove-BloodHoundNode [-Type] {Computer | Domain | Group | User | GPO | OU} [-Force] [-Cypher] [?] [+]
Parameters
Type
Node Type [Mandatory]
| Mandatory | true |
| Type | NodeType |
| Position | 1 |
| Default | |
| PipelineInput | false |
| Dynamic | False |
| Alias | |
Force
Force (Skip Confirm)
| Mandatory | false |
| Type | switch |
| Position | named |
| Default | False |
| PipelineInput | false |
| Dynamic | False |
| Alias | x |
Cypher
Force (Skip Confirm)
| Mandatory | false |
| Type | switch |
| Position | named |
| Default | False |
| PipelineInput | false |
| Dynamic | False |
| Alias | |
Name
| Mandatory | |
| Type | string[] |
| Position | |
| Default | |
| PipelineInput | |
| Dynamic | True |
| Alias | |
Examples
-------------------------- EXAMPLE 1 --------------------------
Remove-BloodhoundNode Remove-BloodHoundNode -Type User -Name Bob-------------------------- EXAMPLE 2 --------------------------
NodeDelete User Bob -ForceBack to Cmdlet
Get-BloodHoundNodeList
Alias: List, NodeList
Back to Index
Synopsis
BloodHound Node - Get List
Description
List BloodHound nodes per Edge
Syntax
Get-BloodHoundNodeList [-Type] <String> [+]
Parameters
Type
| Mandatory | true |
| Type | string |
| Position | 1 |
| Default | |
| PipelineInput | false |
| Dynamic | False |
| Alias | |
Name
| Mandatory | |
| Type | string |
| Position | |
| Default | |
| PipelineInput | |
| Dynamic | True |
| Alias | |
Domain
| Mandatory | |
| Type | string |
| Position | |
| Default | |
| PipelineInput | |
| Dynamic | True |
| Alias | |
Cypher
| Mandatory | |
| Type | switch |
| Position | |
| Default | |
| PipelineInput | |
| Dynamic | True |
| Alias | |
Examples
-------------------------- EXAMPLE 1 --------------------------
List Membership ALBINA_BRASHEAR@DOMAIN.LOCALBack to Cmdlet
Get-BloodHoundNodeHighValue
Alias: Get-NodeHighValue, HighValue
Back to Index
Synopsis
BloodHound Node - Get HighValue
Description
Get Bloodhound HighValueNode
Syntax
Get-BloodHoundNodeHighValue [[-Type] <String>] [+]
Parameters
Type
| Mandatory | false |
| Type | string |
| Position | 1 |
| Default | User |
| PipelineInput | false |
| Dynamic | False |
| Alias | |
Domain
| Mandatory | |
| Type | string |
| Position | |
| Default | |
| PipelineInput | |
| Dynamic | True |
| Alias | |
Examples
-------------------------- EXAMPLE 1 --------------------------
HighValue UserBack to Cmdlet
Get-BloodHoundNodeOwned
Alias: Get-NodeOwned, Owned
Back to Index
Synopsis
BloodHound Node - Get Owned
Description
Get BloodHound Owned Nodes per type
Syntax
Get-BloodHoundNodeOwned [[-Type] <String>] [+]
Parameters
Type
| Mandatory | false |
| Type | string |
| Position | 1 |
| Default | Computer |
| PipelineInput | false |
| Dynamic | False |
| Alias | |
Domain
| Mandatory | |
| Type | string |
| Position | |
| Default | |
| PipelineInput | |
| Dynamic | True |
| Alias | |
Examples
-------------------------- EXAMPLE 1 --------------------------
Owned ComputerBack to Cmdlet
Get-BloodHoundNodeNote
Alias: NodeNote, Note
Back to Index
Synopsis
BloodHound Node - Get Note
Description
Get BloodHound Node Notes
Syntax
Get-BloodHoundNodeNote [-Type] {Computer | Domain | Group | User | GPO | OU} [-Cypher] [+]
Parameters
Type
| Mandatory | true |
| Type | NodeType |
| Position | 1 |
| Default | |
| PipelineInput | false |
| Dynamic | False |
| Alias | |
Cypher
| Mandatory | false |
| Type | switch |
