Skip to content

szymex73/bloodhound-convert

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits

bloodhound_convert

bloodhound_convert

 
 

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

bloodhound-convert.py

bloodhound-convert.py

 
 

setup.py

setup.py

 
 

Repository files navigation

bloodhound-convert

Python based Bloodhound data converter from the legacy pre 4.1 (v3 format, older formats are not supported (yet?)) format to 4.1+ format

NOTE
While I've tested this on multiple dumps of mine and they seemed to work fine, I don't expect all the Bloodhound queries to work correctly on this so keep this in mind.

Installation

The tool can be installed manually by cloning this repository and running the setup file:

git clone https://github.com/szymex73/bloodhound-convert
cd bloodhound-convert

# For a global install
python setup.py install

# For a local install
python setup.py install --user

Usage

Project can be used with or without installing it on the system.

With installation the project installs a module and can be either accessed through the global bloodhound-convert script or through python -m bloodhound_convert. Without installation it can be used by cloning the repository and running the bloodhound-convert.py python script.

Usage is as follows:

bloodhound-convert input output

Where the arguments are:

  • input is either a bloodhound data zip file, or a directory containing bloodhound json data files
  • output is either a zip filename for the data to be bundled into, or a directory for the json files to be saved in (NOTE: the directory has to exist)

Why?

As I go back to previous bloodhound dumps from various ctf boxes and/or labs I've done I have to switch between the new version and the pre 4.1 version because of the data format change. This is both tedious and annoying, especially since the old version stopped working on my machine :).
So to fix this I made this to convert my old bloodhound dumps into the new format so I can use a single version until the format changes again.

TODO?

Maybe make this into an actual ingestor so it pushes data straight into neo4j? Most likely not but who knows.
Even though Bloodhound ingests the data fine, it seems to quietly throw errors when importing the computer objects into the DB, doesn't seem to cause problems but might be worth investigating.

Acknowledgements

I've used the BloodHound.py project as a rough guide on how to do the format conversion, specifically the commits used to make it compatible with the new 4.1+ format.

About

Python based Bloodhound data converter from the legacy pre 4.1 format to 4.1+ format

Topics

bloodhound bloodhoundad

Resources

Readme

License

MIT license
Activity

Stars

46 stars

Watchers

1 watching

Forks

3 forks
Report repository

Languages