SharpHound Data Collection (PowerShell)
The standard PowerShell ingestor used to collect AD objects and relationships from a Windows target.
.\SharpHound.exe -c All --zipfilename {{filename}}.zipBloodHound-Python Ingestor (Linux)
The Python version of SharpHound for collecting AD information directly from a Linux-based attacker machine.
bloodhound-python -d {{domain}} -u {{user}} -p {{password}} -ns {{dc_ip}} -c allBloodHound GUI - Service Setup
Initialize and start the Neo4j database and the BloodHound interface on the attacker machine.
sudo neo4j start
# Launch BloodHound application from GUI or command lineAnalyzing Attack Paths
Query the BloodHound interface to find paths to Domain Admin or identify the shortest paths from a compromised user.
Shortest Paths to Domain Admins
Shortest Path from Owned User
Find Principals with DCSync RightsDescription
BloodHound uses graph theory to reveal hidden and often unintended relationships within an Active Directory environment. It is used in PNPT for mapping complex attack paths, identifying high-privilege accounts, and finding strategic lateral movement opportunities that are not easily visible with standard enumeration.