plumhound / plumhound Goto Github PK

Bloodhound for Blue and Purple Teams

License: GNU General Public License v3.0

CSS 0.14% HTML 4.21% Python 95.65%

active directory blueteam purpleteam bloodhound bloodhoundad infosec active-directory bloodhoundad-cypher-queries purple-teams

plumhound's Introduction

PlumHound - BloodHoundAD Report Engine for Security Teams

Released as Proof of Concept for Blue and Purple teams to more effectively use BloodHoundAD in continual security life-cycles by utilizing the BloodHoundAD pathfinding engine to identify Active Directory security vulnerabilities resulting from business operations, procedures, policies and legacy service operations.

PlumHound operates by wrapping BloodHoundAD's powerhouse graphical Neo4J backend cypher queries into operations-consumable reports. Analyzing the output of PlumHound can steer security teams in identifying and hardening common Active Directory configuration vulnerabilities and oversights.

Release and call to Action
Background
Sample Reports
PlumHound Examples
Database Connection
HTML Report Design Output and Variables
TaskList Files
- TaskList File Syntax
- TaskList Sample: default.tasks
Execution Modes
Additional Modules
- Report Indexer Moodule
  - Report Indexer Task Syntax
- TaskZipper Module
  - TaskZipper Task Syntax
Logging
Hat-Tips & Acknowledgments
Presentations
Installation Requirements
Environment Setup Instructions
Known Issues
Collaboration
License
Additional Inclusions:

Release and call to Action

The initial PlumHound code was released on May 14th, 2020 during a Black Hills Information Security webcast, A Blue Teams Perspective on Red Team Tools. The webcast was recorded and is available on YouTube. A Blue Team's Perspective on Red Team Tools.

The PlumHound Framework yields itself to community involvement in the creation and proliferation of "TaskLists" (work) that can be shared and used across different organizations. TaskLists contain jobs for PlumHound to do (queries to run, reports to write). A second PlumHound community repo has been created to allow for the open sharing of TaskLists (see Plumhound-Tasks)

Looking for more tasks and templates? Checkout PlumHound-Tasks for the community driven marketplace of PlumHound reporting taskslists and report designs

Background

A client of ours working on hardening their Active Directory infrastructure asked us about vulnerabilities that can be found by using BloodHound. They had heard of the effectiveness of BloodHoundAD in Red-Team's hands and was told that BloodHound would identify all types of security mis-alignments and mis-configurations in their Active Directory environment. We helped them through analysis of their BloodHound dataset and it became quickly evident that BloodHoundAD's pathfinding graphical database was not designed for the fast-passed analytical security team accustom to reading reports and action items.

In fact, one of our cypher queries determined that 96% of their 3000 users had a path to Domain Admin with an average of just 4 steps. However, that graphical query rendered over 10,000 paths to Domain Admin. Finding the actual cause of the short-paths to DA wasn't as easy as just loading data into BloodHound or putting Cobalt Strike on Auto-Pilot with BloodHound Navigation.
Hence, PlumHound was created out of a need to retrieve consumable data from BloodHoundAD's pathfinding engine. Data that could yield itself to inferring actionable work for security teams to harden their environments.

Sample Reports

Sample reports are no longer included within the repository. However, the default tasks tasklist will produce reports with ease. Here are a sample of some less-exciting reports generated from a small lab environment.

PlumHound Examples

Use the default username, password, server, and execute the "Easy" task, to test connectivity. This will output all Active Directory user objects from the Neo4J database.

python3 PlumHound.py --easy

Default Task List and Default Credentials

Execute PlumHound with the Default TaskList using Default Credentials (neo4j:neo4jneo4j) and Database.

python3 PlumHound.py -x tasks/default.tasks

Default Task List, Specified Neo4j Server and Quiet Output

The same, but quiet the output (-v 0), specify the Neo4J server, username, and password instead of using defaults.

python3 PlumHound.py -x tasks/default.tasks -s "bolt://127.0.0.1:7687" -u "neo4j" -p "neo4jneo4j" -v 0

Path Analyzer (BlueHound Module)

Option #1

Using label. The supported labels are User, Group, Computer, OU and GPO. This function will assume the target group is "DOMAIN ADMINS".

python3 PlumHound.py -ap user

NOTE: The above syntax implies you are using the default values for sever, user and password or that you have hard-coded them in the script.