| Position | named |
| Default | False |
| PipelineInput | false |
| Dynamic | False |
| Alias | |
Name
| Mandatory | |
| Type | string[] |
| Position | |
| Default | |
| PipelineInput | |
| Dynamic | True |
| Alias | |
Examples
-------------------------- EXAMPLE 1 --------------------------
note user ALBINA_BRASHEAR@DOMAIN.LOCALBack to Cmdlet
Set-BloodHoundNodeNote
Alias: NoteUpdate, Set-NodeNote
Back to Index
Synopsis
BloodHound Node - Set Notes
Description
Set BloodHound Node Notes
Syntax
Set-BloodHoundNodeNote [-Type] {Computer | Domain | Group | User | GPO | OU} [-Overwrite] [-Stamp] [-Cypher] [+]
Set-BloodHoundNodeNote [-Type] {Computer | Domain | Group | User | GPO | OU} -Clear [-Cypher] [+]
Parameters
Type
Node Type [Mandatory]
| Mandatory | true |
| Type | NodeType |
| Position | 1 |
| Default | |
| PipelineInput | false |
| Dynamic | False |
| Alias | |
Overwrite
Overwrite
| Mandatory | false |
| Type | switch |
| Position | named |
| Default | False |
| PipelineInput | false |
| Dynamic | False |
| Alias | |
Stamp
Stamp
| Mandatory | false |
| Type | switch |
| Position | named |
| Default | False |
| PipelineInput | false |
| Dynamic | False |
| Alias | |
Clear
Cypher
| Mandatory | true |
| Type | switch |
| Position | named |
| Default | False |
| PipelineInput | false |
| Dynamic | False |
| Alias | |
Cypher
Cypher
| Mandatory | false |
| Type | switch |
| Position | named |
| Default | False |
| PipelineInput | false |
| Dynamic | False |
| Alias | |
Name
| Mandatory | |
| Type | string[] |
| Position | |
| Default | |
| PipelineInput | |
| Dynamic | True |
| Alias | |
Text
| Mandatory | |
| Type | string |
| Position | |
| Default | |
| PipelineInput | |
| Dynamic | True |
| Alias | |
Examples
-------------------------- EXAMPLE 1 --------------------------
NoteUpdate user ALBINA_BRASHEAR@DOMAIN.LOCAL 'HelloWorld'Back to Cmdlet
Get-BloodHoundBlacklist
Alias: Blacklist, Get-Blacklist
Back to Index
Synopsis
BloodHound Node - Get Blacklist
Description
Get BloodHound Node Blacklist
Syntax
Get-BloodHoundBlacklist [-Type] {Computer | Domain | Group | User | GPO | OU} [+]
Parameters
Type
| Mandatory | true |
| Type | NodeType |
| Position | 1 |
| Default | |
| PipelineInput | false |
| Dynamic | False |
| Alias | |
Examples
-------------------------- EXAMPLE 1 --------------------------
Blacklist UserBack to Cmdlet
Set-BloodHoundBlacklist
Alias: BlacklistAdd, Set-Blacklist
Back to Index
Synopsis
BloodHound Node - Set Blacklist
Description
Set BloodHound Blacklist Node
Syntax
Set-BloodHoundBlacklist [-Type] {Computer | Domain | Group | User | GPO | OU} [+]
Parameters
Type
| Mandatory | true |
| Type | NodeType |
| Position | 1 |
| Default | |
| PipelineInput | false |
| Dynamic | False |
| Alias | |
Name
| Mandatory | |
| Type | string[] |
| Position | |
| Default | |
| PipelineInput | |
| Dynamic | True |
| Alias | |
Cypher
| Mandatory | |
| Type | switch |
| Position | |
| Default | |
| PipelineInput | |
| Dynamic | True |
| Alias | |
Examples
-------------------------- EXAMPLE 1 --------------------------
BlacklistUpdate User BobBack to Cmdlet
Remove-BloodHoundBlacklist
Alias: BlacklistDelete, Remove-Blacklist
Back to Index
Synopsis
BloodHound Node - Remove Blacklist
Description
Remove Node from blacklist
Syntax
Remove-BloodHoundBlacklist [-Type] {Computer | Domain | Group | User | GPO | OU} [+]
Parameters
Type
| Mandatory | true |
