GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → seajaysec → Cypheroth

seajaysec / Cypheroth

Licence: bsd-2-clause
Automated, extensible toolset that runs cypher queries against Bloodhound's Neo4j backend and saves output to spreadsheets.

Programming Languages

shell
77523 projects

Labels

cybersecurityredteambash-scriptactive-directoryblueteam

Projects that are alternatives of or similar to Cypheroth

MurMurHash
This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform.
Stars: ✭ 79 (-55.87%)
Mutual labels:  cybersecurity, blueteam, redteam
NIST-to-Tech
An open-source listing of cybersecurity technology mapped to the NIST Cybersecurity Framework (CSF)
Stars: ✭ 61 (-65.92%)
Mutual labels:  cybersecurity, blueteam, redteam
github-watchman
Monitoring GitHub for sensitive data shared publicly
Stars: ✭ 60 (-66.48%)
Mutual labels:  cybersecurity, blueteam, redteam
Slack Watchman
Monitoring your Slack workspaces for sensitive information
Stars: ✭ 159 (-11.17%)
Mutual labels:  cybersecurity, redteam, blueteam
BTPS-SecPack
This repository contains a collection of PowerShell tools that can be utilized to protect and defend an environment based on the recommendations of multiple cyber security researchers at Microsoft. These tools were created with a small to medium size enterprise environment in mind as smaller organizations do not always have the type of funding a…
Stars: ✭ 33 (-81.56%)
Mutual labels:  active-directory, cybersecurity, blueteam
ad-privileged-audit
Provides various Windows Server Active Directory (AD) security-focused reports.
Stars: ✭ 42 (-76.54%)
Mutual labels:  active-directory, cybersecurity, blueteam
OSINTBookmarks
OSINT Bookmarks for Firefox / Chrome / Edge / Safari
Stars: ✭ 34 (-81.01%)
Mutual labels:  cybersecurity, blueteam, redteam
Gitlab Watchman
Monitoring GitLab for sensitive data shared publicly
Stars: ✭ 127 (-29.05%)
Mutual labels:  cybersecurity, redteam, blueteam
goblin
一款适用于红蓝对抗中的仿真钓鱼系统
Stars: ✭ 844 (+371.51%)
Mutual labels:  cybersecurity, blueteam, redteam
A Red Teamer Diaries
RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.
Stars: ✭ 382 (+113.41%)
Mutual labels:  cybersecurity, redteam, active-directory
1earn
个人维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup
Stars: ✭ 776 (+333.52%)
Mutual labels:  redteam, blueteam
Oscp Pentest Methodologies
备考 OSCP 的各种干货资料/渗透测试干货资料
Stars: ✭ 166 (-7.26%)
Mutual labels:  cybersecurity, redteam
Lockdoor Framework
🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources
Stars: ✭ 677 (+278.21%)
Mutual labels:  cybersecurity, redteam
Awesome Security Hardening
A collection of awesome security hardening guides, tools and other resources
Stars: ✭ 630 (+251.96%)
Mutual labels:  cybersecurity, blueteam
Hacker ezines
A collection of electronic hacker magazines carefully curated over the years from multiple sources
Stars: ✭ 72 (-59.78%)
Mutual labels:  redteam, blueteam
Snoop
Snoop — инструмент разведки на основе открытых данных (OSINT world)
Stars: ✭ 886 (+394.97%)
Mutual labels:  redteam, blueteam
Ultimateapplockerbypasslist
The goal of this repository is to document the most common techniques to bypass AppLocker.
Stars: ✭ 1,186 (+562.57%)
Mutual labels:  redteam, blueteam
Malwarepersistencescripts
A collection of scripts I've written to help red and blue teams with malware persistence techniques.
Stars: ✭ 103 (-42.46%)
Mutual labels:  redteam, blueteam
Information Security Tasks
This repository is created only for infosec professionals whom work day to day basis to equip ourself with uptodate skillset, We can daily contribute daily one hour for day to day tasks and work on problem statements daily, Please contribute by providing problem statements and solutions
Stars: ✭ 108 (-39.66%)
Mutual labels:  redteam, blueteam
Theharvester
E-mails, subdomains and names Harvester - OSINT
Stars: ✭ 6,175 (+3349.72%)
Mutual labels:  redteam, blueteam
View All Similar Projects ➔