Option #2

specify start node and end node

python3 PlumHound.py -ap "domain [email protected]" "domain [email protected]"

NOTE: To use BlueHound Path Analyzer logic you need to get a copy of the Python script from https://github.com/scoubi/BlueHound

Busiest Path (BlueHound Module)

The Busiest Path(s) function takes two parameters

Busiest Shortest Path to DA

Find the shortest path that give users Domain Admin (top 5)

PlumHound.py -bp short 5

Busiest All Path to DA

Find the busiest path irregardless of length (top 5) to give users Domain Admin

PlumHound.py -bp all 5

Detailed PlumHound Syntax

usage: PlumHound.py [-h] [-s SERVER] [-u USERNAME] [-p PASSWORD] [--UseEnc]
                    (--easy | -x TASKFILE | -q,--QuerySingle QUERYSINGLE | -bp,--BusiestPath BUSIESTPATH [BUSIESTPATH ...] | -ap,--AnalyzePath ANALYZEPATH [ANALYZEPATH ...])
                    [-t TITLE] [--of OUTFILE] [--op PATH] [--ox {stdout,HTML,CSV}] [--HTMLHeader HTMLHEADER] [--HTMLFooter HTMLFOOTER] [--HTMLCSS HTMLCSS]
                    [-v VERBOSE]

BloodHound Wrapper for Blue/Purple Teams; v01.070a

optional arguments:
  -h, --help            show this help message and exit
  --easy                Test Database Connection, Returns Domain Users to stdout
  -x TASKFILE, --TaskFile TASKFILE
                        Specify a PlumHound TaskList File
  -q,--QuerySingle QUERYSINGLE
                        Specify a Single Cypher Query
  -bp,--BusiestPath BUSIESTPATH [BUSIESTPATH ...]
                        Find the X Shortest Paths that give the most users a path to Domain Admins. Need to specified [short|all] for shortestpath and the
                        number of results. Ex: PlumHound -bp all 3
  -ap,--AnalyzePath ANALYZEPATH [ANALYZEPATH ...]
                        Analyze 'Attack Paths' between two nodes and find which path needs to be remediated to brake the path.

DATABASE:
  -s SERVER, --server SERVER
                        Neo4J Server
  -u USERNAME, --username USERNAME
                        Neo4J Database Useranme
  -p PASSWORD, --password PASSWORD
                        Neo4J Database Password
  --UseEnc              Use encryption when connecting.

OUTPUT:
  Output Options (For single cypher queries only. --These options are ignored when -x or --easy is specified.

  -t TITLE, --title TITLE
                        Report Title for Single Query [HTML,CSV,Latex]
  --of OUTFILE, --OutFile OUTFILE
                        Specify a Single Cypher Query
  --op PATH, --OutPath PATH
                        Specify an Output Path for Reports
  --ox {stdout,HTML,CSV}, --OutFormat {stdout,HTML,CSV}
                        Specify the type of output

HTML:
  Options for HTML Output (For single queries or TaskLists

  --HTMLHeader HTMLHEADER
                        HTML Header (file) of Report
  --HTMLFooter HTMLFOOTER
                        HTML Footer (file) of Report
  --HTMLCSS HTMLCSS     Specify a CSS template for HTML Output

VERBOSESet verbosity:
  -v VERBOSE, --verbose VERBOSE
                        Verbosity 0-1000, 0 = quiet

For more information see https://plumhound.DefensiveOrigins.com

Database Connection

PlumHound needs to connect to the Neo4J graphing database where BloodHoundAD data was loaded.

