Custom Queries - Brought Up to BH4.1 syntax.
A combination of custom cypher queries from various sources for Bloodhound, added categories to match newest version of BH. Some queries are straight from sources below however others are curated from all over. If you have others to add, just open a pull request and add the thanks to the list.
Copy the customqueries.json into the respective paths on your OS:
Windows:
%APPDATA%\bloodhound\customqueries.json
This translates to C:\Users\<USERNAME>\AppData\Roaming\bloodhound\customqueries.json.
PowerShell:
$env:APPDATA\bloodhound\customqueries.jsonCommand to copy the file to the correct location:
copy customqueries.json %APPDATA%\bloodhound\customqueries.jsonPowerShell command:
Copy-Item -Path .\customqueries.json -Destination "$env:APPDATA\bloodhound\customqueries.json"Linux/macOS:
~/.config/bloodhound/customqueries.jsonThe BloodHound application will automatically look for custom queries in this location when it starts up, so placing your JSON file there will make the queries available in the BloodHound interface.
- Azure Queries
- Ryan Hausknecht
- Additional Azure Queries - Matt Powell
- Certipy Certificate Queries - Oliver Lyak
- OS Version Queries + LAPS
- MyExploit2600, Updated queries also merged in (https://twitter.com/myexploit2600/status/1529547082494881792)