Auto Recon

Reconnaisance can be automated with the help of Sharphound and Bloodhound.

Sharphound is available in different formats - source code, compiled executable or as a powershell script.

Sharphound helps in gathering info about a domain and dumping it into a file. The following commands can be used to collect the info by logging in as a domain user.

Import-Module .\Sharphound.ps1
Invoke-BloodHound -CollectionMethod All -OutputDirectory C:\Users\xyz\Desktop\ -OutputPrefix "domain_audit"

Once the information is collected, it can be visualized using bloodhound. Bloodhound can be accessed through the web browser post starting the server using the following command,

sudo neo4j start

The above command should enable you to setup bloodbound. With neo4j running bloodhound can be started using the command,

bloodhound

The output of sharphound can be uploaded to view the data.