explaingit

specterops/jamfhound

Analysis updated 2026-07-18 · repo last pushed 2026-04-23

134PythonAudience · ops devopsComplexity · 4/5MaintainedSetup · moderate

TLDR

JamfHound connects to Jamf Pro Apple device management and exports permission data as JSON for BloodHound, helping security teams visualize who can access what across managed Macs and find hidden attack paths.

Mindmap

mindmap
  root((repo))
    What it does
      Maps Jamf Pro permissions
      Finds attack paths
      Exports JSON data
    Tech stack
      Python
      BloodHound
      Jamf Pro API
      Okta integration
    Use cases
      Security auditing
      Red team assessment
      Privilege escalation checks
    Audience
      IT security teams
      Auditors
      Red team operators
    Setup
      Needs BloodHound instance
      Python 3.12 plus
      Manual config required

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Audit an organization's Jamf Pro setup to find overly permissive accounts that could let someone take over managed Macs.

USE CASE 2

Run a red team engagement to discover privilege escalation paths from a low-level Jamf account to full control of managed computers.

USE CASE 3

Verify during a compliance review that no hidden administrative paths exist across a Jamf Pro tenant.

USE CASE 4

Bridge Jamf Pro permission data with Okta identity management to visualize cross-platform access relationships in BloodHound.

What is it built with?

PythonBloodHoundJamf Pro APIOkta

How does it compare?

specterops/jamfhoundlynote-ai/ai-detector-skillrss3208/visiomaster
Stars134134134
LanguagePythonPythonPython
Last pushed2026-04-23
MaintenanceMaintained
Setup difficultymoderateeasyhard
Complexity4/52/53/5
Audienceops devopsgeneralresearcher

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · moderate Time to first run · 1h+

Requires a running BloodHound instance, Python 3.12+, and manual configuration of Jamf Pro connection details within the code.

No license information was provided in the explanation, so usage rights are unknown.

In plain English

JamfHound is a security tool that maps out the permissions and relationships inside a Jamf Pro environment. Jamf Pro is a popular platform that IT teams use to manage fleets of Apple devices. By connecting to Jamf Pro and extracting data about accounts, computers, groups, and policies, this tool reveals how permissions are structured and identifies potential "attack paths", chains of access that could let someone gain control or run code on managed machines. The tool works by logging into a Jamf Pro instance using provided credentials, ideally an "auditor" account with broad read-only access. It gathers information about the environment and outputs that data as JSON files. These files are designed to be fed into BloodHound, a widely used security visualization tool. Once imported, BloodHound displays a visual map showing who has access to what and how different objects are connected, making it easier to spot overly permissive configurations or hidden risks. The primary users are IT security teams, auditors, and red team operators who need to assess the security posture of an organization's Apple device management setup. For example, a security analyst might use this tool to see if a low-level Jamf account can escalate privileges to take over a managed computer, or an auditor might use it to verify that no unnecessary administrative paths exist across the tenant. It works with both cloud-hosted and on-site Jamf Pro installations and can also bridge data with Okta identity management systems. The project originated as a proof-of-concept during a 24-hour hackathon at SpecterOps but has since been developed into a community-maintained tool. Notably, some of its earlier standalone features for querying individual accounts or devices are deprecated, meaning they still function but are no longer actively supported. The developers recommend using a separate project called Eve for those targeted enumeration tasks, keeping this tool focused on generating data for BloodHound visualization. Setting it up requires some technical comfort, as users need a running BloodHound instance, Python 3.12 or newer, and must manually configure connection details within the code. The team notes that future improvements are planned, including multi-threading to speed up data collection and enhanced error handling.

Copy-paste prompts

Prompt 1
I have JamfHound output JSON files from scanning my Jamf Pro environment. Help me import them into BloodHound and interpret the attack paths shown in the graph for my IT security audit report.
Prompt 2
I need to set up JamfHound to connect to my Jamf Pro instance using an auditor account with read-only access. Walk me through configuring the connection details and running the data collection to produce BloodHound-compatible JSON files.
Prompt 3
I ran JamfHound against my Jamf Pro tenant and imported the results into BloodHound. Help me identify which nodes represent privilege escalation risks and suggest remediation steps for each attack path found.
Prompt 4
Compare JamfHound with Eve for Jamf Pro enumeration, when should I use each tool, and how do their outputs differ for security assessment workflows?

Frequently asked questions

What is jamfhound?

JamfHound connects to Jamf Pro Apple device management and exports permission data as JSON for BloodHound, helping security teams visualize who can access what across managed Macs and find hidden attack paths.

What language is jamfhound written in?

Mainly Python. The stack also includes Python, BloodHound, Jamf Pro API.

Is jamfhound actively maintained?

Maintained — commit in last 6 months (last push 2026-04-23).

What license does jamfhound use?

No license information was provided in the explanation, so usage rights are unknown.

How hard is jamfhound to set up?

Setup difficulty is rated moderate, with roughly 1h+ to a first successful run.

Who is jamfhound for?

Mainly ops devops.

Open on GitHub → Explain another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.