#
bloodhound-ce.py
Syntax for grabbing a Python-based BloodHound collection.
#
Run a Bloodhound CE collection
bloodhound-ce.py --zip -c All -d domain.com -u lowpriv -p 'LowPrivPass$' -dc 192.168.10.10
#
Run with hashes instead of account username/password
bloodhound-ce.py --zip -c All -d domain.com -u lowpriv --hashes :xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx -dc 192.168.10.10
#
Run the modified version from SpecterOps
On a recent pentest I compromised a user who could join machines to the domain, and I learned on BloodHound Slack that my compromised user might have more underlying powers (as discussed here). To explore this I had to install a modified BloodHound.py as follows:
# Grab only the bloodhound-ce branch into a new folder
git clone --branch bloodhound-ce --single-branch https://github.com/garrettfoster13/BloodHound.py.git BloodHoundCE
# Change to the tool directory
cd BloodHoundCE
# Create + activate a fresh venv alongside this checkout
python3 -m venv venv
source venv/bin/activate
# Upgrade pip/setuptools to avoid build issues
pip install -U pip setuptools wheel
# Install the package (editable mode so your venv points directly at this checkout)
pip install -e .
# Sanity check
git rev-parse --abbrev-ref HEAD # should print: bloodhound-ce
./bloodhound.py --helpRun the collection:
/bloodhound.py --zip -c All -d domain -u lowpriv -p 'xxxxx' -dc dc1.domain.com