Build BloodHound data collectors with OpenHound's standardized, reproducible collect-first and transform-later pipeline.
OpenHound is a standardized framework for building OpenGraph collectors and converters. Built on DLT (Data Load Tool), it provides a consistent workflow for collecting, processing, and converting data from any source into BloodHound-compatible graphs. OpenHound enforces a collect-first, convert-later pipeline. Raw data collected from a source is always stored before transformation and ensures reproducibility. Custom decorators simplify collector development with minimal boilerplate, while CLI commands and graph documentation are automatically generated for every source.
Follow the docs for setup, CLI usage, and collector development:
- Overview: OpenHound Documentation
-
Collect: OpenHound uses DLT to collect resources from various services. Resources are parsed using a Pydantic model and stored as JSONL/Parquet on disk during the collection phase.
-
Pre-process: A DuckDB database can be (optionally) populated to store resources for OpenGraph convertion. The database can be used as a lookup to find, for example, all resources a particular user/group has permissions to.
-
Convert: The raw resources are read from disk and converted to OpenGraph nodes and edges.
Extend OpenHound with pre-built extensions for other services. Additional collectors can be installed using pip extras.
| Name | Source repo |
|---|---|
| Github | https://github.com/SpecterOps/openhound-github |
| JAMF | https://github.com/SpecterOps/openhound-jamf |
| Okta | https://github.com/SpecterOps/openhound-okta |