DATABASE:
  -s SERVER, --server SERVER
                        Neo4J Server
  -u USERNAME, --username USERNAME
                        Neo4J Database Useranme
  -p PASSWORD, --password PASSWORD
                        Neo4J Database Password
  --UseEnc              Use encryption when connect

PlumHound paramters are set by default. You can override the default by including the argument.

Argument/Parameter	Default
SERVER	bolt://localhost:7687
USERNAME	neo4j
PASSWORD	neo4jneo4j

HTML Report Design Output and Variables

HTML output includes the ability to use HTML Headers, Footers, and CSS to modify the design of the report. Additionaly, variables can be added to the HTML Header and Footer files that are replaced at runtime.

HTML:
  Options for HTML Output (For single queries or TaskLists

  --HTMLHeader HTMLHEADER
                        HTML Header (file) of Report
  --HTMLFooter HTMLFOOTER
                        HTML Footer (file) of Report
  --HTMLCSS HTMLCSS     Specify a CSS template for HTML Output

Argument/Parameter	Default
HTMLHeader	templates/head.html
HTMLFooter	templates/tail.html
HTMLCSS	templates/html.css

Variable	Output
--------PH_TITLE-------	Report Tile from --Title or TaskList/Job
--------PH_DATE-------	Python date.today()

This allows the HTML output to be dynamic and tailored to your specification.

TaskList Files

The PlumHound Repo includes a sample TaskList that exports some basic BloodHoundAD Cypher queries to an HTML Report. The included tasks\Default.tasks sample shows the basic syntax of the TaskList files. The TaskList Files allow PlumHound to be fully scripted with batch jobs after the SharpHound dataset has been imported not BloodHoundAD on Neo4j. Looking for more tasks and templates? Checkout PlumHound-Tasks for the community driven marketplace of PlumHound reporting taskslists and report designs.

TaskList File Syntax

The TaskList file syntax is as follows. Note that any cypher query containing a double quote must be modified to use a single quote instead of double.

["Report Title","[Output-Format]","[Output-File]","[CypherQuery]"]

Output-Format options for TaskLists:

HTML: Generates a HTML Report
CSV: Generates a CSV of data
HTMLCSV: Generates both an HTML report and CSV data.
- NOTE: DO not include a file-extension in the Output-File paramter.

Additional Modules in TaskLists:

Report Index: to use the Report-Index module in a TaskList, use CypherQuery "REPORT-INDEX"

TaskList Sample: default.tasks

The default.tasks file includes multiple tasks that instruct PlumHound to create reports using the specified "HTML" output format, output filename, and specific BloodHoundAD Neo4JS cypher Query. See the Tasks mode below in the Execution modes section for additional information.

PlumHound.py -x tasks/default.tasks

Execution Modes

There are multiple execution modes to get PlumHound to do work.

Tasks Mode
Single Query Mode
BusiestPath Mode (BlueHound Module)
AnalyzePath Mode (BlueHound Module)

Tasks Mode

By specifying a task list, PlumHound can be programmed to run multiple cypher queries and export to multiple formats. For more information on the tasks file, see the section above.

Single Query Mode

This mode allows you to run a single query and export to standard output, HTML, or CSV.

Single Query with Standard Output (Normal Verbosity)

PlumHound.py -q "MATCH (n:User) RETURN n.name, n.displayname LIMIT 10"

       PlumHound 1.4
        For more information: https://github.com/plumhound
        --------------------------------------
        Server: bolt://localhost:7687
        User: neo4j
        Password: *****
        Encryption: False
        Timeout: 300
        --------------------------------------
        Task: Single Query
        Query Title: Adhoc Query
        Query Format: STDOUT
        Query Path: reports//
on 1:
on 1: n.name                    n.displayname
      ------------------------  ----------------
      [email protected]
      [email protected]
      [email protected]
      [email protected]   HelpdeskUser
      [email protected]  HelpdeskUser
      [email protected]     FileServiceAdmin
      [email protected]  ITAdmin
      [email protected]       ITAdmin
      [email protected]       Silver Sandy
on 1:
         Executing Tasks |██████████████████████████████████████████████████| Tasks 1 / 1  in 0.2s (4.40/s)

        Completed 1 of 1 tasks.

