BloodHound analyzes Active Directory relationships and maps the shortest path to Domain Admin.
Collecting Data
# SharpHound — collect from domain
./SharpHound.exe -c All
# Python (no execution on target required)
bloodhound-python -u user -p pass -d corp.local -dc dc.corp.local -c All
Analyzing Results
After uploading ZIP files to BloodHound GUI:
- Find Shortest Path to Domain Admin
- Look for ACL Abuse paths
- Check Kerberoastable Users
Tip: BloodHound saves hours of manual analysis and reveals non-obvious attack paths.