bloodhound-cli is a Python command-line tool designed to query and manage data from BloodHound with support for both Legacy (Neo4j) and Community Edition (CE) backends.
The CLI now features a clean, modular architecture that eliminates code duplication and follows best practices:
src/bloodhound_cli/
βββ core/
β βββ base.py # Abstract base class with common interface
β βββ legacy.py # Neo4j implementation
β βββ ce.py # HTTP API implementation
β βββ factory.py # Factory pattern for client creation
βββ main.py # CLI entry point
βββ tests/ # Comprehensive test suite
- Legacy (Neo4j): Full feature set with direct Neo4j queries
- Community Edition (CE): HTTP API integration with BloodHound CE
- Same commands work with both backends
- Automatic client selection based on
--editionflag - No code duplication - queries centralized in base classes
- Unit tests with mocks for isolated testing
- Integration tests with real BloodHound CE and GOAD data
- Docker-based test environment with realistic data
- User enumeration with domain filtering
- Computer enumeration with LAPS filtering
- Admin and high-value user detection
- Password policy analysis
- Session and access path queries
pipx install bloodhound-clipip install bloodhound-cligit clone https://github.com/ADScanPro/bloodhound-cli.git
cd bloodhound-cli
pip install -e .# Legacy (Neo4j)
bloodhound-cli --edition legacy user -d mydomain.local
# Community Edition (CE)
bloodhound-cli --edition ce user -d mydomain.local# All computers
bloodhound-cli --edition ce computer -d mydomain.local
# Filter by LAPS
bloodhound-cli --edition ce computer -d mydomain.local --laps truebloodhound-cli --edition ce admin -d mydomain.localbloodhound-cli --edition ce highvalue -d mydomain.localbloodhound-cli --edition legacy user -d mydomain.local \
--uri bolt://localhost:7687 \
--user neo4j \
--password mypasswordbloodhound-cli --edition ce user -d mydomain.local \
--base-url http://localhost:8080 \
--username admin \
--ce-password Bloodhound123!bloodhound-cli --edition ce --debug --verbose user -d mydomain.localpytest tests/unit/ -v# Requires BloodHound CE running
pytest tests/integration/ -v# Setup test environment with GOAD data
./scripts/setup-complete.sh
./scripts/test-with-goad-domains.sh- Queries defined once in base classes
- Legacy and CE implementations inherit common interface
- Changes propagate automatically to both backends
- Add new queries by implementing abstract methods
- Factory pattern handles client creation
- Clean separation of concerns
- Unit tests with mocks for fast feedback
- Integration tests with real data
- Docker-based test environment
- Clear separation between CLI, core logic, and implementations
- Type hints and documentation
- Follows Python best practices
bloodhound-cli/
βββ src/bloodhound_cli/
β βββ core/ # Core business logic
β βββ main.py # CLI entry point
β βββ __init__.py
βββ tests/ # Test suite
βββ scripts/ # Automation scripts
βββ test-data/ # Test data (GOAD)
- Add method to
BloodHoundClientbase class - Implement in both
BloodHoundLegacyClientandBloodHoundCEClient - Add CLI command in
main.py - Create tests in
tests/
- Unit Tests: Mock external dependencies
- Integration Tests: Real BloodHound CE with GOAD data
- CI/CD: Automated testing with Docker
The project includes comprehensive test data from GOAD (Game of Active Directory):
- north.sevenkingdoms.local: House Stark domain
- essos.local: Daenerys Targaryen domain
- sevenkingdoms.local: King's Landing domain
- Complete all Legacy queries for CE
- Add more advanced query capabilities
- Enhanced error handling and logging
- Performance optimizations
- Additional test coverage
This project is licensed under the MIT License.
- Fork the repository
- Create a feature branch
- Add tests for new functionality
- Ensure all tests pass
- Submit a pull request
For issues and questions:
- Create an issue on GitHub
- Check the test suite for usage examples
- Review the integration tests for setup guidance