Single Query with Standard Output (Quiet)

By turning the verbosity to zero, this can act as a direct Neo4J handler for queries.

PlumHound.py -q "MATCH (n:User) RETURN n.name, n.displayname LIMIT 10" -v 0
on 1:
on 1: n.name                    n.displayname
      ------------------------  ----------------
      [email protected]
      [email protected]
      [email protected]
      [email protected]   HelpdeskUser
      [email protected]  HelpdeskUser
      [email protected]     FileServiceAdmin
      [email protected]  ITAdmin
      [email protected]       ITAdmin
      [email protected]       Silver Sandy
on 1:
         Executing Tasks |██████████████████████████████████████████████████| Tasks 1 / 1  in 0.2s (4.33/s)

The single query can also be used to generate HTML reports instead of outputting to STDOUT.

PlumHound.py -q "MATCH (n:User) RETURN n.name, n.displayname LIMIT 10" --title "Domain Users (Limit 10)" --of "DomainUserstest.html" --op "reports//" --ox HTML

Busiest Path (BlueHound Module)

The Busiest Path(s) function takes two parameters 1- all or short either you want to use shortestpath or allshorteshpaths algorithym. 2- The number of results you want to return. ex: Top 5

PlumHound.py -bp short 5
[*]Building Task List
[51, '[email protected]']
[51, '[email protected]']
[50, '[email protected]']
[49, '[email protected]']
[49, '[email protected]']
[*]Tasks Generation Completed
Tasks: []

Analyze Path (BlueHound Module)

The Analyze Path takes either a label or a start node and end node and loop through all the paths finding which relationship(s) need to be broken in order to break the whole path. This is useful when you want to provide your AD Admins with concrete actions they can take in order to improuve your overall AD Security Posture.

PlumHound.py -ap group
[...]
---------------------------------------------------------------------
Analyzing paths between [email protected] and DOMAIN [email protected]
---------------------------------------------------------------------
Removing the relationship CanRDP between [email protected] and COMP00886.BTV.ORG breaks the path!
Removing the relationship HasSession between COMP00886.BTV.ORG and [email protected] breaks the path!
---------------------------------------------------------------------
Analyzing paths between [email protected] and DOMAIN [email protected]
---------------------------------------------------------------------
---------------------------------------------------------------------
Analyzing paths between [email protected] and DOMAIN [email protected]
---------------------------------------------------------------------
---------------------------------------------------------------------
Analyzing paths between [email protected] and DOMAIN [email protected]
---------------------------------------------------------------------
Removing the relationship ExecuteDCOM between [email protected] and COMP00629.BTV.ORG breaks the path!
Removing the relationship HasSession between COMP00629.BTV.ORG and [email protected] breaks the path!
Removing the relationship MemberOf between [email protected] and [email protected] breaks the path!
Removing the relationship MemberOf between [email protected] and [email protected] breaks the path!
---------------------------------------------------------------------
Analyzing paths between [email protected] and DOMAIN [email protected]
---------------------------------------------------------------------
Removing the relationship AdminTo between [email protected] and COMP01055.BTV.ORG breaks the path!
Removing the relationship HasSession between COMP01055.BTV.ORG and [email protected] breaks the path!
Removing the relationship MemberOf between [email protected] and [email protected] breaks the path!
Removing the relationship MemberOf between [email protected] and [email protected] breaks the path!
Removing the relationship AdminTo between [email protected] and COMP00658.BTV.ORG breaks the path!
Removing the relationship AllowedToDelegate between COMP00658.BTV.ORG and COMP01387.BTV.ORG breaks the path!
Removing the relationship AllowedToDelegate between COMP01387.BTV.ORG and COMP00275.BTV.ORG breaks the path!
Removing the relationship HasSession between COMP00275.BTV.ORG and [email protected] breaks the path!
Removing the relationship MemberOf between [email protected] and DOMAIN [email protected] breaks the path!
---------------------------------------------------------------------
Analyzing paths between [email protected] and DOMAIN [email protected]
---------------------------------------------------------------------
---------------------------------------------------------------------
Analyzing paths between [email protected] and DOMAIN [email protected]
---------------------------------------------------------------------
[...]

