Documentation
¶
Overview ¶
Package bloodhound provides BloodHound OpenGraph JSON output generation. This file contains edge property generators that match the PowerShell version.
Package bloodhound provides BloodHound OpenGraph JSON output generation.
Index ¶
- Variables
- func GetEdgeProperties(kind string, ctx *EdgeContext) map[string]interface{}
- func IsTraversableEdge(kind string) bool
- func ReadFrom(r io.Reader) ([]Node, []Edge, error)
- func ReadFromFile(filePath string) ([]Node, []Edge, error)
- func SchemaJSONWithDisabledPossibleEdges() ([]byte, error)
- func WriteToFile(filePath string, nodes []Node, edges []Edge) error
- type Edge
- type EdgeContext
- type EdgeEndpoint
- type EdgeProperties
- type Icon
- type Node
- type StreamingWriter
Constants ¶
This section is empty.
Variables ¶
var EdgeKinds = struct { MemberOf string IsMappedTo string Contains string Owns string ControlServer string ControlDB string ControlDBRole string ControlDBUser string ControlLogin string ControlServerRole string Impersonate string ImpersonateAnyLogin string ImpersonateDBUser string ImpersonateLogin string ChangePassword string AddMember string Alter string AlterDB string AlterDBRole string AlterServerRole string Control string ChangeOwner string AlterAnyLogin string AlterAnyServerRole string AlterAnyRole string AlterAnyDBRole string AlterAnyAppRole string GrantAnyPermission string GrantAnyDBPermission string LinkedTo string ExecuteAsOwner string IsTrustedBy string HasDBScopedCred string HasMappedCred string HasProxyCred string ServiceAccountFor string HostFor string ExecuteOnHost string TakeOwnership string DBTakeOwnership string CanExecuteOnServer string CanExecuteOnDB string Connect string ConnectAnyDatabase string ExecuteAs string HasLogin string GetTGS string GetAdminTGS string HasSession string LinkedAsAdmin string CoerceAndRelayTo string }{ MemberOf: "MSSQL_MemberOf", IsMappedTo: "MSSQL_IsMappedTo", Contains: "MSSQL_Contains", Owns: "MSSQL_Owns", ControlServer: "MSSQL_ControlServer", ControlDB: "MSSQL_ControlDB", ControlDBRole: "MSSQL_ControlDBRole", ControlDBUser: "MSSQL_ControlDBUser", ControlLogin: "MSSQL_ControlLogin", ControlServerRole: "MSSQL_ControlServerRole", Impersonate: "MSSQL_Impersonate", ImpersonateAnyLogin: "MSSQL_ImpersonateAnyLogin", ImpersonateDBUser: "MSSQL_ImpersonateDBUser", ImpersonateLogin: "MSSQL_ImpersonateLogin", ChangePassword: "MSSQL_ChangePassword", AddMember: "MSSQL_AddMember", Alter: "MSSQL_Alter", AlterDB: "MSSQL_AlterDB", AlterDBRole: "MSSQL_AlterDBRole", AlterServerRole: "MSSQL_AlterServerRole", Control: "MSSQL_Control", ChangeOwner: "MSSQL_ChangeOwner", AlterAnyLogin: "MSSQL_AlterAnyLogin", AlterAnyServerRole: "MSSQL_AlterAnyServerRole", AlterAnyRole: "MSSQL_AlterAnyRole", AlterAnyDBRole: "MSSQL_AlterAnyDBRole", AlterAnyAppRole: "MSSQL_AlterAnyAppRole", GrantAnyPermission: "MSSQL_GrantAnyPermission", GrantAnyDBPermission: "MSSQL_GrantAnyDBPermission", LinkedTo: "MSSQL_LinkedTo", ExecuteAsOwner: "MSSQL_ExecuteAsOwner", IsTrustedBy: "MSSQL_IsTrustedBy", HasDBScopedCred: "MSSQL_HasDBScopedCred", HasMappedCred: "MSSQL_HasMappedCred", HasProxyCred: "MSSQL_HasProxyCred", ServiceAccountFor: "MSSQL_ServiceAccountFor", HostFor: "MSSQL_HostFor", ExecuteOnHost: "MSSQL_ExecuteOnHost", TakeOwnership: "MSSQL_TakeOwnership", DBTakeOwnership: "MSSQL_DBTakeOwnership", CanExecuteOnServer: "MSSQL_CanExecuteOnServer", CanExecuteOnDB: "MSSQL_CanExecuteOnDB", Connect: "MSSQL_Connect", ConnectAnyDatabase: "MSSQL_ConnectAnyDatabase", ExecuteAs: "MSSQL_ExecuteAs", HasLogin: "MSSQL_HasLogin", GetTGS: "MSSQL_GetTGS", GetAdminTGS: "MSSQL_GetAdminTGS", HasSession: "HasSession", LinkedAsAdmin: "MSSQL_LinkedAsAdmin", CoerceAndRelayTo: "MSSQL_CoerceAndRelayToMSSQL", }
EdgeKinds defines the BloodHound edge kinds for MSSQL relationships
var Icons = map[string]*Icon{ NodeKinds.Server: { Type: "font-awesome", Name: "server", Color: "#42b9f5", }, NodeKinds.Database: { Type: "font-awesome", Name: "database", Color: "#f54242", }, NodeKinds.Login: { Type: "font-awesome", Name: "user-gear", Color: "#dd42f5", }, NodeKinds.ServerRole: { Type: "font-awesome", Name: "users-gear", Color: "#6942f5", }, NodeKinds.DatabaseUser: { Type: "font-awesome", Name: "user", Color: "#f5ef42", }, NodeKinds.DatabaseRole: { Type: "font-awesome", Name: "users", Color: "#f5a142", }, NodeKinds.ApplicationRole: { Type: "font-awesome", Name: "robot", Color: "#6ff542", }, }
Icons defines the default icons for MSSQL node types
var NodeKinds = struct { Server string Database string Login string ServerRole string DatabaseUser string DatabaseRole string ApplicationRole string User string Group string Computer string }{ Server: "MSSQL_Server", Database: "MSSQL_Database", Login: "MSSQL_Login", ServerRole: "MSSQL_ServerRole", DatabaseUser: "MSSQL_DatabaseUser", DatabaseRole: "MSSQL_DatabaseRole", ApplicationRole: "MSSQL_ApplicationRole", User: "User", Group: "Group", Computer: "Computer", }
NodeKinds defines the BloodHound node kinds for MSSQL objects
var PossibleEdgeKinds = []string{ EdgeKinds.LinkedTo, EdgeKinds.IsTrustedBy, EdgeKinds.ServiceAccountFor, EdgeKinds.HasDBScopedCred, EdgeKinds.HasMappedCred, EdgeKinds.HasProxyCred, }
PossibleEdgeKinds are edges that represent possible (not guaranteed) attack paths. These are traversable by default but can be disabled with --disable-possible-edges.
