Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
| BLOODHOUND_URI | Yes | The URI of your Neo4j database | bolt://localhost:7687 |
| BLOODHOUND_PASSWORD | Yes | Your Neo4j password | bloodhound |
| BLOODHOUND_USERNAME | Yes | Your Neo4j username | neo4j |
Schema
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
| prompt |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
No resources | |
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| tool://run_query | 執行Cypher查詢並返回結果 Args: query: Cypher查詢字符串 parameters: 查詢參數字典 Returns: 查詢結果列表 |
| tool://users_with_most_local_admin_rights | [WIP] Users with Most Local Admin Rights |
| tool://computers_with_most_sessions | [WIP] Computers with Most Sessions [Required: sessions] |
| tool://users_with_most_sessions | [WIP] Users with Most Sessions [Required: sessions] |
| tool://non_privileged_users_with_dangerous_permissions | List non-privileged user(s) with dangerous permissions to any node type |
| tool://route_non_privileged_users_with_dangerous_permissions | Route non-privileged user(s) with dangerous permissions to any node type |
| tool://users_with_most_cross_domain_sessions | [WIP] Users with most cross-domain sessions [Required: sessions] |
| tool://list_high_value_targets | List high value target(s) |
| tool://list_domains | List domain(s) |
| tool://list_domain_trusts | List domain trust(s) |
| tool://list_enabled_users | List enabled user(s) |
| tool://list_enabled_users_with_email | List enabled user(s) with an email address |
| tool://list_non_managed_service_accounts | List non-managed service account(s) |
| tool://list_enabled_principals_with_unconstrained_delegation | List enabled principal(s) with "Unconstrained Delegation" |
| tool://list_enabled_principals_with_constrained_delegation | List enabled principal(s) with "Constrained Delegation" |
| tool://list_domain_controllers | List domain controller(s) |
| tool://list_domain_computers | List domain computer(s) |
| tool://list_certificate_authority_servers | List Certificate Authority server(s) [Required: Certipy] |
| tool://list_privileges_for_certificate_authority_servers | [WIP] List privileges for Certificate Authority server(s) [Required: Certipy] |
| tool://list_all_certificate_templates | List all Certificate Template(s) [Required: Certipy] |
| tool://find_enabled_certificate_templates | Find enabled Certificate Template(s) [Required: Certipy] |
| tool://list_all_enrollment_rights_for_certificate_templates | [WIP] List all Enrollment Right(s) for Certificate Template(s) |
| tool://list_computers_without_laps | List computer(s) WITHOUT LAPS |
| tool://list_network_shares_ignoring_sysvol | List network share(s), ignoring SYSVOL |
| tool://list_all_groups | List all group(s) |
| tool://list_all_gpos | List all GPO(s) |
| tool://list_all_principals_with_local_admin_permission | List all principal(s) with "Local Admin" permission |
| tool://list_all_principals_with_rdp_permission | List all principal(s) with "RDP" permission |
| tool://list_all_principals_with_sqladmin_permission | List all principal(s) with "SQLAdmin" permission |
| tool://list_all_user_sessions | List all user session(s) [Required: sessions] |
| tool://list_all_users_with_description_field | List all user(s) with description field |
| tool://list_all_enabled_users_with_userpassword_attribute | List all enabled user(s) with "userpassword" attribute |
| tool://list_all_enabled_users_with_password_never_expires | List all enabled user(s) with "password never expires" attribute |
| tool://list_all_enabled_users_with_password_never_expires_not_changed_last_year | List all enabled user(s) with "password never expires" attribute and not changed in last year |
| tool://list_all_enabled_users_with_no_password_required | List all enabled user(s) with "don't require passwords" attribute |
| tool://list_all_enabled_users_never_logged_in | List all enabled user(s) but never logged in |
| tool://list_all_enabled_users_logged_in_last_90_days | List all enabled user(s) that logged in within the last 90 days |
| tool://list_all_enabled_users_set_password_last_90_days | List all enabled user(s) that set password within the last 90 days |
| tool://list_all_enabled_users_with_foreign_group_membership | List all enabled user(s) with foreign group membership |
| tool://list_all_owned_users | List all owned user(s) |
| tool://list_all_owned_enabled_users | List all owned & enabled user(s) |
