BloodHoundOperator

PowerShell client for BloodHound Community Edition and BloodHound Enterprise

Learn more:

• Release blog post: BloodHound Operator — Dog Whispering Reloaded
• Presentation at PowerShell Conference Europe: The Dog Ate My Homework - A new chapter in my BloodHound adventures with PowerShell

Getting Started

Authenticate

Create an API token ID/Key pair from the BloodHound browser UI - in Working with the BloodHound API follow either section:

• Create a non-personal API key/ID pair
• Create a personal API Key/ID pair

Copy the generated TokenID to your clipbard, then load to variable

# Get id from clipboard
$BHTokenID = Get-Clipboard

Copy the generated TokenKey to your clipbard, then load to variable as SecureString

# Get key from Clipboard
$BHTokenKey = Get-Clipboard | Convertto-SecureString -AsPlainText -Force

Create BHSession (BHCE)

# Create Session - BHCE, defaults to 127.0.0.1
New-BHSession -TokenID $BHTokenID -Token $BHTokenKey

-or-

Create BHSession (BHE)

# Create Session - BHE
New-BHSession -Server test.bloodhoundenterprise.io -TokenID $BHETokenID -Token $BHETokenKey

Check Session Object

# Check Session
BHSession | ft

Running Cmdlets

List BloodHoundOperator Cmdlets, or check OperatorCheat.md

# Cmdlet Cheat
BHHelp
# Online
BHHelp -Online

Check current user (Whoami)

# Whoami
BHRole -Whoami
BHOperator -Whoami

Run Cypher query

# List Kerberoastable users
BHCypher -Query 'MATCH (n:User) WHERE n.hasspn=true RETURN n'