diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..64d49ae --- /dev/null +++ b/.gitignore @@ -0,0 +1,216 @@ +# Byte-compiled / optimized / DLL files +__pycache__/ +*.py[codz] +*$py.class + +# C extensions +*.so + +# Distribution / packaging +.Python +build/ +develop-eggs/ +dist/ +downloads/ +eggs/ +.eggs/ +lib/ +lib64/ +parts/ +sdist/ +var/ +wheels/ +share/python-wheels/ +*.egg-info/ +.installed.cfg +*.egg +MANIFEST + +# PyInstaller +# Usually these files are written by a python script from a template +# before PyInstaller builds the exe, so as to inject date/other infos into it. +*.manifest +*.spec + +# Installer logs +pip-log.txt +pip-delete-this-directory.txt + +# Unit test / coverage reports +htmlcov/ +.tox/ +.nox/ +.coverage +.coverage.* +.cache +nosetests.xml +coverage.xml +*.cover +*.py.cover +.hypothesis/ +.pytest_cache/ +cover/ + +# Translations +*.mo +*.pot + +# Django stuff: +*.log +local_settings.py +db.sqlite3 +db.sqlite3-journal + +# Flask stuff: +instance/ +.webassets-cache + +# Scrapy stuff: +.scrapy + +# Sphinx documentation +docs/_build/ + +# PyBuilder +.pybuilder/ +target/ + +# Jupyter Notebook +.ipynb_checkpoints + +# IPython +profile_default/ +ipython_config.py + +# pyenv +# For a library or package, you might want to ignore these files since the code is +# intended to run in multiple environments; otherwise, check them in: +# .python-version + +# pipenv +# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control. +# However, in case of collaboration, if having platform-specific dependencies or dependencies +# having no cross-platform support, pipenv may install dependencies that don't work, or not +# install all needed dependencies. +# Pipfile.lock + +# UV +# Similar to Pipfile.lock, it is generally recommended to include uv.lock in version control. +# This is especially recommended for binary packages to ensure reproducibility, and is more +# commonly ignored for libraries. +# uv.lock + +# poetry +# Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control. +# This is especially recommended for binary packages to ensure reproducibility, and is more +# commonly ignored for libraries. +# https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control +# poetry.lock +# poetry.toml + +# pdm +# Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control. +# pdm recommends including project-wide configuration in pdm.toml, but excluding .pdm-python. +# https://pdm-project.org/en/latest/usage/project/#working-with-version-control +# pdm.lock +# pdm.toml +.pdm-python +.pdm-build/ + +# pixi +# Similar to Pipfile.lock, it is generally recommended to include pixi.lock in version control. +# pixi.lock +# Pixi creates a virtual environment in the .pixi directory, just like venv module creates one +# in the .venv directory. It is recommended not to include this directory in version control. +.pixi + +# PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm +__pypackages__/ + +# Celery stuff +celerybeat-schedule +celerybeat.pid + +# Redis +*.rdb +*.aof +*.pid + +# RabbitMQ +mnesia/ +rabbitmq/ +rabbitmq-data/ + +# ActiveMQ +activemq-data/ + +# SageMath parsed files +*.sage.py + +# Environments +.env +.envrc +.venv +env/ +venv/ +ENV/ +env.bak/ +venv.bak/ + +# Spyder project settings +.spyderproject +.spyproject + +# Rope project settings +.ropeproject + +# mkdocs documentation +/site + +# mypy +.mypy_cache/ +.dmypy.json +dmypy.json + +# Pyre type checker +.pyre/ + +# pytype static type analyzer +.pytype/ + +# Cython debug symbols +cython_debug/ + +# PyCharm +# JetBrains specific template is maintained in a separate JetBrains.gitignore that can +# be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore +# and can be added to the global gitignore or merged into this file. For a more nuclear +# option (not recommended) you can uncomment the following to ignore the entire idea