| Type | NodeType |
| Position | 1 |
| Default | |
| PipelineInput | false |
| Dynamic | False |
| Alias | |
| Mandatory | |
| Type | |
| Position | |
| Default | |
| PipelineInput | |
| Dynamic | |
| Alias | |
| Mandatory | |
| Type | |
| Position | |
| Default | |
| PipelineInput | |
| Dynamic | |
| Alias | |
Examples
-------------------------- EXAMPLE 1 --------------------------
BlacklistDelete User BobBack to Cmdlet
Get-BloodHoundEdge
Alias: Edge, Get-Edge, WhereTo
Back to Index
Synopsis
BloodHound Edge - Get Target
Description
Specify Source Name / Return Target
Syntax
Get-BloodHoundEdge [-SourceType] {Computer | Domain | Group | User | GPO | OU} [+]
Parameters
SourceType
| Mandatory | true |
| Type | NodeType |
| Position | 1 |
| Default | |
| PipelineInput | false |
| Dynamic | False |
| Alias | |
Name
| Mandatory | |
| Type | string[] |
| Position | |
| Default | |
| PipelineInput | |
| Dynamic | True |
| Alias | |
EdgeType
| Mandatory | |
| Type | EdgeType |
| Position | |
| Default | |
| PipelineInput | |
| Dynamic | True |
| Alias | |
TargetType
| Mandatory | |
| Type | NodeType |
| Position | |
| Default | |
| PipelineInput | |
| Dynamic | True |
| Alias | |
Degree
| Mandatory | |
| Type | string |
| Position | |
| Default | |
| PipelineInput | |
| Dynamic | True |
| Alias | |
Cypher
| Mandatory | |
| Type | switch |
| Position | |
| Default | |
| PipelineInput | |
| Dynamic | True |
| Alias | |
Examples
-------------------------- EXAMPLE 1 --------------------------
Edge user ALBINA_BRASHEAR@DOMAIN.LOCAL MemberOf GroupBack to Cmdlet
Get-BloodHoundEdgeReverse
Alias: EdgeR, Get-EdgeR, What
Back to Index
Synopsis
BloodHound Edge - Get Source
Description
Specify Target Name / Return Source
Syntax
Get-BloodHoundEdgeReverse [-SourceType] {Computer | Domain | Group | User | GPO | OU} [-EdgeType] {MemberOf | HasSession | AdminTo | TrustedBy | AllExtendedRights | AddMember | ForceChangePassword | GenericAll | GenericWrite | Owns | WriteDacl | WriteOwner | ReadLAPSPassword | Contains | GpLink | CanRDP | ExecuteDCOM | AllowedToDelegate} [-TargetType] {Computer | Domain | Group | User | GPO | OU} [+]
Parameters
SourceType
| Mandatory | true |
| Type | NodeType |
| Position | 1 |
| Default | |
| PipelineInput | false |
| Dynamic | False |
| Alias | |
EdgeType
| Mandatory | true |
| Type | EdgeType |
| Position | 2 |
| Default | |
| PipelineInput | false |
| Dynamic | False |
| Alias | |
TargetType
| Mandatory | true |
| Type | NodeType |
| Position | 3 |
| Default | |
| PipelineInput | false |
| Dynamic | False |
| Alias | |
Name
| Mandatory | |
| Type | string[] |
| Position | |
| Default | |
| PipelineInput | |
| Dynamic | True |
| Alias | |
Degree
| Mandatory | |
| Type | string |
| Position | |
| Default | |
| PipelineInput | |
| Dynamic | True |
| Alias | |
Cypher
| Mandatory | |
| Type | switch |
| Position | |
| Default | |
| PipelineInput | |
| Dynamic | True |
| Alias | |
Examples
-------------------------- EXAMPLE 1 --------------------------
EdgeR User MemberOf Group ADMINISTRATORS@SUB.DOMAIN.LOCALBack to Cmdlet
Get-BloodHoundEdgeCrossDomain
Alias: CrossDomain
Back to Index
Synopsis
BloodHound Edge - Get CrossDomain
Description
Get BloodHound Cross Domain Member|Session Relationships
Syntax
Get-BloodHoundEdgeCrossDomain [-Type] <String> [-Cypher] [+]
Parameters
Type
| Mandatory | true |
| Type | string |
