bloodhoundcli

Lets you quickly spin up BloodHound CE instances.

Download

wget https://github.com/SpecterOps/bloodhound-cli/releases/latest/download/bloodhound-cli-linux-amd64.tar.gz

Unpack

tar -xvzf bloodhound-cli-linux-amd64.tar.gz

Install

./bloodhound-cli install

Set graph_driver to `pg`

I learned in this Slack thread that certain features/queries work better when back end of BH uses postgres instead of neo4j. If that fits your use case, do this:

# Set the graph_driver variable
./bloodhound-cli config set graph_driver pg

# Then install
./bloodhound-cli install

Tip

You may need to install docker compose if you don't have it already:

sudo apt install docker-compose

Expose BloodHound externally (e.g. via firewall port-forward)

By default, BloodHound binds to 127.0.0.1:8080, which blocks external connections even if you have a firewall port-forward rule in place. To bind to all interfaces instead, set the BLOODHOUND_HOST environment variable via a .env file in the config directory:

echo "BLOODHOUND_HOST=0.0.0.0" >> ~/.config/bloodhound/.env

Then restart the stack:

./bloodhound-cli down
./bloodhound-cli up

Verify it worked — you should see 0.0.0.0:8080:8080 in the Ports column:

./bloodhound-cli running

Security note

Binding to 0.0.0.0 exposes BloodHound on all network interfaces of the host. Make sure your firewall rules restrict access to port 8080 to only your authorized test IPs.

Take docker containers down, then up

./bloodhound-cli down
./bloodhound-cli up

Uninstall an instance

./bloodhound-cli uninstall

Grab forgotten admin password

./bloodhound-cli config get default_password