When you're doing Active Directory pentesting on a tight schedule, running SharpHound manually and then clicking through BloodHound's UI gets old fast. BHADGUI started as a simple wrapper and evolved into something more useful.
What it does:
* Automated BloodHound data collection via SharpHound integration
* Built-in scanner modules for ACL analysis and pre-Windows 2000 compatibility checks
* Attack path visualization helpers — cutting the time between "I have a shell" and "I have a path to DA"
Why I built it: HTB machines were the testing ground. Every new module came from a real gap I hit during a machine — if I had to do something manually twice, it became a feature.
Overview:
BHADGUI is a GUI-based tool for automated analysis of BloodHound/SharpHound JSON output files, focused on identifying Active Directory misconfigurations and attack paths - with ready-to-use exploitation one-liners.
Primary use case: HackTheBox / CTF / authorized penetration tests.
In action - BHADGUI vs HTB Pirate:
Tab: Run Collector:
Tab: Scan JSON:
Example oneliner from BHADGUI's output in use during HTB Pirate CTF:
Demo: https://youtu.be/t8bAoMJT6S8
(Full version of BHADGUI is currently available only for Tier 2 Patrons.)
Thanks for your support!
Brak komentarzy:
Prześlij komentarz