Giter Club home page Giter Club logo

cypheroth's Introduction

cypheroth

Automated, extensible toolset that runs cypher queries against Bloodhound's Neo4j backend and saves output to csv.

cypheroth

Description

This is a bash script that automates running cypher queries against Bloodhound data stored in a Neo4j database.

I found myself re-running the same queries through the Neo4j web interface on multiple assessments and figured there must be an easier way. ๐Ÿ˜…

The list of cypher queries to run is fully extensible. The formatting example below shows how to add your own.

Please share any additional useful queries so I can add them to this project!

Prereqs

  • The cypher-shell command comes bundled with Neo4j, and is required for this script to function
    • If Neo4j is installed and cypher-shell is not found, you may have an outdated version of Neo4j
    • The latest version can always be found at this location
    • On Kali, upgrade to the latest version using Neo4j's Debian repository
  • Optional: If the ssconvert command is present, the script will combine all .csv output to sheets within a .xls file
    • Install the gnumeric toolset with apt or brew to gain access to ssconvert

Cypher Queries

The current query set requests the following information:

  • Full User Property List
  • Full Computer Property List
  • Full Domain Property List
  • Full OU Property List
  • Full GPO Property List
  • Full Group Property List
  • Computers with Admins
  • Computers without Admins
  • Groups with Computers and Admins
  • Group Admin Info
  • Users that are not AdminCount 1, have generic all, and no local admin
  • Users that are admin on 1+ machines, sorted by admin count
  • Kerberoastable users sorted by total machine admin count
  • Kerberoastable users and computers where they are admins
  • Computers that members of the Domain Users group can RDP to
  • Computers where users which can Return, if they belong to adm or svr accounts
  • Computer names where each domain user has derivative Admin privileges to
  • Users with paths to High Value groups
  • Every computer account that has local admin rights on other computers
  • Find which domain Groups are Admins to what computers
  • What permissions does Everyone/Authenticated users/Domain users/Domain computers have
  • All users with SPN in Domain Admin group, with enabled status and unconstrained delegation status displayed

To add additional queries, edit queries.txt and add a line using the following format:

Description;Cypher Query;Output File

Example: All Usernames;MATCH (u:User) RETURN u.name;usernames.csv

Troubleshooting

If you are running an oudated version of cypher-shell you may receive the following error:

DateTime is not supported as a return type in Bolt protocol version 1.
Please make sure driver supports at least protocol version 2.
Driver upgrade is most likely required.

To fix, update Neo4j to the latest version.

Author

Chris Farrell (@seajay)

Acknowledgments

cypheroth's People

Contributors

seajaysec avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.