This tool simplifies the process of migrating/converting your Cypher queries from Legacy BloodHound to BloodHound CE (Community Edition). It automatically reformats legacy custom queries into the new BloodHound CE format and uploads them directly through the BloodHound CE API.
- Convert BloodHound Legacy queries to the BloodHound CE JSON format.
- Automatically upload reformatted queries to BloodHound CE via API.
- Support for rate-limited uploading to prevent API blocking.
- Detailed error handling and progress reporting during query uploads.
Update 12/01/2025 - Improved Script Features:
- Missing
categoryis set tonullautomatically instead of causing an error. - Missing query
nameis assigned a unique name in the format:Unnamed query <uuid>. - Queries with missing or empty query values are skipped with a message indicating why.
- Fetches variables in
propsfield, and replaces them in the query to be compatible with BloodHound CE. - Skips Queries with more than 1 query value.
- Logs failed uploads in failed_uploads.txt and skipped queries in skipped_queries.txt.
- Usage
- Getting the JWT Token from BloodHound CE
- Old vs New Query Format
- Support & Contribution
- Credits
- License
Make sure you have Python 3 installed on your system, along with the following Python libraries:
pip install requests argparseDownload the python script here:
- Convert and Upload Custom Queries
- Convert Only (Save to File Without Uploading)
- Upload Already Converted Custom Queries
- Upload to a Different BloodHound CE API URL
This command converts custom queries from the Legacy BloodHound format and uploads them directly to BloodHound CE using your JWT token.
python upload_bloodhound_queries.py --input-file bloodhound_legacy_customqueries.json --jwt-token YOUR_JWT_TOKENThis command converts custom queries without uploading them. The output is saved to a file in the new BloodHound CE format.
python upload_bloodhound_queries.py --input-file bloodhound_legacy_customqueries.json --convert-only --output-file newformat_customqueries.jsonIf you already have custom queries in the new BloodHound CE format and only need to upload them, use the --upload-only flag. This skips the conversion step:
python upload_bloodhound_queries.py --upload-only --input-file converted_custom_queries.json --jwt-token YOUR_JWT_TOKENBy default, the tool uses http://localhost:8080/api/v2/saved-queries as the API endpoint. If your BloodHound CE instance runs on a different port or URL, use the --api-url flag to customize:
python upload_bloodhound_queries.py --input-file newformat_customqueries.json \
--jwt-token YOUR_JWT_TOKEN \
--api-url "http://your-server:your-port/api/v2/saved-queries"To upload queries via the API, you'll need the JWT token from BloodHound CE. Here's how to get it:
- Open BloodHound CE and navigate to the API Explorer.
- Find the Get Self API request, click Try It Out, then Execute.
-
- Once the response loads, grab the JWT Token located in the
Authorization: Bearerheader. -
This tool converts the custom queries from Legacy BloodHound to the BloodHound CE JSON format automatically. Here’s an example of what that looks like:
{
"queries": [
{
"name": "Query Name",
"category": "Category",
"queryList": [
{
"final": true,
"query": "MATCH (n) RETURN n"
}
]
}
]
}[
{
"name": "Query Name",
"category": "Category",
"query": "MATCH (n) RETURN n"
}
]You no longer need to handle this manually! Just use the tool, and it will handle the conversion for you.
Enjoying my content? Show your support by sharing or starring my repositories!
You can also support me on buy me a ko-fi to fuel more awesome content:
💬 Have feedback or ideas? I’d love to hear your thoughts or suggestions!
Looking for a Pentester? I’m open for contracts and full-time opportunities – feel free to DM me!
- Make Bloodhound Cool Again: Migrating Custom Queries from Legacy BloodHound to BloodHound CE
- His bash scripts helped me getting started!
Tool developed with ❤️ by WafflesExploits.
This project is under the Apache License 2.0.