creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-13 22:54:53 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d5f3fa32486ea335db802d68fe2147fa2da69583
Anthropic-Cybersecurity-Skills/skills/exploiting-active-directory-with-bloodhound/references/api-reference.md
T
mukul975 c21af3347e Complete folder anatomy for all 649 cybersecurity skills + update LICENSE to Mahipal 
- Add scripts/agent.py and references/api-reference.md to all remaining skills
- Update all 648 LICENSE files: copyright now reads 'Mahipal'
- Add implementing-security-monitoring-with-datadog (new skill with full anatomy)
- All 649 skills now have: SKILL.md, LICENSE, scripts/agent.py, references/api-reference.md
2026-03-11 00:22:12 +01:00

2.3 KiB
Raw Blame History

API Reference: Active Directory Analysis with BloodHound

SharpHound — Data Collection

Syntax

SharpHound.exe -c All -d domain.local
SharpHound.exe -c DCOnly --ldapusername user --ldappassword pass

Collection Methods

Flag Data Collected
All Everything below
Default Group, Session, Trusts, ACL, ObjectProps
DCOnly LDAP-only (no sessions)
Session Active sessions
ACL Access control lists
ObjectProps User/computer properties

bloodhound-python — Cross-Platform

Syntax

bloodhound-python -d domain.local -u user -p pass -c all --zip -ns 10.10.10.1

Options

Flag Description
-d Domain name
-u Username
-p Password
-c Collection method
-ns Nameserver (DC IP)
--zip Output as ZIP

Neo4j Cypher Queries

Shortest Path to Domain Admins

MATCH p=shortestPath(
    (u:User {owned:true})-[*1..]->(g:Group {name:'DOMAIN ADMINS@DOMAIN.LOCAL'})
) RETURN p

Kerberoastable Users

MATCH (u:User) WHERE u.hasspn=true AND u.enabled=true
RETURN u.name, u.serviceprincipalnames

Unconstrained Delegation

MATCH (c:Computer {unconstraineddelegation:true})
RETURN c.name, c.operatingsystem

DCSync Rights

MATCH p=(u)-[:GetChanges|GetChangesAll]->(d:Domain)
RETURN u.name, d.name

AS-REP Roastable

MATCH (u:User {dontreqpreauth:true})
RETURN u.name, u.enabled

BloodHound JSON Format

Users JSON

{
  "data": [{
    "Properties": {
      "name": "USER@DOMAIN.LOCAL",
      "enabled": true,
      "admincount": true,
      "hasspn": false
    },
    "Aces": [],
    "MemberOf": []
  }]
}

Neo4j Python Driver

Connection

from neo4j import GraphDatabase
driver = GraphDatabase.driver("bolt://localhost:7687", auth=("neo4j", "bloodhound"))
with driver.session() as session:
    result = session.run("MATCH (n:User) RETURN count(n)")

BloodHound CE API

Authentication

POST https://bloodhound:8080/api/v2/login
Content-Type: application/json

{"login_method": "secret", "secret": "api-key-here"}

Search

GET https://bloodhound:8080/api/v2/search?q=admin
Authorization: Bearer {token}
Reference in New Issue View Git Blame Copy Permalink