Getting started with BloodHound Community Edition

  • Updated

This article applies to BHCE

This article describes the step-by-step process of deploying and using BloodHound Community Edition (CE).

Deploy BloodHound Community Edition

The first step is deploying the BloodHound CE application, this is the application to which you will upload collected data and explore attack paths.

Follow the article: Install BloodHound Community Edition with Docker Compose

Collecting data

BloodHound CE can analyze directory data collected by its collectors:

  • SharpHound CE, collecting from Active Directory
  • AzureHound CE, collecting from Entra ID (formerly Azure Active Directory)

Download collectors

The collectors are standalone binaries and can be obtained in a few ways:

  1. From BloodHound CE click ⚙️ → Download Collectors, and click the download button of a collector
  2. From the GitHub repositories:
    1. SharpHound: https://github.com/BloodHoundAD/SharpHound/releases 
    2. AzureHound: https://github.com/BloodHoundAD/AzureHound/releases
  3. Building them from source, for details see the articles:
    1. SharpHound Community Edition
    2. AzureHound Community Edition

Run a collection

SharpHound can simply be run from a domain-joined Windows system, while AzureHound needs to be run with a few arguments. Read more about running collectors and their flags in the section BloodHound CE Collection.

# Run SharpHound CE
C
:\> SharpHound.exe
# Run AzureHound CE
C
:\> AzureHound.exe
--username "MattNelson@contoso.onmicrosoft.com" --password "MyVeryStrongPassword" --tenant "contoso.onmicrosoft.com" list

During collection, JSON files will be generated which will finally be compressed into a ZIP file.

Ingest data into BloodHound

BloodHound CE supports ingesting/uploading collected data in two ways:

  1. Through the BloodHound CE API endpoint '/api/v2/file-upload/', see Working with the BloodHound API
  2. Through the BloodHound CE GUI
    1. Click ⚙️ → Administration
    2. From the left menu under Data Collection, select File Ingest
    3. Click the button UPLOAD FILE(S)
    4. Either drag-drop the files into the upload window, or click the upload window and select the files from your file explorer
      • NB: BloodHound CE accepts either .zip archives or JSON files, with no size limit. Your browser's ability to package the uploaded file is a limiting factor in uploading large datasets directly through the UI, however.

Explore attack paths

On the "Explore" page you can explore attack paths in the graph.

For more information, see the following resources: