Skip to main content

BloodHound Community

Install BloodHound Community edition

sudo curl -L https://ghst.ly/getbhce | sudo docker compose -f - up

Sometimes (and I can't remember why) the command is docker-compose instead of docker compose.

Parse list of machine names from a cypher query

This used to work on the old (non-Community) edition when you needed to grep a list of endpoints affected by a specific query to create a nice, clean list of machines (one per line). I need to test against Community:

grep -o '"label":"[^"]*"' machine-names.json | cut -d':' -f2 | tr -d '"' | sort | uniq

Or it might be this one:

cat comps.json | jq '.data[].Properties.name' | sed 's/"//g' | sort -f > allmachines.txt

This script pulls computer names and dates and converts from Unix timestamp with newest date at the top

jq -r '.data | sort_by(.Properties.whencreated) | reverse[] | "\(.Properties.name) \(.Properties.whencreated | todate)"' 20240918113133_computers.json

Get a list of all users that have a non-empty description (h/t BusyR)

cat *_users.json | jq -r ' .data[].Properties | select ( .enabled == true) | select (.description != null) .name + ":" + .description' | tee users_with_description.txt

Create a txt file with all enabled users (h/t BusyR)

cat *_users.json | jq -r ' .data[].Properties | select ( .enabled == true) | .samaccountname' | tee users.txt