StarHound - CLI import tool for SharpHound/AzureHound data

This is about StarHound Importer tool on GitHub.

What?

I assume everyone who would stumble upon this article would know what all those *Hound tools are about but let’s take it briefly from the top:

  • SharpHound is C# CLI application to collect objects and their permissions from Active Directory
  • AzureHound is SharpHound’s cloud counterpart written in Golang used to collect objects and permissions from Azure Active Directory and Azure Resource Manager

Now, BloodHound is a desktop application built in Electron JavaScript framework that visualizes data collected by the 2 tools above. It uses neo4j database for storing its data and contains logic to setup DB indexes, prebuilt queries and mostly amazing visualizations of attack paths in your AD and Azure. The tool also includes logic to import data from Sharp and Azure hounds into neo4j. And here’s the thing, you don’t really have to use BloodHound to analyze your AD and AAD data. You can interact with neo4j directly. There has been many articles and tools providing Cypher queries (neo4j’s query language) to run directly on the DB and gain more insight into BloodHound data, e.g.:

Why?

BloodHound for all its perks and fanciness is quite heavy application, not to talk about the fact you can’t really use it on GUI-less server. There is already project for importing BloodHound data - bloodhound-import written in Python. It’s great but it tries to reproduce logic written in JavaScript desktop app in Python which, of course, brings additional implementation overhead and makes it harder trying to keep up with the BloodHound project. It’s currently supporting BloodHound version 3 while there’s already BloodHound 4.2. Initially, I’ve tried to update bloodhound-import’s code to be compatible with latest BloodHound but when I was almost ready to create a pull request, new BloodHound was introduced.

That made me realize I won’t have time to keep up with BloodHound. Yet, my import files are large making BloodHound stuck and I don’t have GUI server so I still need some CLI import tool. For this reason, I decided to butcher BloodHound’s code and just write import tool in JavaScript that uses as much of BloodHound project’s code as possible.

Unfortunately, BloodHound’s GUI-dependent code or my JavaScript knowledge allowed me to only reuse 2 unmodified files from the original repository. Still, it took me only fraction of time from when I tried updating bloodhound-import. Let’s see if I’ll be able to keep up with BloodHound updates.


If I’ve missed anything on the topic or just want to discuss, I’m here: @malacupa