Skip to content

Add BH CE Support for DPAT #54

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
almart wants to merge 5 commits into
base: master
Choose a base branch
from
Open

Add BH CE Support for DPAT #54

almart wants to merge 5 commits into from

Conversation

@almart
Copy link

@almart almart commented Aug 18, 2025
edited
Loading

This pull request introduces support for BloodHound Community Edition (BHCE) as an alternative backend to the legacy Neo4j database, with accompanying documentation and a new client implementation. It updates the README.md to explain backend selection, environment variables, and usage examples for both Neo4j and BHCE. A new file, bhce_client.py, leveraging REST client for BHCE with authentication, Cypher query, and user management capabilities. Additionally, a Cypher catalog is added to help migrate Neo4j queries to BHCE.

Note: This was heavily vibe coded during a weekend, I performed some tests and there are some missing components, but main goal was to get DPAT working with BH CE. I did not want to overwrite legacy BH support since I imagine some are still using this.

BHCE Backend Support and Documentation

  • Updated README.md to document backend selection between legacy Neo4j and BHCE, including supported modules, environment variables, and CLI flags for BHCE authentication. Usage examples for both backends are provided. [1] [2] [3]

New BHCE REST Client Implementation

  • Added bhce_client.py, a comprehensive REST client for BHCE that supports login, user info retrieval, Cypher queries, and property updates, enabling direct interaction with the BHCE API from Python.

Migration Support for Neo4j Queries

  • Created wiki/bh-legacy-cypher-catalog.md to catalog all Cypher queries used in the project, aiding migration and compatibility efforts with BHCE.

Testing Performed

  • Used latest version of BloodHound CE and imported test data (provided by SpecterOps)
  • Generated a DPAT report with BHCE module
  • Ensured nodes were properly updated with notes, passwords, and hashes
image

DPAT Issues

  • Need to map Administrators/EA/other groups
  • Perform additional testing for HTML reports via BHCE
  • Implement Cypher Queries or leverage supported API calls from BHCE

almart added 5 commits August 17, 2025 18:32
@almart
feat(bhce): add backend scaffold and flags; catalog all legacy Cypher…
1d1fbf3 
… in wiki; add BHCE client stub and README notes
@almart
Add BloodHound CE (BHCE) support and refactor authentication handling
ad9ff68 
- Introduced BHCEClient for interacting with BloodHound CE API.
- Updated environment variable handling for BHCE credentials (user, secret, OTP, cookie, and insecure flag).
- Refactored `do_test` and `mark_owned` functions to support BHCE backend.
- Enhanced user property updates for marking as owned and high value in BHCE.
- Implemented user querying and password handling for BHCE.
- Added functionality to clear user attributes and manage cracked passwords in BHCE.
- Updated command-line arguments to include BHCE-specific options.
- Improved error handling and response checks for BHCE interactions.
@almart
fix: correct column reference in get_info and update error message fo…
690af3a 
…r BloodHound CE connection
@almart
refactor: remove cookie handling from BHCE client and update README f…
f5ea9f9 
…or BHCE support
@almart
feat(bhce): add user retrieval methods and enhance NTDS parsing logic
c2e569c
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@almart