BashHound is a BloodHound data collector written in Bash, inspired by RustHound and SharpHound. It is designed to be compatible with Linux. It generates all the JSON files that can be analyzed by BloodHound.
BashHound was created as a technical challenge rather than for real-world use. Although the tool works, it is incomplete and not fully functional for advanced usage. Updates will be released regularly to improve it and make it increasingly functional.
bashhound -d <domain.local> -u <user> -p <password> -s <dc.domain.local> -c, --collection METHOD
Collection Methods:
All - Collects all data (default)
DCOnly - Collects only from the DC (no sessions)
Session - Collects only sessions
Trusts - Collects only trusts
ACL - Collects only ACLs
Group - Collects only group memberships
--zip-only Deletes JSON files after creating the ZIP file
--port PORT LDAP port (default: 389 for LDAP, 636 for LDAPS)
--ldaps Use LDAPS (TLS) - equivalent to --port 636
--no-tls Force LDAP without TLS even on port 636
All tests were carried out on the DarkZero machine on Hack The Box. “TODO” notes have been added to the code to make it compatible with any server.
- RustHound - BloodHound collector written in Rust
- SharpHound - Official BloodHound collector written in C#
- BloodHound - Active Directory relationship analysis tool
Made with Bash