folder. +# .idea/ + +# Abstra +# Abstra is an AI-powered process automation framework. +# Ignore directories containing user credentials, local state, and settings. +# Learn more at https://abstra.io/docs +.abstra/ + +# Visual Studio Code +# Visual Studio Code specific template is maintained in a separate VisualStudioCode.gitignore +# that can be found at https://github.com/github/gitignore/blob/main/Global/VisualStudioCode.gitignore +# and can be added to the global gitignore or merged into this file. However, if you prefer, +# you could uncomment the following to ignore the entire vscode folder +# .vscode/ + +# Ruff stuff: +.ruff_cache/ + +# PyPI configuration file +.pypirc + +# Marimo +marimo/_static/ +marimo/_lsp/ +__marimo__/ + +# Streamlit +.streamlit/secrets.toml \ No newline at end of file diff --git a/BloodBash b/BloodBash.py old mode 100755 new mode 100644 similarity index 99% rename from BloodBash rename to BloodBash.py index 8df25aa..9fa3431 --- a/BloodBash +++ b/BloodBash.py @@ -1,4 +1,5 @@ #!/usr/bin/env python3 + import json import os import sys @@ -18,7 +19,10 @@ import xml.etree.ElementTree as ET from pathlib import Path import traceback +import zipfile + __version__ = "1.3.1" + console = Console() # ──────────────────────────────────────────────── # Severity Scoring @@ -72,9 +76,9 @@ def print_intro_banner(mode_str): [red] :: :::: :: :::: ::::: :: ::::: :: :::: :: :: :::: :: ::: :::: :: :: :::[/red] [red]:: : :: : :: : : : : : : : : :: : : :: : :: : : : :: : : : : :[/red] -Parses SharpHound & AzureHound JSON files → finds AD/Azure attack paths & misconfigurations +Parses SharpHound, AzureHound, and BloodHound-Python JSON files → finds AD/Azure attack paths & misconfigurations Mode: [cyan]{mode_str}[/cyan] -Supports both Active Directory (SharpHound) and Azure AD (AzureHound) data. +Supports both Active Directory (SharpHound/BloodHound-Python) and Azure AD (AzureHound) data. For authorized security testing / red teaming only. Use --help for all options. """, @@ -188,6 +192,17 @@ def print_abuse_panel(vuln_type: str): def load_json_dir(directory, debug=False): nodes = {} try: + path_obj = Path(directory) + if path_obj.suffix.lower() == '.zip': + if debug: + print(f"Extracting {path_obj.name}...") + + extract_to = path_obj.parent / path_obj.stem + + with zipfile.ZipFile(path_obj, 'r') as zip_ref: + zip_ref.extractall(extract_to) + + directory = str(extract_to) files = [f for f in os.listdir(directory) if f.lower().endswith('.json')] except FileNotFoundError: console.print(f"[yellow]Warning: Directory '{directory}' not found. Skipping.[/yellow]") @@ -1484,11 +1499,11 @@ def export_to_dot(G, dot_path, domain_filter=None): console.print(f"[dim]Render with: dot -Tpng {dot_path} -o graph.png[/dim]") # ──────────────────────────────────────────────── -# Main with +# Main execution # ──────────────────────────────────────────────── def main(): parser = argparse.ArgumentParser(description="BloodBash - Advanced BloodHound & AzureHound Offline Analyzer") - parser.add_argument('directory', nargs='?', default='.', help='Path to SharpHound & AzureHound JSON files') + parser.add_argument('directory', nargs='?', default='.', help='Path to SharpHound & AzureHound JSON files or zip archive.') parser.add_argument('--shortest-paths', action='store_true') parser.add_argument('--dangerous-permissions', action='store_true') parser.add_argument('--adcs', action='store_true') diff --git a/test_bloodbash.py b/test_bloodbash.py index 60ee784..81dd6d0 100755 --- a/test_bloodbash.py +++ b/test_bloodbash.py @@ -11,7 +11,7 @@ from rich.console import Console # Load the BloodBash script by executing it in a controlled namespace bloodbash_globals = {} -with open("BloodBash", "r") as f: +with open("BloodBash.py", "r") as f: exec(f.read(), bloodbash_globals) class TestBloodBash(unittest.TestCase): def setUp(self):