Jan 17 2025 |
Introducing BloodHound CLI
We created a new tool to help you install and manage BloodHound instances, BloodHound CLI!
GitHub – SpecterOps/bloodhound-cli
Written entirely in Go, this command-line tool can be cross-compiled to support Windows, macOS, and Linux, so you can use whichever operating system you like as your host system for BloodHound. You only need to have Docker installed.
BloodHound CLI dramatically simplifies installation and server management. You can use BloodHound CLI to pull logs and monitor your containers. Read on to learn more about a few of the specific commands.
$ ./bloodhound-cli
BloodHound CLI is a command line interface for managing BloodHound and
associated containers and services. Commands are grouped by their use.
Usage:
bloodhound-cli [command]
Available Commands:
completion Generate the autocompletion script for the specified shell
config Display or adjust the configuration
containers Manage BloodHound containers with subcommands
help Help about any command
install Builds containers and performs first-time setup of BloodHound
logs Fetch logs for BloodHound services
running Print a list of running BloodHound services
version Displays BloodHound CLI's version information
Flags:
-h, --help help for bloodhound-cli
Use "bloodhound-cli [command] --help" for more information about a command.
Installing BloodHound
Recently, we talked with some of our community members to learn about their experiences with BloodHound Community Edition. One problem they reported was retrieving the initial password for the default admin user. Previously, installing BloodHound required pulling down the Docker YML file, running the Docker Compose commands, and monitoring the output to grab the initial password.
Now, you only need to run ./bloodhound-cli install and wait. BloodHound CLI will pull the Docker Compose file (if it doesn’t exist), randomly generate an initial password, and then display the initial credentials at the end of the installation.
$ ./bloodhound-cli install
[+] Checking the status of Docker and the Compose plugin...
[+] Starting BloodHound environment installation
[+] Downloading the production YAML file from https://raw.githubusercontent.com/SpecterOps/BloodHound_CLI/refs/heads/main/docker-compose.yml
[+] Downloading the development YAML file from https://raw.githubusercontent.com/SpecterOps/BloodHound_CLI/refs/heads/main/docker-compose.dev.yml
graph-db Pulling
app-db Pulling
bloodhound Pulling
graph-db Pulled
app-db Pulled
bloodhound Pulled
Container bloodhound_cli-graph-db-1 Running
Container bloodhound_cli-app-db-1 Running
Container bloodhound_cli-bloodhound-1 Running
Container bloodhound_cli-app-db-1 Waiting
Container bloodhound_cli-graph-db-1 Waiting
Container bloodhound_cli-app-db-1 Healthy
Container bloodhound_cli-graph-db-1 Healthy
[+] BloodHound is ready to go!
[+] You can log in as `admin` with this password: JqNmrSuFWb5k8qj5EVL0f2OtUppzmZ4Y
[+] You can get your admin password by running: bloodhound-cli config get default_password
[+] You can access the BloodHound UI at: http://127.0.0.1:8080/ui/login
You can customize your installation by setting your initial password or adjusting the default username.
Customizing BloodHound
The config command is here to help you manage your server settings. As mentioned above, you can use it to set the initial username and password manually or set any other value you need in the bloodhound.config.json file. You can also use the config and config get commands to retrieve all config or individual values.
Wrap Up
Whether you’re starting fresh with BHCE or a veteran user, BloodHound CLI makes everything simpler. The tool can manage your configuration, monitor running containers, and pull logs. We will continue developing this new tool to simplify server updates and other maintenance tasks.
You can grab the first release, v0.1.0, here:
Release BloodHound CLI v0.1.0 · SpecterOps/bloodhound-cli
Introducing BloodHound CLI was originally published in Posts By SpecterOps Team Members on Medium, where people are continuing the conversation by highlighting and responding to this story.