Expand description
RustHound-CE is a cross-platform and cross-compiled BloodHound collector tool written in Rust, making it compatible with Linux, Windows, and macOS. It therefore generates all the JSON files that can be analyzed by BloodHound Community Edition. This version is only compatible with BloodHound Community Edition. The version compatible with BloodHound Legacy can be found on NeverHack’s github.
You can either run the binary:
ⓘ
---------------------------------------------------
Initializing RustHound-CE at 13:37:00 UTC on 01/12/23
Powered by @g0h4n_0
---------------------------------------------------
Active Directory data collector for BloodHound Community Edition.
g0h4n <https://twitter.com/g0h4n_0>
Usage: rusthound-ce [OPTIONS] --domain <domain>
Options:
-v... Set the level of verbosity
-h, --help Print help
-V, --version Print version
REQUIRED VALUES:
-d, --domain <domain> Domain name like: DOMAIN.LOCAL
OPTIONAL VALUES:
-u, --ldapusername <ldapusername> LDAP username, like: user@domain.local
-p, --ldappassword <ldappassword> LDAP password
-f, --ldapfqdn <ldapfqdn> Domain Controller FQDN like: DC01.DOMAIN.LOCAL or just DC01
-i, --ldapip <ldapip> Domain Controller IP address like: 192.168.1.10
-P, --ldapport <ldapport> LDAP port [default: 389]
-n, --name-server <name-server> Alternative IP address name server to use for DNS queries
-o, --output <output> Output directory where you would like to save JSON files [default: ./]
OPTIONAL FLAGS:
-c, --collectionmethod [<COLLECTIONMETHOD>]
Which information to collect. Supported: All (LDAP,SMB,HTTP requests), DCOnly (no computer connections, only LDAP requests). (default: All) [possible values: All, DCOnly]
--ldap-filter <ldap-filter>
Use custom ldap-filter default is : (objectClass=*)
--ldaps
Force LDAPS using for request like: ldaps://DOMAIN.LOCAL/
-k, --kerberos
Use Kerberos authentication. Grabs credentials from ccache file (KRB5CCNAME) based on target parameters for Linux.
--dns-tcp
Use TCP instead of UDP for DNS queries
-z, --zip
Compress the JSON files into a zip archive
--cache
Cache LDAP search results to disk (reduce memory usage on large domains)
--cache-buffer <cache_buffer>
Buffer size to use when caching [default: 1000]
--resume
Resume the collection from the last saved state
OPTIONAL MODULES:
--fqdn-resolver Use fqdn-resolver module to get computers IP address
Or build your own using the ldap_search() function:
ⓘ
let result = ldap_search(
&ldaps,
&Some(ip),
&Some(port),
&domain,
&ldapfqdn,
&username,
&password,
kerberos,
);
Re-exports§
pub use json::maker::make_result;
Modules§
- args
- Parsing arguments
- banner
- Launch and end banners
- enums
- Utils to extract data from ldap network packets
- json
- Utils to parse json output from ldap library
- ldap
- Run a LDAP enumeration and parse results
- objects
- All structure needed by RustHound-CE.
- utils
- All utils functions like timestamp, crypto etc
Structs§
- Search
Entry - Parsed search result entry.
Traits§
- Entry
Source - Used to iterate over LDAP search entries.
- Storage
Functions§
- ldap_
search - Function to request all AD values.
- prepare_
results_ from_ source