Crate rusthound

source ·
Expand description

RustHound is a cross-platform and cross-compiled BloodHound collector tool, written in Rust. RustHound generate users,groups,computers,ous,gpos,containers,domains json files to analyze it with BloodHound application.

You can either run the binary:

---------------------------------------------------
Initializing RustHound at 13:37:00 UTC on 10/04/22
Powered by g0h4n from OpenCyber
---------------------------------------------------

RustHound
g0h4n https://twitter.com/g0h4n_0
Active Directory data collector for BloodHound.

USAGE:
    rusthound [FLAGS] [OPTIONS] --domain <domain>

FLAGS:
        --adcs              [MODULE] Use ADCS module to enumerate Certificate Templates, Certificate Authorities and
                            other configurations. (For the custom-built BloodHound version from @ly4k with PKI support)
        --dc-only           Collects data only from the domain controller. Will not try to retrieve CA
                            security/configuration or check for Web Enrollment.
        --dns-tcp           Use TCP instead of UDP for DNS queries
        --fqdn-resolver     [MODULE] Use fqdn-resolver module to get computers IP address
    -h, --help              Prints help information
        --ldaps             Prepare ldaps request. Like ldaps://G0H4N.LAB/
        --old-bloodhound    For ADCS only. Output result as BloodHound data for the original BloodHound version from
                            @BloodHoundAD without PKI support.
    -v                      Sets the level of verbosity
    -V, --version           Prints version information
    -z, --zip               RustHound will compress the JSON files into a zip archive

OPTIONS:
    -d, --domain <domain>                Domain name like: G0H4N.LAB
    -f, --ldapfqdn <ldapfqdn>            Domain Controler FQDN like: DC01.G0H4N.LAB
    -i, --ldapip <ldapip>                Domain Controller IP address
    -p, --ldappassword <ldappassword>    Ldap password to use
    -P, --ldapport <ldapport>            Ldap port, default is 389
    -u, --ldapusername <ldapusername>    Ldap username to use
    -n, --name-server <name-server>      Alternative IP address name server to use for queries
    -o, --dirpath <path>                 Path where you would like to save json files

Or build your own using the ldap_search() function:

let result = ldap_search(
   &ldaps,
   &ip,
   &port,
   &domain,
   &ldapfqdn,
   &username,
   &password,
);

Here is an example of how to use rusthound: demo

Modules

args
Parsing arguments
banner
Launch and end banners
enums
Utils to extract data from ldap network packets
errors
Errors management
json
Utils to parse json output from ldap library
ldap
Run a LDAP enumeration and parse results
modules
List of RustHound add-on modules

Structs

Error
RustHound error’s type
SearchEntry
Parsed search result entry.

Functions

ldap_search
Function to request all AD values.