var SchemaJSON []byte
var SeedDataJSON []byte
Functions ¶
func GetEdgeProperties ¶
func GetEdgeProperties(kind string, ctx *EdgeContext) map[string]interface{}
GetEdgeProperties returns the properties for a given edge kind. Matches PS1 Add-Edge behavior: filters out empty strings but always includes booleans.
func IsTraversableEdge ¶
IsTraversableEdge returns whether an edge type is traversable based on its property generator definition. This matches the PowerShell EdgePropertyGenerators traversable values.
func ReadFromFile ¶
ReadFromFile reads BloodHound JSON from a file
func SchemaJSONWithDisabledPossibleEdges ¶
SchemaJSONWithDisabledPossibleEdges returns a copy of SchemaJSON with the possible edges set to is_traversable: false.
Types ¶
type Edge ¶
type Edge struct {
Start EdgeEndpoint `json:"start"`
End EdgeEndpoint `json:"end"`
Kind string `json:"kind"`
Properties map[string]interface{} `json:"properties,omitempty"`
}
Edge represents a BloodHound graph edge
type EdgeContext ¶
type EdgeContext struct {
SourceName string
SourceType string
SourceID string // ObjectIdentifier of source node
TargetName string
TargetType string
TargetID string // ObjectIdentifier of target node
TargetTypeDescription string // e.g., "SERVER_ROLE", "DATABASE_ROLE", "APPLICATION_ROLE", "SQL_LOGIN"
SQLServerName string
SQLServerID string // Server ObjectIdentifier
DatabaseName string
Permission string
IsFixedRole bool
SecurityIdentifier string // SID for CoerceAndRelay edges
ProxyName string // Proxy name for HasProxyCred edges
CredentialIdentity string // Credential identity for HasMappedCred/HasDBScopedCred edges
Subsystems string // Proxy subsystems for HasProxyCred edges
IsEnabled bool // Whether a proxy/login is enabled
}
EdgeContext provides context for generating edge properties
type EdgeEndpoint ¶
type EdgeEndpoint struct {
Value string `json:"value"`
}
EdgeEndpoint represents the start or end of an edge
type EdgeProperties ¶
type EdgeProperties struct {
General string `json:"general"`
WindowsAbuse string `json:"windowsAbuse"`
LinuxAbuse string `json:"linuxAbuse"`
Opsec string `json:"opsec"`
References string `json:"references"`
}
EdgeProperties contains the documentation and metadata for an edge
type Icon ¶
type Icon struct {
Type string `json:"type"`
Name string `json:"name"`
Color string `json:"color"`
}
Icon represents a node icon
type Node ¶
type Node struct {
ID string `json:"id"`
Kinds []string `json:"kinds"`
Properties map[string]interface{} `json:"properties"`
Icon *Icon `json:"icon,omitempty"`
}
Node represents a BloodHound graph node
type StreamingWriter ¶
type StreamingWriter struct {
// contains filtered or unexported fields
}
StreamingWriter handles streaming JSON output for BloodHound format
func NewStreamingWriter ¶
func NewStreamingWriter(filePath string) (*StreamingWriter, error)
NewStreamingWriter creates a new streaming BloodHound JSON writer
func NewStreamingWriterNoSourceKind ¶
func NewStreamingWriterNoSourceKind(filePath string) (*StreamingWriter, error)
NewStreamingWriterNoSourceKind creates a streaming writer without source_kind metadata. Used for AD object files (computers.json, users.json, groups.json).
func (*StreamingWriter) Close ¶
func (w *StreamingWriter) Close() error
Close finalizes the JSON and closes the file
func (*StreamingWriter) FilePath ¶
func (w *StreamingWriter) FilePath() string
FilePath returns the path to the output file
func (*StreamingWriter) FileSize ¶
func (w *StreamingWriter) FileSize() (int64, error)
FileSize returns the current size of the output file
func (*StreamingWriter) Stats ¶
func (w *StreamingWriter) Stats() (nodes, edges int)
Stats returns the number of nodes and edges written
func (*StreamingWriter) WriteEdge ¶
func (w *StreamingWriter) WriteEdge(edge *Edge) error
WriteEdge writes a single edge to the output. If edge is nil or a duplicate, it is silently skipped.
func (*StreamingWriter) WriteNode ¶
func (w *StreamingWriter) WriteNode(node *Node) error
WriteNode writes a single node to the output
Source Files