BloodHound.py is a Python based ingestor for BloodHound, based on Impacket.

This tool is currently in Beta and should not be considered feature-complete or fully stable.

BloodHound.py currently has the following limitations:

• Currently only single domain compatible (this affects mostly user sessions). This includes logging in cross-domain.
• Only supports default BloodHound (SharpHound) features, so only Groups, Admins and Sessions. (trusts still need to be added)
• Name, command line parameters and features may change in the future
• Kerberos support is mostly untested
• The script is currently single-threaded

You can install the ingestor via pip with pip install bloodhound, or by cloning this repository and running python setup.py install, or with pip install .. BloodHound.py requires impacket and dnspython to function.

The installation will add a command line tool bloodhound-python to your PATH.

To use the ingestor, at a minimum you will need credentials of the domain you're logging in to. You will need to specify the -u option with a username of this domain. If you have your DNS set up properly and the AD domain is in your DNS search list, then BloodHound.py will automatically detect the domain for you. If not, you have to specify it manually with the -d option.

By default BloodHound.py will query LDAP and the individual computers of the domain to enumerate users, computers, groups, sessions and local admins. To disable some checks, see the options.