Setup BloodHound tool on Windows and enumerate Active Directory Objects

  • It identifies different attack paths in Active Directory , maps access control lists (ACLs), users, groups, trust relationships and unique AD objects.


•BloodHound is supported by Linux, Windows, and MacOS. Bloodhound is built on neo4j and depends on it. Neo4j is a graph database management system, which uses NoSQL as a graph database.

  • Open Neo4j Folder and run the Neo4j database for the use of Bloodhound


•Inorder to collect the data of Active Directory, should use Ingestiors like Sharphound and Powershell Script that is given in Bloodhound


Trusts — Enumerates the domain trusts for the specified target domain

  • Once the command successfully executed it gives you a zip folder , Import the zip in the Bloodhound
  • Bloodhound has some default Queries which gives you understanding objects of Domain

Custom Queries Usage

•Custome Queries can also use to query the database

  • The command is intended for the graph/GUI or console. For the console, it means they cannot be executed via Bloodhound GUI and must be done via the neo4j console.




Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store