AzHound (Basic Path Analysis of AzureHound Data)

Valid pre-sets are ALL, AZUser, AZGroup, AZApp, AZServicePrincipal, AZDevice. All presets search for relationships with Global Administrator.

Plumhound.py -az ALL
[...]

Additional Modules

Additional modules will be documented here.

Report Indexer Moodule

The report indexer builds an HTML report of all the completed jobs. Add the following job to a task list. The parameter = "REPORT-INDEX" instructs PlumHound to generate an HTML index of all the successfully exported tasks in that run of tasks.

Report Indexer Task Syntax

["Report Index","HTML","Reports.html","REPORT-INDEX"]

TaskZipper Module

The Taskzipper module will create a zipfile of all of the reports generated from a tasklist. Be sure that the Zip Module is included as the last task in a last list. The paramter = "ZIP-TASKS" instructs PlumHound to generate a ZIP file of all the sucessfuly exported tatsks in that run of tasks.

TaskZipper Task Syntax

["Zip Tasks","ZIP","Reports.zip","ZIP-TASKS"]

Logging

By default, PlumHound generates a log in file log\PlumHound.log

Hat-Tips & Acknowledgments

Hausec's Cypher Query CheatSheet gave us a headstart on some decent pathfinding cypher queries. | Git
SadProcessor's Blue Hands on BloodHound gave us a detailed primer on BloodHoundAD's ability to lead a BlueTeam to water. | Git.
Additional work by SadProcessor with Cypher Dog 3.0 shows similar POC via utilizing BloodHoundAD's Cypher Queries with a RestAPI endpoint via PowerShell. PlumHound operates similarly however written in python and designed for stringing multiple queries into consumable reports designed to infer actionable items.
BloodHoundAD: We wouldn't be talking about this at all if it weren't for the original BloodHoundAD work. BloodHound is developed by @_wald0, @CptJesus, and @harmj0y.
"Band-aids don't fix dank domains." BadBlood saved us a ton of time building realistic-enough AD domains for testing. @davidprowe
BloodHound from Red to Blue - Scoubi- Mathieu Saulnier Mathieu merged his BlueHound project with PlumHound in 2020 as a extension of features. Mathieu is an active collaborator of PlumHound and the BlueHound path-finding extension.

Presentations

BHIS Webcast: A Blue Team's Perspective on Red Team Hack Tools
Sector Session: BlueHound Path Destroyer
BHIS Blog: PlumHound Reporting Engine for BloodHoundAD

Installation Requirements

apt-get install python3
pip3 install -r requirements.txt

Tested with Python 3.10.6 and 3.11.0rc1*

Environment Setup Instructions

Install Neo4J
Install BloodhoundAD
Import AD dataset into BloodhoundAD to be parsed
Use PlumHound to Report

Known Issues

Please report as issue on GitHub

Collaboration

Help PlumHound grow and be a great tool for Blue and Purple Teams. We've created the initial proof of concept and are committed to continuing the maturity of PlumHound to leverage the power of BloodHoundAD into continual security improvement processes. Community involvement is what makes this industry great!

