Error with goodhound.py when [0] == None

[thecasual]

Location: https://github.com/idnahacks/GoodHound/blob/main/goodhound.py#L185

When I run this code, I see that I have a few entries where the group is "None". Currently, I am doing this to resolve:

df = pd.DataFrame(allresults)
allresults = df[~df[0].isna()].values.tolist()

Error:

sorted(allresults, key=lambda i: (i[0], -i[5]))
Traceback (most recent call last):
  File "<string>", line 1, in <module>
TypeError: '<' not supported between instances of 'NoneType' and 'str'

Testing:

df = pd.DataFrame(allresults)
len(df[df[0].isna()])
4

[idnahacks]

Interesting, thanks for logging this.

I'll look into this now, but I'm curious how you have groups that are "None". Are you saying that you have groups with null names?

Can you try running the following in the neo4j console and let me know what comes back (scrub any sensitive values):
match (g:Group) where g.name IS NULL return g

[idnahacks]

I could update the main query to pull back the objectid as well as the name, and in cases where name is NONE replace name with the object ID.

[thecasual]

I am also curious to why I have groups with the value of "None". I ran the query and was returned 5 records matching this. Interesting. I'll dig into this.

[thecasual]

Pulling the objectid is not a bad idea and would fix my issue better then my "hack" I am using now.

[idnahacks]

I've just pushed a patch to the dev branch. Could you try it and let me know if it works? I think some AD objects don't have a name stored for some reason (e.g IIS_Usrs).
If this works I'll put something in to apply these names where they're available.

[thecasual]

@idnahacks I will try your patch tomorrow in my env. Thank for you providing this. Also, I appreciate this code base in general I see a lot of value in it.

[thecasual]

@idnahacks - I tested out the dev branch (389c959) and it works. I also went through and tested why I was getting the error. I set a break point here:

if name == None:

When I run with the default query I don't have an item where name == None, however I am using a custom query and this fix resolved all 5 of my occurrences. Thanks!

[idnahacks]

Ah I see. In your custom query if you tell it to pull the objectid as well that might help. I was debating whether to remove the option of entering a custom query as its main purpose was for me to use for debugging, but if there are other use cases for it in the real world I'll keep it in and make sure it's properly documented.

Thanks for letting me know about the outcome.

[thecasual]

@idnahacks To be honest with you, I probably shouldn't be using a custom query but I am taking what I am doing already in python and applying it against your project to see how it would work out. I think your query already does what I need it to do. So I may stop using my custom query. Not sure yet.

Thanks again for your response. Next time I will hopefully open a pull request instead a issue if you accept them.

[idnahacks]

I'm happy with either PRs or issues. I'm humbled that people are even using the tool in the first place :)