Plumhound

bloddhound for purple and blue teams

GitHub - PlumHound/PlumHound: Bloodhound Reporting for Blue and Purple TeamsGitHub

Plumhound Installation

┌──(kali㉿kali)-[/opt]
└─$ sudo git clone https://github.com/PlumHound/PlumHound
[sudo] password for kali: 
Cloning into 'PlumHound'...
remote: Enumerating objects: 3256, done.
remote: Counting objects: 100% (118/118), done.
remote: Compressing objects: 100% (55/55), done.
remote: Total 3256 (delta 86), reused 77 (delta 63), pack-reused 3138 (from 1)
Receiving objects: 100% (3256/3256), 6.11 MiB | 1010.00 KiB/s, done.
Resolving deltas: 100% (1234/1234), done.

                                                                                                                                                                                                                               
┌──(kali㉿kali)-[/opt/PlumHound]
└─$ pip3 install -r requirements.txt
Defaulting to user installation because normal site-packages is not writeable
DEPRECATION: Loading egg at /usr/local/lib/python3.11/dist-packages/PyBluez-0.30-py3.11-linux-x86_64.egg is deprecated. pip 25.1 will enforce this behaviour change. A possible replacement is to use pip for package installation. Discussion can be found at https://github.com/pypa/pip/issues/12330                                                                                                                                                                                 
Requirement already satisfied: neo4j in /usr/lib/python3/dist-packages (from -r requirements.txt (line 1)) (5.2.dev0)                                                                                                                       
Collecting py2neo (from -r requirements.txt (line 2))
  Downloading py2neo-2021.2.4-py2.py3-none-any.whl.metadata (9.9 kB)
Requirement already satisfied: tabulate in /usr/lib/python3/dist-packages (from -r requirements.txt (line 3)) (0.8.10)
Requirement already satisfied: argcomplete in /usr/lib/python3/dist-packages (from -r requirements.txt (line 4)) (3.3.0)
Collecting alive-progress (from -r requirements.txt (line 5))
  Downloading alive_progress-3.2.0-py3-none-any.whl.metadata (70 kB)
Requirement already satisfied: certifi in /usr/lib/python3/dist-packages (from py2neo->-r requirements.txt (line 2)) (2023.11.17)
Collecting interchange~=2021.0.4 (from py2neo->-r requirements.txt (line 2))
  Downloading interchange-2021.0.4-py2.py3-none-any.whl.metadata (1.9 kB)
Collecting monotonic (from py2neo->-r requirements.txt (line 2))
  Downloading monotonic-1.6-py2.py3-none-any.whl.metadata (1.5 kB)
Requirement already satisfied: packaging in /usr/lib/python3/dist-packages (from py2neo->-r requirements.txt (line 2)) (24.0)
Collecting pansi>=2020.7.3 (from py2neo->-r requirements.txt (line 2))
  Downloading pansi-2024.11.0-py2.py3-none-any.whl.metadata (3.1 kB)

We need to have neo4j and bloodhound running and data already injested

Running Plumhound

                                                                                                                                                                                                                                            
┌──(kali㉿kali)-[/opt/PlumHound]
└─$ sudo python3 PlumHound.py --easy -p  neo4j1

        PlumHound 1.6
        For more information: https://github.com/plumhound
        --------------------------------------
        Server: bolt://localhost:7687
        User: neo4j
        Password: *****
        Encryption: False
        Timeout: 300
        --------------------------------------
        Task: Easy
        Query Title: Domain Users
        Query Format: STDOUT
        Query Cypher: MATCH (n:User) RETURN n.name, n.displayname
        --------------------------------------
INFO    Found 1 task(s)
INFO    --------------------------------------

on 1: n.name                      n.displayname
      --------------------------  ---------------
      [email protected]
      [email protected]         Tony Stark
      [email protected]     SQL Service
      [email protected]        Parker
      [email protected]
      [email protected]
      [email protected]        Frank Castle
      
      NT [email protected]

         Executing Tasks |██████████████████████████████████████████████████| Tasks 1 / 1  in 0.1s (3473.04/s) 

        Completed 1 of 1 tasks.

Part

Meaning

sudo

Runs the command with superuser privileges. This is often required if the script needs access to system resources or certain protected files.

python3

Uses the Python 3 interpreter to run the script.

PlumHound.py

This is the Python script being executed — PlumHound is a tool used for analyzing BloodHound/Neo4j data (usually related to Active Directory recon).

--easy

This is a flag/option that likely tells the script to run in a simplified or beginner-friendly mode. It might automate or simplify certain tasks (you'll need to check the script's help output or documentation for exact behavior).

-p neo4j1

This sets the -p option to neo4j1. In the context of PlumHound, this is likely specifying a profile or Neo4j database connection name or password for connecting to the BloodHound database backend.

┌──(kali㉿kali)-[/opt/PlumHound]
└─$ sudo python3 PlumHound.py -x tasks/default.tasks -p  neo4j1

        PlumHound 1.6
        For more information: https://github.com/plumhound
        --------------------------------------
        Server: bolt://localhost:7687
        User: neo4j
        Password: *****
        Encryption: False
        Timeout: 300
        --------------------------------------
        Tasks: Task File
        TaskFile: tasks/default.tasks
        Found 119 task(s)
        --------------------------------------


on 119:         Completed Reports Archive: reports//Reports.zip
         Executing Tasks |██████████████████████████████████████████████████| Tasks 119 / 119  in 5.3s (22.71/s) 

        Completed 119 of 119 tasks.

✅ Use the default.tasks file to determine what analysis to run

The reports are save in reports folder

You can now index.html file and explore it.

firefox index.html

PreviousBloodHound NextBloodhound CE

Last updated 7 months ago

┌──(kali㉿kali)-[/opt/PlumHound] └─$ pip3 install -r requirements.txt Defaulting to user installation because normal site-packages is not writeable DEPRECATION: Loading egg at /usr/local/lib/python3.11/dist-packages/PyBluez-0.30-py3.11-linux-x86_64.egg is deprecated. pip 25.1 will enforce this behaviour change. A possible replacement is to use pip for package installation. Discussion can be found at https://github.com/pypa/pip/issues/12330 Requirement already satisfied: neo4j in /usr/lib/python3/dist-packages (from -r requirements.txt (line 1)) (5.2.dev0) Collecting py2neo (from -r requirements.txt (line 2)) Downloading py2neo-2021.2.4-py2.py3-none-any.whl.metadata (9.9 kB) Requirement already satisfied: tabulate in /usr/lib/python3/dist-packages (from -r requirements.txt (line 3)) (0.8.10) Requirement already satisfied: argcomplete in /usr/lib/python3/dist-packages (from -r requirements.txt (line 4)) (3.3.0) Collecting alive-progress (from -r requirements.txt (line 5)) Downloading alive_progress-3.2.0-py3-none-any.whl.metadata (70 kB) Requirement already satisfied: certifi in /usr/lib/python3/dist-packages (from py2neo->-r requirements.txt (line 2)) (2023.11.17) Collecting interchange~=2021.0.4 (from py2neo->-r requirements.txt (line 2)) Downloading interchange-2021.0.4-py2.py3-none-any.whl.metadata (1.9 kB) Collecting monotonic (from py2neo->-r requirements.txt (line 2)) Downloading monotonic-1.6-py2.py3-none-any.whl.metadata (1.5 kB) Requirement already satisfied: packaging in /usr/lib/python3/dist-packages (from py2neo->-r requirements.txt (line 2)) (24.0) Collecting pansi>=2020.7.3 (from py2neo->-r requirements.txt (line 2)) Downloading pansi-2024.11.0-py2.py3-none-any.whl.metadata (3.1 kB)