Plumhound
bloddhound for purple and blue teams
Plumhound Installation
┌──(kali㉿kali)-[/opt]
└─$ sudo git clone https://github.com/PlumHound/PlumHound
[sudo] password for kali:
Cloning into 'PlumHound'...
remote: Enumerating objects: 3256, done.
remote: Counting objects: 100% (118/118), done.
remote: Compressing objects: 100% (55/55), done.
remote: Total 3256 (delta 86), reused 77 (delta 63), pack-reused 3138 (from 1)
Receiving objects: 100% (3256/3256), 6.11 MiB | 1010.00 KiB/s, done.
Resolving deltas: 100% (1234/1234), done.
┌──(kali㉿kali)-[/opt/PlumHound]
└─$ pip3 install -r requirements.txt
Defaulting to user installation because normal site-packages is not writeable
DEPRECATION: Loading egg at /usr/local/lib/python3.11/dist-packages/PyBluez-0.30-py3.11-linux-x86_64.egg is deprecated. pip 25.1 will enforce this behaviour change. A possible replacement is to use pip for package installation. Discussion can be found at https://github.com/pypa/pip/issues/12330
Requirement already satisfied: neo4j in /usr/lib/python3/dist-packages (from -r requirements.txt (line 1)) (5.2.dev0)
Collecting py2neo (from -r requirements.txt (line 2))
Downloading py2neo-2021.2.4-py2.py3-none-any.whl.metadata (9.9 kB)
Requirement already satisfied: tabulate in /usr/lib/python3/dist-packages (from -r requirements.txt (line 3)) (0.8.10)
Requirement already satisfied: argcomplete in /usr/lib/python3/dist-packages (from -r requirements.txt (line 4)) (3.3.0)
Collecting alive-progress (from -r requirements.txt (line 5))
Downloading alive_progress-3.2.0-py3-none-any.whl.metadata (70 kB)
Requirement already satisfied: certifi in /usr/lib/python3/dist-packages (from py2neo->-r requirements.txt (line 2)) (2023.11.17)
Collecting interchange~=2021.0.4 (from py2neo->-r requirements.txt (line 2))
Downloading interchange-2021.0.4-py2.py3-none-any.whl.metadata (1.9 kB)
Collecting monotonic (from py2neo->-r requirements.txt (line 2))
Downloading monotonic-1.6-py2.py3-none-any.whl.metadata (1.5 kB)
Requirement already satisfied: packaging in /usr/lib/python3/dist-packages (from py2neo->-r requirements.txt (line 2)) (24.0)
Collecting pansi>=2020.7.3 (from py2neo->-r requirements.txt (line 2))
Downloading pansi-2024.11.0-py2.py3-none-any.whl.metadata (3.1 kB)
We need to have neo4j and bloodhound running and data already injested
Running Plumhound
┌──(kali㉿kali)-[/opt/PlumHound]
└─$ sudo python3 PlumHound.py --easy -p neo4j1
PlumHound 1.6
For more information: https://github.com/plumhound
--------------------------------------
Server: bolt://localhost:7687
User: neo4j
Password: *****
Encryption: False
Timeout: 300
--------------------------------------
Task: Easy
Query Title: Domain Users
Query Format: STDOUT
Query Cypher: MATCH (n:User) RETURN n.name, n.displayname
--------------------------------------
INFO Found 1 task(s)
INFO --------------------------------------
on 1: n.name n.displayname
-------------------------- ---------------
[email protected]
[email protected] Tony Stark
[email protected] SQL Service
[email protected] Parker
[email protected]
[email protected]
[email protected] Frank Castle
NT [email protected]
Executing Tasks |██████████████████████████████████████████████████| Tasks 1 / 1 in 0.1s (3473.04/s)
Completed 1 of 1 tasks.
sudo
Runs the command with superuser privileges. This is often required if the script needs access to system resources or certain protected files.
python3
Uses the Python 3 interpreter to run the script.
PlumHound.py
This is the Python script being executed — PlumHound is a tool used for analyzing BloodHound/Neo4j data (usually related to Active Directory recon).
--easy
This is a flag/option that likely tells the script to run in a simplified or beginner-friendly mode. It might automate or simplify certain tasks (you'll need to check the script's help output or documentation for exact behavior).
-p neo4j1
This sets the -p option to neo4j1. In the context of PlumHound, this is likely specifying a profile or Neo4j database connection name or password for connecting to the BloodHound database backend.
┌──(kali㉿kali)-[/opt/PlumHound]
└─$ sudo python3 PlumHound.py -x tasks/default.tasks -p neo4j1
PlumHound 1.6
For more information: https://github.com/plumhound
--------------------------------------
Server: bolt://localhost:7687
User: neo4j
Password: *****
Encryption: False
Timeout: 300
--------------------------------------
Tasks: Task File
TaskFile: tasks/default.tasks
Found 119 task(s)
--------------------------------------
on 119: Completed Reports Archive: reports//Reports.zip
Executing Tasks |██████████████████████████████████████████████████| Tasks 119 / 119 in 5.3s (22.71/s)
Completed 119 of 119 tasks.
✅ Use the default.tasks file to determine what analysis to run
The reports are save in reports folder
You can now index.html file and explore it.
firefox index.html
Last updated