Coder Social home page Coder Social logo

fancysauced / bofhound Goto Github PK

View Code? Open in Web Editor NEW

This project forked from fortalice/bofhound

0.0 0.0 0.0 531 KB

Generate BloodHound compatible JSON from logs written by ldapsearch BOF and pyldapsearch

License: BSD 4-Clause "Original" or "Old" License

Python 100.00%

bofhound's Introduction

 _____________________________ __    __    ______    __    __   __   __   _______
|   _   /  /  __   / |   ____/|  |  |  |  /  __  \  |  |  |  | |  \ |  | |       \
|  |_)  | |  |  |  | |  |__   |  |__|  | |  |  |  | |  |  |  | |   \|  | |  .--.  |
|   _  <  |  |  |  | |   __|  |   __   | |  |  |  | |  |  |  | |  . `  | |  |  |  |
|  |_)  | |  `--'  | |  |     |  |  |  | |  `--'  | |  `--'  | |  |\   | |  '--'  |
|______/   \______/  |__|     |__|  |___\_\________\_\________\|__| \___\|_________\

                              by Fortalice ✪

BOFHound

BOFHound is an offline BloodHound ingestor and LDAP result parser compatible with TrustedSec's ldapsearch BOF and the Python adaptation, pyldapsearch.

By parsing log files generated by the aforementioned tools, BOFHound allows operators to utilize BloodHound's beloved interface while maintaining full control over the LDAP queries being run and the spped at which they are executed. This leaves room for operator discretion to account for potential honeypot accounts, expensive LDAP query thresholds and other detection mechanisms designed with the traditional, automated BloodHound collectors in mind.

Blog - Granularize Your AD Recon Game

Installation

BOFHound can be installed with pip3 install bofhound or by cloning this repository and running pip3 install ..

Usage

Usage: bofhound [OPTIONS]

  Generate BloodHound compatible JSON from logs written by ldapsearch BOF and
  pyldapsearch

Options:
  -i, --input TEXT      Directory or file containing logs of ldapsearch
                        results  [default: /opt/cobaltstrike/logs]
  -o, --output TEXT     Location to export bloodhound files  [default: .]
  -a, --all-properties  Write all properties to BloodHound files (instead of
                        only common properties)
  --debug               Enable debug output
  -z, --zip             Compress the JSON output files into a zip archive
  --help                Show this message and exit.

Example Usage

Parse ldapseach BOF results from Cobalt Strike logs (/opt/cobaltstrike/logs by default) to /data/

bofhound -o /data/

Parse pyldapsearch logs and only include common BloodHound properties

bofhound -i ~/.pyldapsearch/logs/ --all-properties

ldapsearch Query Examples

Required Data

The following attributes are required for proper functionality:

samaccounttype
dn
objectsid

Get All the Data (Maybe Run BloodHound Instead?)

ldapsearch (objectclass=*)

Retrieve All Schema Info

ldapsearch (schemaIDGUID=*) name,schemaidguid -1 "" CN=Schema,CN=Configuration,DC=windomain,DC=local

Retrieve Only the ms-Mcs-AdmPwd schemaIDGUID

ldapsearch (name=ms-mcs-admpwd) name,schemaidguid 1 "" CN=Schema,CN=Configuration,DC=windomain,DC=local

Development

bofhound uses Poetry to manage dependencies. Install from source and setup for development with:

git clone https://github.com/fortalice/bofhound
cd bofhound
poetry install
poetry run bofhound --help

bofhound's People

Contributors

coffeegist avatar erjanmx avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.