Black Hills Information Security - @BHInfoSecurity - Discord
Defensive Origins - @DefensiveOGs - Git
Kent Ickler - @Krelkci - Git
Jordan Drysdale - @Rev10D - Git
Mathieu Saulnier - @Scoubi - Git

License

GNU GPL3

Additional Inclusions:

table-sort-js https://github.com/LeeWannacott/table-sort-js provides sorting for HTML reports (in templates/head.html).

plumhound's People

Contributors

Stargazers

Watchers

Forkers

jurbz2019 malyshusness 0xsv1 53cur3m3 ikszero relkci brittadams erickie007 simonrefslund usmcnomad reanimat0r shantanu561993 askyeye alainw68 archangel-michael topotam invokethreatguy blue-infosec devkw basilthomasev morebettersecurity pbutler6163 navydav3 chaitanyakrishna thebigplate nightwing1983 wh1tenoise ithedzeko camperry stephenharuna c3rberus scoubi lotus321 r3dw4x2 preventions isarabia92 mubix gmichel-paaneah ralphhorn zha0 sasqwatch rev10d yellow-starburst xfreed0m raystyle an0nym0u5101 majimenez76 optionalg nedriano th3xace slooppe 5l1v3r1 duanshuaimin sunnyneo darksidesfear vcanev shlomin375 robinsonshai reno777 cyberfury101 idfix007 koolacac stishy zaicurity filipesam shamimrezasohag cybersecops sumeetit sn-ravance fuzzyun1c0rn croat79 rahmiy gg-big-org syrkadian djpentester ikpehlivan en-gato watson0x90 0x5a65726f4b65776c starin16 cerkoryn cdaprod phxsecio nunofranciscomoreira acti0nus g4mm4p4nd4 yakshavingcatherder active666 schoon3r apkc kaydaskalakis bioless a7t0fwa7 emadyay yosignals tomfansdwdf edd13mora rubxkub ragingredriot nullxall

plumhound's Issues

Start work on migrating to neo4j 5.2 driver

Neo4j Updates

Need to update Neo4j to a newer version.

Issue: Python3.9 installs fail on modern Kali fails due to distutils errors. Installation of Neo4j version 1.7 (frozen version in requirements.txt) fails on Python3.10 because the Mapping module was moved from collections to collections.abc. We are now between a rock and a hard place regarding Neo4j, and the need to upgrade has come up once again.

Issue is related to #36. Given BloodHound recommends the usage of Neo4j 4.4.13, we should look into using version 4.4. Not sure how systemic updates will need to be, but will look into it as I have time.

errors while executing Tasks

Describe the bug
PlumHound fails to execute tasks
To Reproduce
Steps to reproduce the behavior:
sudo python3 PlumHound.py --easy -s "bolt://127.0.0.1:7687" -u "neo4j" -p "neo4j1"

Desktop (please complete the following information):

OS: Linux kali 5.14.0-kali2-amd64

Database Connection Failed

Used the correct username and password in arguements and also uncommented the first section of the script to include username, password and database url.
Still Gave me the error "Database Connection Failed"

Output format selections don't seem to function

Describe the bug
The --OutFile or --ox options don't seem to work.

To Reproduce
Steps to reproduce the behavior:

python PlumHound.py -p "bloodhound" -x tasks/default.tasks --OutFormat CSV
(Get output in HTML)

Alternatively:

python PlumHound.py -p "bloodhound" -x tasks/default.tasks --ox CSV
(Get output in HTML still)

Expected behavior
A clear and concise description of what you expected to happen.

Screenshots
If applicable, add screenshots to help explain your problem.

Desktop (please complete the following information):

OS: W10
Python 3.8 downloaded and installed today

Additional context
Add any other context about the problem here.

CSV Column title - Writing in several instead of just 1

Noticed a bug in CSV:
The problem is that each character of the title is being written to a new column instead of just one column. The format of the column title is the following:

c	.	n	a	m	e

add zip module

Is your feature request related to a problem? Please describe.
add a module to zip all the files generated by a tasklist

Describe the solution you'd like
use zipfile module and task_output_list to add generated files into a zip file

Describe alternatives you've considered
I do it manually every time as a way to prepare for delivery of a set of reports. might as well automate it instead of using zip in bash.

