Bloodhound is a graphical interface that allows you to visually map out the network. This tool along with SharpHound which similar to PowerView takes the user, groups, trusts etc. of the network and collects them into .json files to be used inside of Bloodhound.


apt-get install bloodhound


  1. Run neo4j console from the attacker machine
  2. Default credentials: neo4j:neo4j
  3. powershell -ep bypass
  4. . .\Downloads\Sharphound.ps1 — this Sharphound.ps1 script will need to be run from the victim machine
  5. run Invoke-Bloodhound -CollectionMethod All -Domain CONTROLLER.local -ZipFileName
  6. From here you will need to transfer the .zip file to your attacker machine.
    • This can be done using SCP if you are ssh’d in