ToolsFebruary 9, 20261 min readby 0xt0pus

BloodHound

Active Directory relationship mapping and attack path visualization tool

#active-directory#windows#enumeration

BloodHound

Description

BloodHound is an Active Directory enumeration and attack path visualization tool. It maps out AD relationships and identifies attack paths to domain admin. bloodhound-python is the Python-based data collector that can be run from Linux.

Usage 1: Collect AD Data with bloodhound-python

Run bloodhound-python to collect all AD data and output as zip.

Command:

bloodhound-python -d hutch.offsec -dc hutchdc.hutch.offsec -u fmcsorley -p CrabSharkJellyfish192 -ns 192.168.153.122 -c all --zip

Usage 2: Collect AD Data via Proxychains

Command:

proxychains bloodhound-python -d tryhackme.loc -dc dc.tryhackme.loc -u svc.callback -p qvBVAj9avM3ykcbf9s -ns 10.200.150.10 -c all --dns-timeout 30 --zip --dns-tcp

Usage 3: Invoke-BloodHound (PowerShell Collector)

Run the PowerShell-based collector from within a Windows session.

Command:

Invoke-BloodHound -CollectionMethod All

Command (Save to zip):

Invoke-BloodHound -CollectionMethod All -ZipFilename hello.zip

Command (Stealth mode):

Invoke-BloodHound -Steatlh

Command (Exclude DCs):

Invoke-BloodHound -ExcludeDCs