Cypheroth

Automated, extensible toolset that runs cypher queries against Bloodhound's Neo4j backend and saves output to spreadsheets.

cypheroth

Description

This is a bash script that automates running cypher queries against Bloodhound data stored in a Neo4j database.

I found myself re-running the same queries through the Neo4j web interface on multiple assessments and figured there must be an easier way. 😅

The list of cypher queries to run is fully extensible. The formatting example below shows how to add your own.

Please share any additional useful queries so I can add them to this project!

Fully tested to be working in Bash on Linux, macOS, and Windows

Demo

Cypheroth Demo (Rendered with termtosvg for your viewing pleasure)

Prereqs

  • The cypher-shell command comes bundled with Neo4j, and is required for this script to function
    • If Neo4j is installed and cypher-shell is not found, you may have an outdated version of Neo4j
    • The latest version can always be found at this location
    • On Kali, upgrade to the latest version using Neo4j's Debian repository
  • Optional: If the ssconvert command is present, the script will combine all .csv output to sheets within a .xls file
    • Install the gnumeric toolset with apt or brew to gain access to ssconvert

On Windows we recommend using WSL to run this script, while the neo4j database runs on Windows. You will just need to install the cypher-shell package in WSL (Linux).

Usage

Flags:

  -u Neo4J Username (Required)
  -p Neo4J Password (Required)
  -d Fully Qualified Domain Name (Required) (Case Sensitive)
  -a Bolt address (Optional) (Default: localhost:7687)
  -t Query Timeout (Optional) (Default: 30s)
  -v Verbose mode (Optional) (Default:FALSE)
  -h Help text and usage example (Optional)

Example with Defaults:

./cypheroth.sh -u neo4j -p BloodHound -d TESTLAB.LOCAL

Example with All Options:

./cypheroth.sh -u neo4j -p hunter2 -d BigTech.corp -a 10.0.0.1:7687 -t 5m -v true

Files are added to a subdirectory named after the FQDN.

Cypher Queries

There are nearly 60 queries in the script currently. This is a sample of the information you'll receive:

  • Full User Property List
  • Full Computer Property List
  • Full Domain Property List
  • Full OU Property List
  • Full GPO Property List
  • Full Group Property List
  • Computers with Admins
  • Computers without Admins
  • Kerberoastable users and computers where they are admins

To add additional queries, edit the queries array within cypheroth.sh and add a line using the following format:

Description;Cypher Query;Output File

If adding a query that requires the Domain value to be set, save it as $DOMAIN.

Example 1:

All Usernames;MATCH (u:User) RETURN u.name;usernames.csv

Example 2:

All Domain Admins;MATCH (u:User) MATCH (g:Group {name:'DOMAIN [email protected]$DOMAIN'}) RETURN u.displayname;domainAdmins.csv

Analyze several domains

If you need to analyze several domains, you can run multiple instances of Cypheroth in parallel with each one working on its domain. You can use the following script for example (10 in parallel).

#!/usr/bin/env bash
DOMAINS=(domA.example.net domB.example.net [...])
parallel -j10 --lb ./cypheroth.sh <args> -d {} ::: "${DOMAINS[@]}"

Troubleshooting

If you are running an outdated version of cypher-shell you may receive the following error:

DateTime is not supported as a return type in Bolt protocol version 1.
Please make sure driver supports at least protocol version 2.
Driver upgrade is most likely required.

To fix, update Neo4j to the latest version.

Author

Chris Farrell (@seajay)

Acknowledgments

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].