Expand description
RustHound is a cross-platform and cross-compiled BloodHound collector tool, written in Rust. RustHound generate users,groups,computers,ous,gpos,containers,domains json files to analyze it with BloodHound application.
You can either run the binary:
---------------------------------------------------
Initializing RustHound at 13:37:00 UTC on 10/04/22
Powered by g0h4n from OpenCyber
---------------------------------------------------
RustHound
g0h4n https://twitter.com/g0h4n_0
Active Directory data collector for BloodHound.
Usage: rusthound_musl [OPTIONS] --domain <domain>
Options:
-v... Set the level of verbosity
-h, --help Print help
-V, --version Print version
REQUIRED VALUES:
-d, --domain <domain> Domain name like: DOMAIN.LOCAL
OPTIONAL VALUES:
-u, --ldapusername <ldapusername> LDAP username, like: user@domain.local
-p, --ldappassword <ldappassword> LDAP password
-f, --ldapfqdn <ldapfqdn> Domain Controler FQDN like: DC01.DOMAIN.LOCAL or just DC01
-i, --ldapip <ldapip> Domain Controller IP address like: 192.168.1.10
-P, --ldapport <ldapport> LDAP port [default: 389]
-n, --name-server <name-server> Alternative IP address name server to use for DNS queries
-o, --output <output> Output directory where you would like to save JSON files [default: ./]
OPTIONAL FLAGS:
--ldaps Force LDAPS using for request like: ldaps://DOMAIN.LOCAL/
-k, --kerberos Use Kerberos authentication. Grabs credentials from ccache file (KRB5CCNAME) based on target parameters for Linux.
--dns-tcp Use TCP instead of UDP for DNS queries
--dc-only Collects data only from the domain controller. Will not try to retrieve CA security/configuration or check for Web Enrollment
--old-bloodhound For ADCS only. Output result as BloodHound data for the original BloodHound version from @BloodHoundAD without PKI support
-z, --zip Compress the JSON files into a zip archive
OPTIONAL MODULES:
--fqdn-resolver Use fqdn-resolver module to get computers IP address
--adcs Use ADCS module to enumerate Certificate Templates, Certificate Authorities and other configurations.
(For the custom-built BloodHound version from @ly4k with PKI support)
Or build your own using the ldap_search() function:
let result = ldap_search(
&ldaps,
&ip,
&port,
&domain,
&ldapfqdn,
&username,
&password,
);
Here is an example of how to use rusthound:
Modules§
- args
- Parsing arguments
- banner
- Launch and end banners
- enums
- Utils to extract data from ldap network packets
- errors
- Errors management
- exec
- json
- Utils to parse json output from ldap library
- ldap
- Run a LDAP enumeration and parse results
- modules
- List of RustHound add-on modules
Structs§
- Error
- RustHound error’s type
- Search
Entry - Parsed search result entry.
Functions§
- ldap_
search - Function to request all AD values.