| tool://list_all_owned_enabled_users_with_email | List all owned & enabled user(s) with an email address |
| tool://list_all_owned_enabled_users_with_local_admin_and_sessions | List all owned & enabled user(s) with "Local Admin" permission, and any active sessions and their group membership(s) |
| tool://list_all_owned_enabled_users_with_rdp_and_sessions | List all owned & enabled user(s) with "RDP" permission, and any active sessions and their group membership(s) |
| tool://list_all_owned_enabled_users_with_sqladmin | List all owned & enabled user(s) with "SQLAdmin" permission |
| tool://list_all_owned_computers | List all owned computer(s) |
| tool://route_all_owned_enabled_group_memberships | Route all owned & enabled group membership(s) |
| tool://route_all_owned_enabled_non_privileged_group_memberships | Route all owned & enabled non-privileged group(s) membership |
| tool://route_all_owned_enabled_privileged_group_memberships | Route all owned & enabled privileged group(s) membership |
| tool://route_all_owned_enabled_users_with_dangerous_rights_to_any_node | Route all owned & enabled user(s) with Dangerous Rights to any node type |
| tool://route_all_owned_enabled_users_with_dangerous_rights_to_groups | Route all owned & enabled user(s) with Dangerous Rights to group(s) |
| tool://route_all_owned_enabled_users_with_dangerous_rights_to_users | Route all owned & enabled user(s) with Dangerous Rights to user(s) |
| tool://route_from_owned_enabled_users_to_unconstrained_delegation | Route from owned & enabled user(s) to all principals with "Unconstrained Delegation" |
| tool://route_from_owned_enabled_principals_to_high_value_targets | Route from owned & enabled principals to high value target(s) |
| tool://find_all_owned_users_with_privileged_access_to_azure_tenancy | Owned: [WIP] Find all owned user with privileged access to Azure Tenancy (Required: azurehound) |
| tool://find_all_owned_users_where_group_grants_azure_privileged_access | Owned: [WIP] Find all owned user where group membership grants privileged access to Azure Tenancy (Required: azurehound) |
| tool://find_all_owners_of_azure_applications_with_dangerous_rights | Owned: [WIP] Find all Owners of Azure Applications with Owners to Service Principals with Dangerous Rights (Required: azurehound) |
| tool://find_all_owned_groups_granting_network_share_access | Find all owned groups that grant access to network shares |
| tool://route_all_sessions_to_computers_without_laps | Route all sessions to computers WITHOUT LAPS (Required: sessions) |
| tool://route_all_sessions_to_computers | Route all sessions to computers (Required: sessions) |
| tool://list_enabled_non_privileged_users_with_local_admin | List enabled non-privileged user(s) with "Local Admin" permission |
| tool://list_enabled_non_privileged_users_with_local_admin_and_sessions | List enabled non-privileged user(s) with "Local Admin" permission, and any active sessions and their group membership(s) |
| tool://list_enabled_non_privileged_users_with_rdp | List enabled non-privileged user(s) with "RDP" permission |
| tool://list_enabled_non_privileged_users_with_rdp_and_sessions | List enabled non-privileged user(s) with "RDP" permission, and any active sessions and their group membership(s) |
| tool://list_enabled_non_privileged_users_with_sqladmin | List enabled non-privileged user(s) with "SQLAdmin" permission |
| tool://list_all_domain_users_group_memberships | List all "Domain Users" group membership(s) |
| tool://list_all_authenticated_users_group_memberships | List all "Authenticated Users" group membership(s) |
| tool://find_all_enabled_as_rep_roastable_users | Find all enabled AS-REP roastable user(s) |
| tool://find_all_enabled_kerberoastable_users | Find all enabled kerberoastable user(s) |
| tool://route_non_privileged_users_with_dangerous_rights_to_users | Route non-privileged user(s) with dangerous rights to user(s) [HIGH RAM] |
| tool://route_non_privileged_users_with_dangerous_rights_to_groups | Route non-privileged user(s) with dangerous rights to group(s) [HIGH RAM] |
| tool://route_non_privileged_users_with_dangerous_rights_to_computers | Route non-privileged user(s) with dangerous rights to computer(s) [HIGH RAM] |
| tool://route_non_privileged_users_with_dangerous_rights_to_gpos | Route non-privileged user(s) with dangerous rights to GPO(s) [HIGH RAM] |
| tool://route_non_privileged_users_with_dangerous_rights_to_privileged_nodes | Route non-privileged user(s) with dangerous rights to privileged node(s) [HIGH RAM] |