Alternatively, we can just zip everything in the reports folder, that way we wouldn't have to grab the task_output_list, but this could lead to issues if someone has stale reports in the report folder.

Additional context
Add any other context or screenshots about the feature request here.

Weird output

while running the app i get the following output:

there's nothing in the reports themself.

ENV:
OS - ubuntu 22.04
Neo4j is running
BHD is running

'gbk' codec can't decode byte 0xb2 in position 2142: illegal multibyte sequence

Would like to get help from this error?

on 66: 'gbk' codec can't decode byte 0xb2 in position 2142: illegal multibyte sequence
on 67: INFO ERROR While running job (trying next job in list).
on 67: 'gbk' codec can't decode byte 0xb2 in position 2142: illegal multibyte sequence
on 68: INFO ERROR While running job (trying next job in list).
on 68: 'gbk' codec can't decode byte 0xb2 in position 2142: illegal multibyte sequence
on 69: INFO ERROR While running job (trying next job in list).
on 69: 'gbk' codec can't decode byte 0xb2 in position 2142: illegal multibyte sequence
on 70: INFO ERROR While running job (trying next job in list).
on 70: 'gbk' codec can't decode byte 0xb2 in position 2142: illegal multibyte sequence
on 71: INFO ERROR While running job (trying next job in list).
on 71: 'gbk' codec can't decode byte 0xb2 in position 2142: illegal multibyte sequence
on 72: INFO ERROR While running job (trying next job in list).
on 72: 'gbk' codec can't decode byte 0xb2 in position 2142: illegal multibyte sequence
on 73: INFO ERROR While running job (trying next job in list).
on 73: 'gbk' codec can't decode byte 0xb2 in position 2142: illegal multibyte sequence
on 74: INFO ERROR While running job (trying next job in list).
on 74: 'gbk' codec can't decode byte 0xb2 in position 2142: illegal multibyte sequence
on 75: INFO ERROR While running job (trying next job in list).
on 75: list index out of range
Executing Tasks |██████████████████████████████████████████████████| Tasks 75 / 75 in 2.0s (37.61/s)

add object "enable" query to LAPS Deployment report

Is your feature request related to a problem? Please describe.
LAPS deployment report includes enabled and disabled objects

Describe the solution you'd like
add second column to show LAPS enabled/disabled for objects enabled/disabled

Describe alternatives you've considered
filter for only enabled objects

Generating output Files - Help

Hi Team, I am having issues generating output file. What is the command to output the file to an html or csv file?

Thank you

"Cannot access local variable 'data' where it is not associated with a value"

Bug
I am trying to run Plumhound against my Bloodhound setup, but I am getting an error when running the tool.

Steps to reproduce the behavior:

Run and log into neo4j
Run bloodhound
Run bloodhound ingester to ensure there is data in the database
sudo python3 PlumHound.py --easy -p neo4j1
View results

Expected Behavior
Expected to see "Completed 1 of 1 tasks"

Screenshots

Desktop

OS: Linux kali 5.15.0-kali3-amd64 SMP Debian 5.15.15-2kali1 (2022-01-31) x86_64 GNU/Linux
Browser: Google Chrome Version 119.0.6045.105 (Official Build) (64-bit)

Additional Context
This is all performed through VirtualBox Version 7.0.6 r155176 (Qt5.15.2)

Add cypher query limit as command line argument to prevent expensive task-queries that will never complete

Is your feature request related to a problem? Please describe.
Large domains with many relationships may cause some pre-defined queries to never complete

Describe the solution you'd like
Add limit phArg that is appended to any task query processed by phTasks

Describe alternatives you've considered
Enforce a query timeout on the neo4j connection string and handle the error generated -- less idea as it will prevent any data from being written on the report

Additional context
Add any other context or screenshots about the feature request here.

