Skip to content

CyberCX-STA/blade

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
cmd
cmd
 
 
helper
helper
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

Blade

Blade is a command-line tool designed to interact with BloodHound CE using the bloodhound-go-sdk, which is a community edition of BloodHound. It provides a user-friendly interface for querying, injecting, and managing data within the BloodHound CE database.

Features

  • Generate API token and save it into a configuration file (~/.config/blade/config.yaml or ~/blade/config.yaml)
  • Inject bloodhound.zip to Bloodhound CE
  • Queries:
    • List Domains
    • List domain administrators
    • List kerberostable users
    • List as-rep roasting users
    • List enabled principal(s) with 'Unconstrained Delegation'
    • List principals that can perform ESC1, ESC3, ESC4, ADSC6a, ADCS6b, ADCS9a, ADCS9b, ADCS10a, ADCS10b, ADCS13 attacks
    • List enabled principal(s) with 'Unconstrained Delegation'
    • List Entities with 'Constrained Delegation'
    • Find Users /Groups with direct access to GPOs
    • Find users that belong to high value groups
    • Find users that can change password
    • Cross Domain group memberships
    • List of privileged users sessions that are not in the protected group
  • Enumarate
    • List Members of a Group
    • Users:
      • RDP Rights
      • Group Memberships
      • Sessions
      • PowerShell Remote Rights
      • List of Principals a user can control
  • Owned entities:
    • Add own entity
    • List own Entities
    • Get informations about the owned entities:
      • RDP Rights
      • Group Memberships
      • Sessions
      • PowerShell Remote Rights
      • List of Principals a user can control
  • Download sharphound and azurehound.
  • Inject custom queries from a file or URL
  • Delete custom queries
  • Clear Bloodhound CE database
  • Run Neo4j queries

Install

Prerequisites

  • Go 1.23.2 or higher
  • Access to a BloodHound CE instance

Build from Source

git clone https://github.com/CyberCX-STA/blade.git
cd blade
# For Linux
make build-linux
# For Windows
make build-windows

For Linux

The configuration file can be found in the following directory:

~.config/blade/config.yaml

The contents should match the following format:

api_token_id: <api_token>
api_token_key: <api_key>
bloodhound_server: http://localhost:8080
neo4j_password: bloodhoundcommunityedition
neo4j_server: neo4j://localhost:7687
neo4j_username: neo4j

For Windows

The configuration file can be found in the following directory:

~/blade/config.yaml

Usage

Note: For the tool to run smoothly the generation of an API key is needed

Generate API Tokens

# Login and create a new API token
blade generate -u <username> -p <password> --create --name <token_name>

# Login and list existing API tokens
blade generate --list

Inject bloodhound.zip

# Inject a local Bloodhound zip file
blade inject bloodhound.zip

Add custom queries

# Inject custom queries from a GitHub raw URL
blade add -u <raw github url>

# Inject custom queries from a local file
blade add -f customqueries.json

# Delete saved custom queries
blade add -d

Clear Bloodhound CE database

blade clear

Enumerate various user and group information from Bloodhound CE

# Get user RDP rights
blade enum --rdp <username> --domain <domain>

# Get list of principals a user can control
blade enum --controlp <username> --domain <domain>

# List group membership of a domain user
blade enum --user <username> --domain <domain>

# List members of a group
blade enum --group <groupname> --domain <domain>

# List users sessions
blade enum --sessions <username> --domain <domain>

# List users powershell remote rights
blade enum --psremote <username> --domain <domain>

# Save output in markdown format
blade enum --user <username> --domain <domain> --markdown --file output.md

# Save output in CSV format
blade enum --group <groupname> --domain <domain> --csv --file output.csv

Perform specific queries

#List all domains
blade query --listdomains

#List all domain admins
blade query --domainadmins

#List all enabled kerberostable users
blade query --kerberostable

#List all enabled AS-REP roasting users
blade query --asrep

#List enabled principals with unconstrained delegation
blade query --unconstrain

#Find users that belong to high value groups
blade query --hiusersHVG

# List Entities with 'Constrained Delegation'
blade query --constrain

# Find Users /Groups with direct access to GPOs
blade query --usergtogpo

# Find Users that can change password
blade query --userscanchangep

# Cross Domain group memberships
blade query --crossdomainsgroupmembership

# List of privileged users sessions that are not in the protected group
blade query --sessionspriv

# Run all queries
blade query -x

Mark an entity as owned and

# to add an owned entity
blade own -e <entity> -d <domain>

# to list owned entities
blade own -l

# To retrieve detailed information about owned entities
blade own -i

Run neo4j queryies

# run neo4j query
blade neo4j -q <query>

Contact

D3m0cr1tusGR

License

GNU GPL Version 3

About

No description, website, or topics provided.

Resources

Readme

License

GPL-3.0 license
Activity
Custom properties

Stars

2 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages