Plumhound

bloddhound for purple and blue teams

Plumhound Installation

┌──(kali㉿kali)-[/opt]
└─$ sudo git clone https://github.com/PlumHound/PlumHound
[sudo] password for kali: 
Cloning into 'PlumHound'...
remote: Enumerating objects: 3256, done.
remote: Counting objects: 100% (118/118), done.
remote: Compressing objects: 100% (55/55), done.
remote: Total 3256 (delta 86), reused 77 (delta 63), pack-reused 3138 (from 1)
Receiving objects: 100% (3256/3256), 6.11 MiB | 1010.00 KiB/s, done.
Resolving deltas: 100% (1234/1234), done.
                                                                                                                                                                                                                               
┌──(kali㉿kali)-[/opt/PlumHound]
└─$ pip3 install -r requirements.txt
Defaulting to user installation because normal site-packages is not writeable
DEPRECATION: Loading egg at /usr/local/lib/python3.11/dist-packages/PyBluez-0.30-py3.11-linux-x86_64.egg is deprecated. pip 25.1 will enforce this behaviour change. A possible replacement is to use pip for package installation. Discussion can be found at https://github.com/pypa/pip/issues/12330                                                                                                                                                                                 
Requirement already satisfied: neo4j in /usr/lib/python3/dist-packages (from -r requirements.txt (line 1)) (5.2.dev0)                                                                                                                       
Collecting py2neo (from -r requirements.txt (line 2))
  Downloading py2neo-2021.2.4-py2.py3-none-any.whl.metadata (9.9 kB)
Requirement already satisfied: tabulate in /usr/lib/python3/dist-packages (from -r requirements.txt (line 3)) (0.8.10)
Requirement already satisfied: argcomplete in /usr/lib/python3/dist-packages (from -r requirements.txt (line 4)) (3.3.0)
Collecting alive-progress (from -r requirements.txt (line 5))
  Downloading alive_progress-3.2.0-py3-none-any.whl.metadata (70 kB)
Requirement already satisfied: certifi in /usr/lib/python3/dist-packages (from py2neo->-r requirements.txt (line 2)) (2023.11.17)
Collecting interchange~=2021.0.4 (from py2neo->-r requirements.txt (line 2))
  Downloading interchange-2021.0.4-py2.py3-none-any.whl.metadata (1.9 kB)
Collecting monotonic (from py2neo->-r requirements.txt (line 2))
  Downloading monotonic-1.6-py2.py3-none-any.whl.metadata (1.5 kB)
Requirement already satisfied: packaging in /usr/lib/python3/dist-packages (from py2neo->-r requirements.txt (line 2)) (24.0)
Collecting pansi>=2020.7.3 (from py2neo->-r requirements.txt (line 2))
  Downloading pansi-2024.11.0-py2.py3-none-any.whl.metadata (3.1 kB)

We need to have neo4j and bloodhound running and data already injested

Running Plumhound

                                                                                                                                                                                                                                            
┌──(kali㉿kali)-[/opt/PlumHound]
└─$ sudo python3 PlumHound.py --easy -p  neo4j1

        PlumHound 1.6
        For more information: https://github.com/plumhound
        --------------------------------------
        Server: bolt://localhost:7687
        User: neo4j
        Password: *****
        Encryption: False
        Timeout: 300
        --------------------------------------
        Task: Easy
        Query Title: Domain Users
        Query Format: STDOUT
        Query Cypher: MATCH (n:User) RETURN n.name, n.displayname
        --------------------------------------
INFO    Found 1 task(s)
INFO    --------------------------------------

on 1: n.name                      n.displayname
      --------------------------  ---------------
      [email protected]
      [email protected]         Tony Stark
      [email protected]     SQL Service
      [email protected]        Parker
      [email protected]
      [email protected]
      [email protected]        Frank Castle
      
      NT [email protected]

         Executing Tasks |██████████████████████████████████████████████████| Tasks 1 / 1  in 0.1s (3473.04/s) 

        Completed 1 of 1 tasks.

Part
Meaning

sudo

Runs the command with superuser privileges. This is often required if the script needs access to system resources or certain protected files.

python3

Uses the Python 3 interpreter to run the script.

PlumHound.py

This is the Python script being executed — PlumHound is a tool used for analyzing BloodHound/Neo4j data (usually related to Active Directory recon).

--easy

This is a flag/option that likely tells the script to run in a simplified or beginner-friendly mode. It might automate or simplify certain tasks (you'll need to check the script's help output or documentation for exact behavior).

-p neo4j1

This sets the -p option to neo4j1. In the context of PlumHound, this is likely specifying a profile or Neo4j database connection name or password for connecting to the BloodHound database backend.

┌──(kali㉿kali)-[/opt/PlumHound]
└─$ sudo python3 PlumHound.py -x tasks/default.tasks -p  neo4j1

        PlumHound 1.6
        For more information: https://github.com/plumhound
        --------------------------------------
        Server: bolt://localhost:7687
        User: neo4j
        Password: *****
        Encryption: False
        Timeout: 300
        --------------------------------------
        Tasks: Task File
        TaskFile: tasks/default.tasks
        Found 119 task(s)
        --------------------------------------


on 119:         Completed Reports Archive: reports//Reports.zip
         Executing Tasks |██████████████████████████████████████████████████| Tasks 119 / 119  in 5.3s (22.71/s) 

        Completed 119 of 119 tasks.

✅ Use the default.tasks file to determine what analysis to run

The reports are save in reports folder

You can now index.html file and explore it.

firefox index.html

Last updated