Dependency error

The Iterable abstract class was removed from collections in Python 3.10.

this causes the following error when trying to run the program on the ubuntu 22.04

might need to update requirements.txt or change the source code a bit to have the following:

try: from collections.abc import Iterable except ImportError: from collections import Iterable

CSV output_type error

Describe the bug
Changed default tasks output to be CSV.
Turned verbose to 1000 max and no errors when running query. Says that the file has been created
When I check the default location of there isn't any csv output.

Plumhound Dev - Python Error

I've tried python3.8 and python3.7

py2neo no longer supported/not available

Describe the bug
Plumhound needs to import modules/Bluehound.
Bluehound needs py2neo, which is no longer available.
I ran into the same issue installing plumhound's requirements.txt, and found the recommendation to use neo4j instead of py2neo, but neo4j does not have a module 'Graph'.

This is the first issue I have reported on github. Apologies if I have done a bad job.

Thanks

To Reproduce
Steps to reproduce the behavior:

Go to '...'
Click on '....'
Scroll down to '....'
See error

Expected behavior
A clear and concise description of what you expected to happen.

Screenshots
If applicable, add screenshots to help explain your problem.

Desktop (please complete the following information):

OS: [e.g. iOS]
Browser [e.g. chrome, safari]
Version [e.g. 22]

Smartphone (please complete the following information):

Device: [e.g. iPhone6]
OS: [e.g. iOS8.1]
Browser [e.g. stock browser, safari]
Version [e.g. 22]

Additional context
Add any other context about the problem here.

Tasks do not create report in Windows

Plumhound works with no issues in Linux,
But in Windows, it can't create the reports for the same version of required master programs towards same Database.(neo4j,p2yneo,BloodHound etc.) - reference requirements.txt in files.

It runs half of the tasks, and files are only 1kb with no data in them.

Please see below :

What would be the reason for that.

update unsupported OS report to indicate object age

Is your feature request related to a problem? Please describe.
The unsupported software report may include objects that are stale (decomissioned) or disabled

Describe the solution you'd like
Add Last Logon to Unsupported OS report so help determine if objects are stale
Add Enabled column to Unsupported OS report to help determine if objects are decommissioned

Busiest path not work

Busiest path not work.
OS:kali

Queries not returning results

Disclaimer: May be a false positive
Noticed that 2 files does not contain any data.

Shortest Path DA
Permissions Everyone
Currently reviewing to discover a potential cause

Failed to read from defunct connection IPv4Address(('localhost', 7687)) (IPv4Address(('127.0.0.1', 7687)))

Describe the bug
Hey there!

I'm receiving the following error when trying to run the default tasks:
Failed to read from defunct connection IPv4Address(('localhost', 7687)) (IPv4Address(('127.0.0.1', 7687)))

I have neo4j installed on Kali populated with data. I've verified the data exists and is query-able in Bloodhound. It is hard to tell if this is a critical failure, or if I'm running into some other issue, but the reports are not being populated.

To Reproduce
Steps to reproduce the behavior:
Simply running the default tasks seems to cause the problem.

Expected behavior
I would have expected data to be generated :)

Screenshots

(venv) kali@kali:~/PlumHound$ python PlumHound.py -x tasks/default.tasks -u "neo4j" -p "neo4j"
[*]Building Task List
No data
Failed to read from defunct connection IPv4Address(('localhost', 7687)) (IPv4Address(('127.0.0.1', 7687)))
[*]Beginning Output HTML:reports//Workstations_RDP.html
[*]Beginning Output HTML:reports//CrossDomainRelationships.html
[*]Beginning Output HTML:reports//DA_Sessions.html
[*]Beginning Output HTML:reports//EA_Sessions.html
[*]Beginning Output HTML:reports//Permissions_Everyone.html
[*]Beginning Output HTML:reports//Users_NoKerbReq.html
No data
Failed to read from defunct connection IPv4Address(('localhost', 7687)) (IPv4Address(('127.0.0.1', 7687)))
(venv) kali@kali:~/PlumHound$

Desktop (please complete the following information):
Kali 2020.3
Python 3.8.3

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.