Cypherhound a HTML3
terminal program that includes 260+ Ne4j
Cyphers data sets for BloodHound.
Why?
BloodHound
has been a standard tool for all red teamers. Its design has some downsides. This article will address the most pressing issues I have encountered and how this tool can help.
-
My tools work in lists. Until my tools can parse JSON graphs exported JSON graphs into JSON graphs I require graph results in line-by-line
format
file - This plays into the second, but does it make sense to describe this one?
- Diagrams are not always easy to draw. The information in any graph may help us as attackers and we require to be able to efficiently view all data.
- It is tedious to manually run custom cyphers. Let’s automate this!
The tool is also useful for blue teams, which can reveal more information about Active Directory environments.
These are the features
With Cypherhound
, you can take back control over your BloodHound
information!
-
As of the date, 264 Cyphers
- You can set cyphers that will search for users based on input (user, group and computer-specific).
- Regex parameters that can be customized by the user
-
Exporting all results according to user-definable criteria
- The default export is the end object that will be used to create a target list for tools.
-
Raw export option available in
grep/cut/awk
-friendly format
Installation
You must have Python3
installed before you can run it:
Python3 --m pip install --r requirements.txt
Use
Get started with the following:
python3 cypherhound.py -u -p
Commands
Below is the complete command menu
Command Menu set - used to set search parameters for cyphers, double/single quotes not required for any sub-commands sub-commands user - the user to use in user-specific cyphers (MUST include @domain.name) group - the group to use in group-specific cyphers (MUST include @domain.name) computer - the computer to use in computer-specific cyphers (SHOULD include .domain.name or @domain.name) regex - the regex to use in regex-specific cyphers example set user [email protected] set group domain [email protected] set computer dc01.domain.local set regex .*((?i)web). *run - Used to execute cyphers parameter cypher numbers. This is used to display the help menu.
Important Notes
-
This program uses the default
Neo4j
data andURI
. -
Constructed for
BloodHound.2.0
. Some edges won’t work in previous versions -
Windows
must be runningpip3 pyreadline3
-
Because of their variable number of nodes, the shortest paths to export are identical (
Raw
or otherwise).
Future Goals
-
Add cyphers for
Azure
edges
Help and Questions
Be descriptive about any issues that you choose to address and, if necessary, provide an output.