| Position | 1 |
| Default | |
| PipelineInput | false |
| Dynamic | False |
| Alias | |
Cypher
| Mandatory | false |
| Type | switch |
| Position | named |
| Default | False |
| PipelineInput | false |
| Dynamic | False |
| Alias | |
Examples
-------------------------- EXAMPLE 1 --------------------------
Get-BloodHoundCrossDomain Session-------------------------- EXAMPLE 2 --------------------------
CrossDomain MemberBack to Cmdlet
Get-BloodHoundEdgeCount
Alias: EdgeCount, TopNode
Back to Index
Synopsis
BloodHound Edge - Get Count
Description
Get Top Nodes By Edge Count
Syntax
Get-BloodHoundEdgeCount [-type] <String> [-Limit <Int32>] [-Cypher] [+]
Parameters
type
| Mandatory | true |
| Type | string |
| Position | 1 |
| Default | |
| PipelineInput | false |
| Dynamic | False |
| Alias | |
Limit
| Mandatory | false |
| Type | int |
| Position | named |
| Default | 5 |
| PipelineInput | false |
| Dynamic | False |
| Alias | |
Cypher
| Mandatory | false |
| Type | switch |
| Position | named |
| Default | False |
| PipelineInput | false |
| Dynamic | False |
| Alias | |
Domain
| Mandatory | |
| Type | string |
| Position | |
| Default | |
| PipelineInput | |
| Dynamic | True |
| Alias | |
Examples
-------------------------- EXAMPLE 1 --------------------------
EdgeCount MembershipBack to Cmdlet
Get-BloodHoundEdgeInfo
Alias: EdgeInfo, Get-EdgeInfo
Back to Index
Synopsis
BloodHound Edge - Get Info
Description
Get BloodHound Edge Info [online]
Syntax
Get-BloodHoundEdgeInfo [-Type] {MemberOf | HasSession | AdminTo | TrustedBy | AllExtendedRights | AddMember | ForceChangePassword | GenericAll | GenericWrite | Owns | WriteDacl | WriteOwner | ReadLAPSPassword | Contains | GpLink | CanRDP | ExecuteDCOM | AllowedToDelegate} [-Online] [+]
Parameters
Type
| Mandatory | true |
| Type | EdgeType |
| Position | 1 |
| Default | |
| PipelineInput | false |
| Dynamic | False |
| Alias | |
Online
| Mandatory | false |
| Type | switch |
| Position | named |
| Default | False |
| PipelineInput | false |
| Dynamic | False |
| Alias | |
Examples
-------------------------- EXAMPLE 1 --------------------------
EdgeInfo MemberOf-------------------------- EXAMPLE 2 --------------------------
EdgeInfo MemberOf -OnlineBack to Cmdlet
New-BloodHoundEdge
Alias: EdgeCreate, New-Edge
Back to Index
Synopsis
BloodHound Edge - Create Edge
Description
Create Edges Between nodes
Syntax
New-BloodHoundEdge [-SourceType] {Computer | Domain | Group | User | GPO | OU} [-EdgeType] {MemberOf | HasSession | AdminTo | TrustedBy | AllExtendedRights | AddMember | ForceChangePassword | GenericAll | GenericWrite | Owns | WriteDacl | WriteOwner | ReadLAPSPassword | Contains | GpLink | CanRDP | ExecuteDCOM | AllowedToDelegate} [-TargetType] {Computer | Domain | Group | User | GPO | OU} [+]
Parameters
SourceType
| Mandatory | true |
| Type | NodeType |
| Position | 1 |
| Default | |
| PipelineInput | false |
| Dynamic | False |
| Alias | |
EdgeType
| Mandatory | true |
| Type | EdgeType |
| Position | 2 |
| Default | |
| PipelineInput | false |
| Dynamic | False |
| Alias | |
TargetType
| Mandatory | true |
| Type | NodeType |
| Position | 3 |
| Default | |
| PipelineInput | false |
| Dynamic | False |
| Alias | |
Name
| Mandatory | |
| Type | string[] |
| Position | |
| Default | |
| PipelineInput | |
| Dynamic | True |
| Alias | |
To
| Mandatory | |
| Type | string[] |
| Position | |
| Default | |
| PipelineInput | |
| Dynamic | True |
| Alias | |
Cypher
| Mandatory | |
| Type | switch |
| Position | |
| Default | |
| PipelineInput | |
| Dynamic | True |
| Alias | |
Examples
-------------------------- EXAMPLE 1 --------------------------
EdgeCreate User MemberOf Group ALBINA_BRASHEAR@DOMAIN.LOCAL ADMINISTRATORS@DOMAIN.LOCALBack to Cmdlet
Remove-BloodHoundEdge
Alias: EdgeDelete, Remove-Edge
Back to Index
Synopsis
BloodHound Edge - Delete Edge
Description
Remove Edge between nodes
Syntax
Remove-BloodHoundEdge [-SourceType] {Computer | Domain | Group | User | GPO | OU} [-EdgeType] {MemberOf | HasSession | AdminTo | TrustedBy | AllExtendedRights | AddMember | ForceChangePassword | GenericAll | GenericWrite | Owns | WriteDacl | WriteOwner | ReadLAPSPassword | Contains | GpLink | CanRDP | ExecuteDCOM | AllowedToDelegate} [-TargetType] {Computer | Domain | Group | User | GPO | OU} [?] [+]
Parameters
SourceType
| Mandatory | true |
| Type | NodeType |
| Position | 1 |
| Default | |
| PipelineInput | false |
| Dynamic | False |
| Alias | |
EdgeType
| Mandatory | true |
| Type | EdgeType |
| Position | 2 |
| Default | |
| PipelineInput | false |
| Dynamic | False |
| Alias | |
TargetType
| Mandatory | true |
| Type | NodeType |
| Position | 3 |
| Default | |
| PipelineInput | false |
| Dynamic | False |
| Alias | |
Name
| Mandatory | |
| Type | string[] |
| Position | |
| Default | |
| PipelineInput | |
| Dynamic | True |
| Alias | |
To
| Mandatory | |
| Type | string[] |
| Position | |
| Default | |
| PipelineInput | |
| Dynamic | True |
| Alias | |
Cypher
| Mandatory | |
| Type | switch |
| Position | |
| Default | |
| PipelineInput | |
| Dynamic | True |
| Alias | |
Examples
-------------------------- EXAMPLE 1 --------------------------
EdgeDelete User MemberOf Group ALBINA_BRASHEAR@DOMAIN.LOCAL ADMINISTRATORS@DOMAIN.LOCALBack to Cmdlet
Get-BloodHoundPathShort
Alias: Get-PathShort, Path
Back to Index
Synopsis
BloodHound Path - Get Shortest
Description
Get BloodHound Shortest/AllShortest Path
Syntax
Get-BloodHoundPathShort [-SourceType] {Computer | Domain | Group | User | GPO | OU} [-TargetType] {Computer | Domain | Group | User | GPO | OU} [+]
Parameters
SourceType
| Mandatory | true |
| Type | NodeType |
| Position | 1 |
| Default | |
| PipelineInput | false |
| Dynamic | False |
| Alias | |
TargetType
| Mandatory | true |
| Type | NodeType |
| Position | 2 |
| Default | |
| PipelineInput | false |
| Dynamic | False |
| Alias | |
Name
| Mandatory | |
| Type | string[] |
| Position | |
| Default | |
| PipelineInput | |
| Dynamic | True |
| Alias | |
To
| Mandatory | |
| Type | string[] |
| Position | |
| Default | |
| PipelineInput | |
| Dynamic | True |
| Alias | |
Edge
| Mandatory | |
| Type | string[] |
| Position | |
| Default | |
| PipelineInput | |
| Dynamic | True |
| Alias | |
Exclude
| Mandatory | |
| Type | EdgeType[] |
| Position | |
| Default | |
| PipelineInput | |
| Dynamic | True |
| Alias | |
Include
| Mandatory | |
| Type | EdgeType[] |
| Position | |
| Default | |
| PipelineInput | |
| Dynamic | True |
| Alias | |
MaxHop
| Mandatory | |
| Type | int |
| Position | |
| Default | |
| PipelineInput | |
| Dynamic | True |
| Alias | |
BlackL
| Mandatory | |
| Type | switch |
| Position | |
| Default | |
| PipelineInput | |
| Dynamic | True |
| Alias | |
All
| Mandatory | |
| Type | switch |
| Position | |
