ldapdomaindump icon indicating copy to clipboard operation
ldapdomaindump copied to clipboard

Published 20 hours ago verified publisher icon dirkjanm

Converter for BloodHound 2.0

Open dirkjanm opened this issue 6 years ago • 5 comments

BloodHound 2.0 and newer uses JSON as format, while the convert utility still outputs CSV's. I'm not sure how many people use this feature but it would be good to support the new format.

dirkjanm avatar Dec 09 '18 19:12 dirkjanm

I use this feature. I have many cases where running bloodhound isn't possible because of various limitations and this tool is a lifesaver.

n00py avatar Dec 04 '19 23:12 n00py

Thanks for the feedback, any reason why running bloodhound.py isn't possible? It uses the same techniques as ldapdomaindump just more efficiently and should work in the same cases.

dirkjanm avatar Dec 05 '19 10:12 dirkjanm

I had a kind of rare edge case where LDAP traffic was allowed, but SMB traffic was blocked. Bloddhound.py would try to connect to 15,000 computers and it kept timing out until the process just crashed.

n00py avatar Dec 05 '19 17:12 n00py

That is only if you use the default collection methods. If you don't specify any methods that require connections to computers (such as session/localadmin) it will only connect to the DC and gather more information than ldapdomaindump does.

dirkjanm avatar Dec 06 '19 11:12 dirkjanm

That makes total sense. Thanks!

n00py avatar Dec 06 '19 15:12 n00py