NetExec icon indicating copy to clipboard operation
NetExec copied to clipboard
verified publisher icon Pennyw0rth

Make it possible to use Bloodhound ingestor for the Community Edition version

Open Schrubitteflau opened this issue 1 year ago • 2 comments

Hello :hand:

Please Describe The Problem To Be Solved Currently, when the flag --bloodhound is provided, it performs a data collection using the Bloodhound package from https://github.com/dirkjanm/BloodHound.py. However, the README clearly states that This version of BloodHound.py is only compatible with BloodHound 4.2 and 4.3, which means it might not work properly with Bloodhound CE : the generated ZIP archive won't be successfully ingested, or only partially (as far as I tested). It would therefore be great to add a way to specify that we want to use a collector compatible with Bloodhound CE, which is becoming more and more popular as it's getting improved. One limitation is the bloodhound package itself. In order to use the version compatible with Bloodhound CE, as far as I understand, you have to install it from a specific branch (https://github.com/dirkjanm/BloodHound.py/tree/bloodhound-ce), instead of, for instance, simply having two imports such as bloodhound.legacy and bloodhound.ce.

(Optional): Suggest A Solution (Replace This Text: A concise description of your preferred solution. Things to address include:

  • Provide a flag, for example --bloodhound-ce to indicate which collector to use
  • An idea would be to keep having the bloodhound dependency as is, and add another one in the pyproject.toml and name it bloodhoundce so that it doesn't conflict with bloodhound, for example a line like bloodhoundce = { git = "https://github.com/dirkjanm/BloodHound.py", branch = "bloodhound-ce" } (I hope it's possible)
  • Based on the provided flag (--bloodhound or --bloodhound-ce), the proper implementation will be called

Schrubitteflau avatar Aug 21 '24 13:08 Schrubitteflau

Hi, yes I am aware of the problem but I did not find a solution yet. All import specific stuff (e.g. in the pyproject.toml file) depend on the package name you are importing/adding. Therefore, from my knowledge it is not possible to add another package with the same name to the toml file without renaming the source (that would have to be done by dirk-jan).

NeffIsBack avatar Aug 21 '24 14:08 NeffIsBack

Thanks for your fast reply. I also tried to have both bloodhound packages at the same time (with one named bloodhound_ce from the bloodhound-ce branch) and it didn't work. It would be great to help dirkjanm with that, a PR merging the code for bloodhound-ce into main and providing a way to select which one to use, so that it would be easy to implement in NetExec under a same bloodhound package ! Just posting the idea here, if someone has the time and the knowledge

Schrubitteflau avatar Aug 21 '24 16:08 Schrubitteflau

Solved by #664

NeffIsBack avatar Aug 11 '25 20:08 NeffIsBack