| Default | |
| PipelineInput | |
| Dynamic | True |
| Alias | |
Cypher
| Mandatory | |
| Type | switch |
| Position | |
| Default | |
| PipelineInput | |
| Dynamic | True |
| Alias | |
Examples
-------------------------- EXAMPLE 1 --------------------------
Path user Group ALBINA_BRASHEAR@DOMAIN.LOCAL 'SCHEMA [email protected]'Back to Cmdlet
Get-BloodHoundPathAny
Alias: Get-PathAny, PathAny
Back to Index
Synopsis
BloodHound Path - Get Any
Description
Get 'Any' Path
Syntax
Get-BloodHoundPathAny [-SourceType] {Computer | Domain | Group | User | GPO | OU} [-TargetType] {Computer | Domain | Group | User | GPO | OU} [+]
Parameters
SourceType
| Mandatory | true |
| Type | NodeType |
| Position | 1 |
| Default | |
| PipelineInput | false |
| Dynamic | False |
| Alias | |
TargetType
| Mandatory | true |
| Type | NodeType |
| Position | 2 |
| Default | |
| PipelineInput | false |
| Dynamic | False |
| Alias | |
Name
| Mandatory | |
| Type | string[] |
| Position | |
| Default | |
| PipelineInput | |
| Dynamic | True |
| Alias | |
To
| Mandatory | |
| Type | string[] |
| Position | |
| Default | |
| PipelineInput | |
| Dynamic | True |
| Alias | |
Edge
| Mandatory | |
| Type | string[] |
| Position | |
| Default | |
| PipelineInput | |
| Dynamic | True |
| Alias | |
Exclude
| Mandatory | |
| Type | EdgeType[] |
| Position | |
| Default | |
| PipelineInput | |
| Dynamic | True |
| Alias | |
Include
| Mandatory | |
| Type | EdgeType[] |
| Position | |
| Default | |
| PipelineInput | |
| Dynamic | True |
| Alias | |
MaxHop
| Mandatory | |
| Type | int |
| Position | |
| Default | |
| PipelineInput | |
| Dynamic | True |
| Alias | |
BlackL
| Mandatory | |
| Type | switch |
| Position | |
| Default | |
| PipelineInput | |
| Dynamic | True |
| Alias | |
Cypher
| Mandatory | |
| Type | switch |
| Position | |
| Default | |
| PipelineInput | |
| Dynamic | True |
| Alias | |
Examples
-------------------------- EXAMPLE 1 --------------------------
PathAny user Group ALBINA_BRASHEAR@DOMAIN.LOCAL 'SCHEMA [email protected]'Back to Cmdlet
Get-BloodHoundPathCost
Alias: PathCost
Back to Index
Synopsis
BloodHound Path - Get Cost
Description
Get BloodHound Path Cost
Syntax
Get-BloodHoundPathCost [-Path] <BHEdge> [+]
Parameters
Path
| Mandatory | true |
| Type | BHEdge |
| Position | 1 |
| Default | |
| PipelineInput | true (ByValue) |
| Dynamic | False |
| Alias | |
Examples
-------------------------- EXAMPLE 1 --------------------------
path user group GARY_CATANIA@SUB.DOMAIN.LOCAL 'RDS ENDPOINT [email protected]' -all | pathcostBack to Cmdlet
Get-BloodHoundPathCheap
Alias: Get-PathCheap, PathCheap
Back to Index
Synopsis
BloodHound Path - Get Cheapest
Description
Get BloodHound Cheapest Path
Syntax
Get-BloodHoundPathCheap [-SourceType] {Computer | Domain | Group | User | GPO | OU} [-TargetType] {Computer | Domain | Group | User | GPO | OU} [+]
Parameters
SourceType
| Mandatory | true |
| Type | NodeType |
| Position | 1 |
| Default | |
| PipelineInput | false |
| Dynamic | False |
| Alias | |
TargetType
| Mandatory | true |
| Type | NodeType |
| Position | 2 |
| Default | |
| PipelineInput | false |
| Dynamic | False |
| Alias | |
Name
| Mandatory | |
| Type | string |
| Position | |
| Default | |
| PipelineInput | |
| Dynamic | True |
| Alias | |
To
| Mandatory | |
| Type | string |
| Position | |
| Default | |
| PipelineInput | |
| Dynamic | True |
| Alias | |
