specterops/bloodhound-legacy

★ 10,528PowerShellAudience · ops devopsComplexity · 3/5Setup · hard

Mindmap

mindmap
  root((BloodHound Legacy))
    What it does
      Maps AD relationships
      Finds attack chains
      Graph visualization
    Use Cases
      Penetration testing
      Security audits
      Risk remediation
    Audience
      Security testers
      Red teams
    Status
      Archived 2023
      Use Community Edition

mindmap root((BloodHound Legacy)) What it does Maps AD relationships Finds attack chains Graph visualization Use Cases Penetration testing Security audits Risk remediation Audience Security testers Red teams Status Archived 2023 Use Community Edition

Click or tap to explore — scroll the page freely

Things people build with this

USE CASE 1

Map all user, computer, and permission relationships in an Active Directory environment to find hidden privilege escalation paths

USE CASE 2

Visualize the shortest attack chain from any compromised account to Domain Admin in a Windows network

USE CASE 3

Show a security team exactly which accounts or permissions to fix to close dangerous access pathways

Tech stack

PowerShell

Getting it running

Difficulty · hard Time to first run · 1h+

Requires an Active Directory environment to collect data from, no longer maintained, use BloodHound Community Edition for active security work.

In plain English

BloodHound is a security tool used by organizations and security testers to find dangerous hidden pathways in a Windows network. Most companies use a Microsoft system called Active Directory to manage who has access to what: user accounts, computers, shared folders, administrator rights. BloodHound maps out all the relationships between those accounts and permissions, then applies a technique called graph theory to find chains that an attacker could follow to gain admin control of the whole network, even through connections that no one realized existed. The name and tagline, Six Degrees of Domain Admin, riffs on the idea that you can reach any node in a network through a short chain of connections. BloodHound finds those chains automatically and visualizes them so a security team can see exactly where the risk is and what to fix. This particular repository is for version 4 of BloodHound, called BloodHound Legacy. The README states that this version was last updated in 2023 and is no longer maintained. The team behind it has replaced it with a free Community Edition hosted in a separate repository, and this legacy version will be archived. The tool was originally created by three security researchers and is now maintained by SpecterOps, the company that also offers a paid commercial product called BloodHound Enterprise. The enterprise version continuously monitors an organization's Active Directory environment in real time, while the community edition is more of an on-demand assessment tool. If you found this repository while looking for BloodHound, the README points directly to the current Community Edition and its installation instructions. The legacy code is still accessible for historical reference but should not be used for active security work.

Copy-paste prompts

Prompt 1

I'm analyzing BloodHound Legacy data. How do I import SharpHound collection results and run a Cypher query to find the shortest path from a specific user to Domain Admin?

Prompt 2

Using BloodHound's graph view, what Cypher queries identify all users who are Kerberoastable and have a path to Domain Admin through group membership or ACL abuse?

Prompt 3

Explain how BloodHound Community Edition differs from BloodHound Legacy version 4 and how to migrate existing collected data to the new version.

Prompt 4

What are the most critical Active Directory attack paths BloodHound detects, such as DCSync rights, unconstrained delegation, and AdminSDHolder abuse, and what does fixing each one require?

Open on GitHub → Explain another repo

← specterops on gitmyhub — every repo by this author, as a profile.

Verify against the repo before relying on details.