BloodHound icon indicating copy to clipboard operation
BloodHound copied to clipboard
verified publisher icon SpecterOps

Feature: Add container enumeration to API

Open 0xd6cb6d73 opened this issue 1 year ago • 0 comments

Feature Description

Add the ability to enumerate containers in a domain through the API.

Are you intending to implement this feature?

No

Current Behavior

It is currently possible to query a container's properties and controllers through the /api/v2/containers path. It is not possible to enumerate containers in a domain or otherwise from the API.

Desired Behavior

An API endpoint analogous to /api/v2/domain/<ID>/ous but for containers.

Use Case

Active directory places many objects in containers such as "Builtin", "Users", "Computers" and "Managed Service Accounts" by default. There is currently no way to programatically find who has control over these objects through the BHCE API as they cannot be found.

Implementation Suggestions

Add the /api/v2/domain/<ID>/containers endpoint.

Additional Information

N/A

0xd6cb6d73 avatar Jun 28 '24 08:06 0xd6cb6d73