Edge
| Mandatory | |
| Type | string[] |
| Position | |
| Default | |
| PipelineInput | |
| Dynamic | True |
| Alias | |
Exclude
| Mandatory | |
| Type | EdgeType[] |
| Position | |
| Default | |
| PipelineInput | |
| Dynamic | True |
| Alias | |
Include
| Mandatory | |
| Type | EdgeType[] |
| Position | |
| Default | |
| PipelineInput | |
| Dynamic | True |
| Alias | |
Expand
| Mandatory | |
| Type | int |
| Position | |
| Default | |
| PipelineInput | |
| Dynamic | True |
| Alias | |
BlackL
| Mandatory | |
| Type | switch |
| Position | |
| Default | |
| PipelineInput | |
| Dynamic | True |
| Alias | |
Cypher
| Mandatory | |
| Type | switch |
| Position | |
| Default | |
| PipelineInput | |
| Dynamic | True |
| Alias | |
Limit
| Mandatory | |
| Type | int |
| Position | |
| Default | |
| PipelineInput | |
| Dynamic | True |
| Alias | |
Examples
-------------------------- EXAMPLE 1 --------------------------
pathcheap user group GARY_CATANIA@SUB.DOMAIN.LOCAL 'RDS ENDPOINT [email protected]'Back to Cmdlet
Get-BloodHoundWald0IO
Alias: Get-Wald0IO, Wald0IO
Back to Index
Synopsis
BloodHound Path - Get Wald0 Index
Description
Calculate wald0 Index for specified Group
Syntax
Get-BloodHoundWald0IO [[-Name] <String>] [[-Direction] <String>] [[-Type] <String>] [[-Edge] <String[]>] [-Exclude {MemberOf | HasSession | AdminTo | TrustedBy | AllExtendedRights | AddMember | ForceChangePassword | GenericAll | GenericWrite | Owns | WriteDacl | WriteOwner | ReadLAPSPassword | Contains | GpLink | CanRDP | ExecuteDCOM | AllowedToDelegate}] [-Include {MemberOf | HasSession | AdminTo | TrustedBy | AllExtendedRights | AddMember | ForceChangePassword | GenericAll | GenericWrite | Owns | WriteDacl | WriteOwner | ReadLAPSPassword | Contains | GpLink | CanRDP | ExecuteDCOM | AllowedToDelegate}] [-DomainOnly] [-BlackL] [-Cypher] [+]
Parameters
Name
| Mandatory | false |
| Type | string |
| Position | 1 |
| Default | |
| PipelineInput | true (ByValue, ByPropertyName) |
| Dynamic | False |
| Alias | TargetGroup |
Direction
| Mandatory | false |
| Type | string |
| Position | 2 |
| Default | |
| PipelineInput | false |
| Dynamic | False |
| Alias | |
Type
| Mandatory | false |
| Type | string |
| Position | 3 |
| Default | |
| PipelineInput | false |
| Dynamic | False |
| Alias | |
Edge
| Mandatory | false |
| Type | string[] |
| Position | 4 |
| Default | |
| PipelineInput | false |
| Dynamic | False |
| Alias | |
Exclude
| Mandatory | false |
| Type | EdgeType[] |
| Position | named |
| Default | |
| PipelineInput | false |
| Dynamic | False |
| Alias | |
Include
| Mandatory | false |
| Type | EdgeType[] |
| Position | named |
| Default | |
| PipelineInput | false |
| Dynamic | False |
| Alias | |
DomainOnly
| Mandatory | false |
| Type | switch |
| Position | named |
| Default | False |
| PipelineInput | false |
| Dynamic | False |
| Alias | |
BlackL
| Mandatory | false |
| Type | switch |
| Position | named |
| Default | False |
| PipelineInput | false |
| Dynamic | False |
| Alias | |
Cypher
| Mandatory | false |
| Type | switch |
| Position | named |
| Default | False |
| PipelineInput | false |
| Dynamic | False |
| Alias | |
Examples
-------------------------- EXAMPLE 1 --------------------------
Node Group ADMINISTRATORS@DOMAIN.LOCAL | Wlad0IOBack to Cmdlet
Notes
This is it...
That's all Folks
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent