SharpHound v1.1 releases: C# Rewrite of the BloodHound Ingestor
by
do son
·
Published June 17, 2020
· Updated August 4, 2022
SharpHound – C# Rewrite of the BloodHound Ingestor
Usage
CollectionMethod – The collection method to use. This parameter accepts a comma-separated list of values. Has the following potential values (Default: Default):
Default – Performs group membership collection, domain trust collection, local group collection, session collection, ACL collection, object property collection, and SPN target collectionGroup – Performs group membership collectionLocalAdmin – Performs local admin collectionRDP – Performs Remote Desktop Users collectionDCOM – Performs Distributed COM Users collectionPSRemote – Performs Remote Management Users collectionGPOLocalGroup – Performs local admin collection using Group Policy ObjectsSession – Performs session collectionComputerOnly – Performs local admin, RDP, DCOM and session collectionLoggedOn – Performs privileged session collection (requires admin rights on target systems)Trusts – Performs domain trust enumerationACL – Performs collection of ACLsContainer – Performs collection of ContainersDcOnly – Performs collection using LDAP only. Includes Group, Trusts, ACL, ObjectProps, Container, and GPOLocalGroup.All – Performs all Collection Methods except GPOLocalGroup
Domain – Search a particular domain. Uses your current domain if null (Default: null)Stealth – Performs stealth collection methods. All stealth options are single-threaded.ExcludeDomainControllers – Excludes domain controllers from enumeration (avoids Microsoft ATA flags 🙂 )ComputerFile – Specify a file to load computer names/IPs fromLdapFilter – LDAP Filter to append to searchOverrideUserName – Overrides user name for session enumeration (advanced)RealDNSName – Overrides DNS name for API callsCollectAllProperties – Collect all string LDAP properties instead of a subsetWindowsOnly – Limit computer collection to systems with an operating system that matches *Windows*
Loop – Loop computer collectionsLoopDuration – How long to loop forLoopInterval – Duration to wait between loops
DomainController – Specify which Domain Controller to connect to (Default: null)LdapPort – Specify what port LDAP lives on (Default: 0)SecureLdap – Connect to AD using Secure LDAP instead of regular LDAP. Will connect to port 636 by default.LdapUsername – Username to connect to LDAP with. Requires the LDAPPassword parameter as well (Default: null)LdapPassword – Password for the user to connect to LDAP with. Requires the LDAPUser parameter as well (Default: null)DisableKerberosSigning – Disables LDAP encryption. Not recommended.
PortScanTimeout – Specifies the timeout for ping requests in milliseconds (Default: 2000)SkipPortScan – Instructs Sharphound to skip ping requests to see if systems are upThrottle – Adds a delay after each request to a computer. Value is in milliseconds (Default: 0)Jitter – Adds a percentage jitter to throttle. (Default: 0)
OutputDirectory – Folder in which to store JSON files (Default: .)OutputPrefix – Prefix to add to your JSON files (Default: “”)NoZip – Don’t compress JSON files to the zip file. Leaves JSON files on disk. (Default: false)EncryptZip – Add a randomly generated password to the zip file.ZipFileName – Specify the name of the zip fileRandomizeFilenames – Randomize output file namesPrettyJson – Outputs JSON with an indentation on multiple lines to improve readability. The tradeoff is increased file size.DumpComputerStatus – Dumps error codes from connecting to computers
CacheFileName – Filename for the Sharphound cache. (Default: .bin)NoSaveCache – Don’t save the cache file to disk. Without this flag, .bin will be dropped to diskInvalidateCache – Invalidate the cache file and build a new cache
StatusInterval – Interval to display progress during enumeration in milliseconds (Default: 30000)
Changelog v1.1
Updated to support BloodHound 4.2
Swapped Utf8Json with Newtonsoft
Lots of fixes for bugs