| tool://route_non_privileged_computers_with_dangerous_rights_to_users | Route non-privileged computer(s) with dangerous rights to user(s) [HIGH RAM] |
| tool://route_non_privileged_computers_with_dangerous_rights_to_groups | Route non-privileged computer(s) with dangerous rights to group(s) [HIGH RAM] |
| tool://route_non_privileged_computers_with_dangerous_rights_to_computers | Route non-privileged computer(s) with dangerous rights to computer(s) [HIGH RAM] |
| tool://route_non_privileged_computers_with_dangerous_rights_to_gpos | Route non-privileged computer(s) with dangerous rights to GPO(s) [HIGH RAM] |
| tool://route_non_privileged_computers_with_dangerous_rights_to_privileged_nodes | Route non-privileged computer(s) with dangerous rights to privileged node(s) [HIGH RAM] |
| tool://list_esc1_vulnerable_certificate_templates | List ESC1 vulnerable Certificate Template(s) [Required: Certipy] |
| tool://list_esc2_vulnerable_certificate_templates | List ESC2 vulnerable Certificate Template(s) [Required: Certipy] |
| tool://list_esc3_vulnerable_certificate_templates | List ESC3 vulnerable Certificate Template(s) [Required: Certipy] |
| tool://list_esc4_vulnerable_certificate_templates | List ESC4 vulnerable Certificate Template(s) [Required: Certipy] |
| tool://list_esc6_vulnerable_certificate_templates | List ESC6 vulnerable Certificate Template(s) [Required: Certipy] |
| tool://list_esc7_vulnerable_certificate_templates | List ESC7 vulnerable Certificate Template(s) [Required: Certipy] |
| tool://list_esc8_vulnerable_certificate_templates | List ESC8 vulnerable Certificate Template(s) [Required: Certipy] |
| tool://list_all_cross_domain_user_sessions_and_memberships | List all cross-domain user session(s) and user group membership(s) |
| tool://list_privileged_users_without_protected_users | List privileged user(s) without "Protected Users" group membership |
| tool://list_custom_privileged_groups | List custom privileged group(s) |
| tool://list_enabled_svc_accounts_with_privileged_group_memberships | List all enabled SVC account(s) with privileged group membership(s) |
| tool://route_privileged_users_with_sessions_to_non_privileged_computers | Route all privileged user(s) with sessions to non-privileged computer(s) [Required: sessions] |
| tool://find_allshortestpaths_with_dangerous_rights_to_adminsdholder | Find allshortestpaths with dangerous rights to AdminSDHolder object |
| tool://find_allshortestpaths_with_dcsync_to_domain | Find allshortestpaths with DCSync to domain object |
| tool://find_allshortestpaths_with_shadow_credential_permission | Find allshortestpaths with Shadow Credential permission to principal(s) |
| tool://list_all_tenancy | List all Tenancy (Required: azurehound) |
| tool://list_all_aad_groups_synchronized_with_ad | [WIP] List all AAD Group(s) that are synchronized with AD (Required: azurehound) |
| tool://list_all_principals_used_for_syncing_ad_and_aad | [WIP] List all principal(s) used for syncing AD and AAD |
| tool://list_all_enabled_azure_users | List all enabled Azure User(s) (Required: azurehound) |
| tool://list_all_enabled_azure_users_group_memberships | List all enabled Azure User(s) Azure Group membership(s) (Required: azurehound) |
| tool://list_all_ad_principals_with_edges_to_azure_principals | [WIP] List all AD principal(s) with edge(s) to Azure principal(s) (Required: azurehound) |
| tool://list_all_principals_with_privileged_access_to_azure_tenancy | [WIP] List all principal(s) with privileged access to Azure Tenancy (Required: azurehound) |
| tool://route_principals_to_azure_applications_and_service_principals | [WIP] Route all principal(s) that have control permissions to Azure Application(s) running as Azure Service Principals (AzSP), and route from privileged ASP to Azure Tenancy (Required: azurehound) |
| tool://route_user_principals_to_azure_service_principals | [WIP] Route all user principal(s) that have control permissions to Azure Service Principals (AzSP), and route from AzSP to principal(s) (Required: azurehound) |
| tool://route_azure_users_with_dangerous_rights_to_users | [WIP] Route from Azure User principal(s) that have dangerous rights to Azure User and User principal(s) (Required: azurehound) |
| tool://route_principals_to_azure_vm | [WIP] Route from principal(s) to Azure VM (Required: azurehound) |
| tool://route_principals_to_global_administrators | [WIP] Route from principal(s) to principal(s) with Global Administrator permissions (Required: azurehound) |