TaskHound v1.0.0
Major Features
BloodHound OpenGraph Integration
- New: Full BloodHound Community Edition (BHCE) OpenGraph support for visualizing scheduled tasks as attack paths
- New: Automatic upload of task relationships to BloodHound CE
- New: Task nodes with
HasTaskWithStoredCredsandRunsAsrelationships for attack path analysis - New:
--bh-opengraphflag to enable OpenGraph generation and upload - New:
--bh-no-uploadflag to generate OpenGraph files without uploading
DPAPI Credential Decryption
- New: Decrypt stored credentials from scheduled tasks using DPAPI
- New:
--lootflag for automatic credential extraction - New:
--dpapi-keysupport for offline decryption - New: Comprehensive credential parsing and masterkey handling
Enhanced BloodHound Integration
- New: Live BloodHound CE connector with REST API queries
- New: Query high-value users directly from BloodHound database
- New: Unified
connectorconfiguration field supporting both BHCE and Legacy - New: Token-based authentication for BHCE API
Password Analysis Improvements
- New: Password freshness analysis using task creation dates
- New: Fallback to trigger StartBoundary when creation date unavailable
- New: Warning messages when using fallback dates for analysis
- New: Enhanced password age comparison logic
Enhancements
SID Resolution
- Enhanced: Impacket LDAP integration for NTLM hash authentication
- Enhanced: Multi-level SID lookup chain (BloodHound → LDAP → Well-known)
- Enhanced: Support for
--ldap-userand--ldap-passwordfor dedicated LDAP credentials - Enhanced: NTLM hash support with
--hashesflag
Cross-Domain Detection
- Fixed: False positive cross-domain task detection with FQDN domain prefixes
- Fixed: Case-insensitive domain comparison
- Enhanced: Short domain name extraction from FQDN for accurate matching
Command-Line Interface
- New:
--targets-filefor bulk target scanning - New:
--offline-dirfor offline XML analysis - New:
--bh-configfor custom BloodHound configuration file path - Enhanced: Better error messages and validation
- Enhanced: Comprehensive argument validation with conflict checking
Testing & Quality
Test Suite
- New: Comprehensive pytest test suite with 14 test files
- New: Live integration tests for real environment testing
- New: Unit tests for parsers, CLI args, and core logic
- New: Test fixtures and configuration examples
- New: GitHub Actions CI/CD workflow
Development Tooling
- New: Makefile with common development tasks
- New: Ruff configuration for linting and formatting
- New: pytest configuration with coverage reporting
- New: Development requirements file
Documentation
- Enhanced: Comprehensive README with OpenGraph usage examples
- Enhanced: Configuration examples for BloodHound connector
- Enhanced: Cypher query examples for BloodHound analysis
- New: Test data documentation and fixtures
- New: Live test configuration examples
Bug Fixes
- Fixed false positive cross-domain detection (FQDN vs short name)
- Fixed password analysis not running when creation date missing
- Fixed Python version requirement (3.11+)
- Fixed package installation for CI/CD
Dependencies
- Impacket >= 0.11.0 (NTLM hash support)
- ldap3 >= 2.9.0 (LDAP operations)
- pycryptodome >= 3.15.0 (DPAPI decryption)
Breaking Changes
- Minimum Python version raised to 3.11+
- ldap3 replaced with Impacket LDAP for some operations
- BloodHound config format updated (use
connectorfield)
Migration Guide
From 0.9.x to 1.0.0
- Update Python version: Ensure Python 3.11 or higher
- Update dependencies:
pip install -r requirements.txt - Update BloodHound config: Use new
connectorfield format:[BloodHound] connector = http://127.0.0.1:8080 # New unified format type = bhce
- Enable OpenGraph: Add
--bh-opengraphflag to upload tasks to BloodHound
Credits
- Community Contributors: Thanks to all testers and feedback providers!
Resources
Full Changelog: v0.9.0...v1.0.0