Skip to content
Andy Robbins edited this page Aug 9, 2016 · 9 revisions

#Using the Interface

The BloodHound interface is designed to be intuitive and operationally focused. Because BloodHound is compiled as an Electron app, it is platform independent and runs on Windows, OSX, and Linux.

#Authentication

When you first open BloodHound, you are greeted by the logon prompt:

BloodHound logon prompt

The "Database URL" is the IP address and port where your neo4j database is running, and should be formatted as http://:7474/

The DB Username is the username for the neo4j database. The default username for a neo4j database is neo4j.

The DB Password is the password for the neo4j database. The default password for a neo4j database is neo4j. The password for the provided example database is BloodHound.

#Overview

Upon successful logon, BloodHound will draw any group(s) with the "Domain Admins" in their name, and show you the effective users that belong to the group(s):

BloodHound interface overview

Above, the BloodHound interface is split into 5 parts:

  1. Menu and search bar
  2. Graph drawing area
  3. Settings
  4. Zoom in/out and reset
  5. Raw cypher query

#1. Menu and search bar

BloodHound Menu

The search bar and menu are designed to be intuitive and operationally focused. The triple line in the top left will toggle the drop down for the 'Database Info', 'Node Info', and 'Queries' tabs.

The 'Database Info' tab shows basic information about your currently loaded database, including the number of users, computers, groups, and relationships (or edges). You may also perform basic DB management functions here, including logging out and switching DBs, as well as clearing (read: DELETING ALL INFORMATION FROM) your currently loaded DB (be careful!).

The 'Node Info' tab will display information about a node that you click on in the graph.

The 'Queries' tab will show the pre-built queries we include with BloodHound, as well as additional queries you can build in yourself. More information about this will be available later.

#2. Graph drawing area

This is the area where BloodHound will draw nodes and edges. Hitting ctrl will cycle though three options for displaying node labels: Default Threshold, Always Show, Never Show. You may click and hold a node to drag it to a different spot. You may also click a node, and BloodHound will populate the node info tab with information about that node.

#3. Settings

Settings

  1. Refresh - BloodHound will re-calculate and re-draw the current display.
  2. Export Graph - BloodHound can export the currently drawn graph to JSON format, or as a a PNG.
  3. Import Graph - BloodHound will draw an imported graph in JSON format.
  4. Upload Data - BloodHound will automatically detect and then ingest CSV formatted data. For more information on this, see CSV ingestion.
  5. Change Layout Type - Toggle between hierarchical (dagre) and force directed graph layouts.
  6. Settings - Alter node collapse behavior, and switch between low detail mode.

#4. Zoom in/out and reset

The plus sign (+) will zoom in. The minus sign (-) will zoom out. The center icon will reset the graph to the default zoom.

#5. Raw cypher query

BloodHound allows you to run custom cypher queries against the currently loaded neo4j database. For more information on this topic, see Cypher query language.