This article describes the step-by-step process of deploying and using BloodHound Community Edition (CE).
Deploy BloodHound Community Edition
The first step is deploying the BloodHound CE application, this is the application to which you will upload collected data and explore attack paths.
Follow the article: Install BloodHound Community Edition with Docker Compose
BloodHound CE can analyze directory data collected by its collectors:
- SharpHound CE, collecting from Active Directory
- AzureHound CE, collecting from Entra ID (formerly Azure Active Directory)
The collectors are standalone binaries and can be obtained in a few ways:
- From BloodHound CE click ⚙️ → Download Collectors, and click the download button of a collector
- From the GitHub repositories:
- Building them from source, for details see the articles:
Run a collection
SharpHound can simply be run from a domain-joined Windows system, while AzureHound needs to be run with a few arguments. Read more about running collectors and their flags in the section BloodHound CE Collection.
# Run SharpHound CE
# Run AzureHound CE
C:\> AzureHound.exe --username "MattNelson@contoso.onmicrosoft.com" --password "MyVeryStrongPassword" --tenant "contoso.onmicrosoft.com" list
During collection, JSON files will be generated which will finally be compressed into a ZIP file.
Ingest data into BloodHound
BloodHound CE supports ingesting/uploading collected data in two ways:
- Through the BloodHound CE API endpoint '/api/v2/file-upload/', see Working with the BloodHound API
- Through the BloodHound CE GUI
- Click ⚙️ → Administration
- From the left menu under Data Collection, select File Ingest
- Click the button UPLOAD FILE(S)
- Either drag-drop the JSON files into the upload window, or click the upload window and select the JSON files from your file explorer
- NB: Currently only JSON files can be ingested to BloodHound CE, therefore you must first unpack the ZIP file generated by the collectors
Explore attack paths
On the "Explore" page you can explore attack paths in the graph.
For more information, see the following resources: