BashHound-CE

Active Directory data collector for BloodHound Community Edition written in Bash

Bash • Fast • Stealth

---

Description

BashHound-CE is a BloodHound Community Edition data collector written in Bash, inspired by RustHound and SharpHound. It is designed to be compatible with Linux. It generates all the JSON files (v6 format) that can be analyzed by BloodHound CE.

BashHound-CE vs BashHound:

• BashHound-CE: Exports data in BloodHound CE format (version 6) - for BloodHound Community Edition
• BashHound: Exports data in legacy BloodHound format (version 5) - for classic BloodHound

BashHound was created as a technical challenge rather than for real-world use. Although the tool works, it is incomplete and not fully functional for advanced usage. Updates will be released regularly to improve it and make it increasingly functional.

---

Usage

Standart

bashhound-ce -d <domain.local> -u <user> -p <password> -f <dc.domain.local> 

Options

-c, --collection METHOD
Collection Methods:
    All       - Collects all data (default)
    DCOnly    - Collects only from the DC (no sessions)
    Session   - Collects only sessions
    Trusts    - Collects only trusts
    ACL       - Collects only ACLs
    Group     - Collects only group memberships

--zip-only      Deletes JSON files after creating the ZIP file
--port          PORT LDAP port (default: 389 for LDAP, 636 for LDAPS)
--ldaps         Use LDAPS (TLS) - equivalent to --port 636
--no-tls        Force LDAP without TLS even on port 636

---

Disclaimer

All tests were carried out on the DarkZero machine on Hack The Box. “TODO” notes have been added to the code to make it compatible with any server.

---

Related Projects

• RustHound - BloodHound collector written in Rust
• SharpHound - Official BloodHound collector written in C#
• BloodHound - Active Directory relationship analysis tool

---

_{Made with Bash}