Skip to content
/ bh-query Public

Simple script that interacts with a BloodHound CE API to post user-generated (custom) Cypher queries to be used within the BloodHound CE web app.

License

CC0-1.0 license
1 star 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

gr0s4b1/bh-query

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
bh-query-tool.py
bh-query-tool.py
 
 
example_queries.json
example_queries.json
 
 

Repository files navigation

BloodHound CE Saved Query Tool

Simple script that interacts with a BloodHound CE API to post user-generated (custom) Cypher queries to be used within the BloodHound CE web app. The script will parse a JSON file containing the queries and post them to a BloodHound CE API.

⚠️ Important

You will need to obtain API credentials from within the application or credentials for a user with access to upload queries to use this script.

You have three options for implementing the credentials for use in the script:

  • Pass API credentials on the command line with the --id and --key arguments.
  • Pass the user and password in plaintext with the --user and --pass arguments.
  • Modify the script and place them in the provided hard-coded variables.

If the command line arguments for the API credentials are supplied, those will take precendence over the hard-coded variables.

Other Notes

  • The API endpoint is rate limited to 55 calls per second, which is why I implemented a short pause after the first 54 calls. You don't need to worry about this if you have less than 55 queries in your JSON file.
  • This may be obvious, but your queries can't have the same name. If they do, the API will respond with an error for that call. Name your queries with unique names to prevent any issues.
  • If this script is re-run with the same name, it appears to be safe. i.e. it will not overwrite queries with the same name or crash.

Arguments

--json-file		Path to the JSON file containing the queries
--endpoint 		Endpoint to post the queries to (e.g., 10.10.10.199:8080)
--key			Key for generating the bearer token
--id			ID for generating the bearer token

Example Usage

# Example with hardcoded credentials
python3 bh-query-tool.py --endpoint https://10.10.10.12:8080 --json-file user-queries.json 

# Example with id and key args
python3 bh-query-tool.py --endpoint https://10.10.10.12:8080 --json-file user-queries.json --id 8d2419e8-819d-4f5f-925d-a04ee817d78c --key V2h5IHdvdWxkIHlvdSBkZWNvZGUgdGhpcz8hPyE/ISEhISEhIQ==

Expected Format of JSON File (See example file in repo.)

{
    "queries": [
      {
        "name": "Domains",
        "query": "MATCH (d:Domain) RETURN d"
      }
    ]
}

If you'd like to expand on any functionality, PRs are open.

Thank you to SpectorOps for providing BloodHound CE to the community.

About

Simple script that interacts with a BloodHound CE API to post user-generated (custom) Cypher queries to be used within the BloodHound CE web app.

Topics

bloodhound cypher-query bloodhoundad-cypher-queries

Resources

Readme

License

CC0-1.0 license
Activity

Stars

1 star

Watchers

1 watching

Forks

1 fork
Report repository

Contributors 2

  •  
  •  

Languages