Ldif2bloodhound
Convert an LDIF file to JSON files ingestible by BloodHound
Install / Use
/learn @SySS-Research/Ldif2bloodhoundREADME
ldif2bloodhound
Convert an LDIF file to JSON files ingestible by BloodHound.
The LDIF file should be retrieved like this with ldapsearch:
$ for base in "" "CN=Schema,CN=Configuration," ; do \
LDAPTLS_REQCERT=never ldapsearch \
-H ldap://<DC> \
-D <USERNAME>@corp.local \
-w <PASSWORD> \
-b "${base}DC=corp,DC=local" \
-x \
-o ldif-wrap=no \
-E pr=1000/noprompt \
-E '!1.2.840.113556.1.4.801=::MAMCAQc=' \
-LLL \
-ZZ \
'(objectClass=*)' \
; done >> output_$(date +%s).ldif
In case StartTLS does not work, remove the -ZZ flag and replace
ldap:// with ldaps://. Or leave it at ldap:// if you like to live
dangerously.
The second -E argument is needed so that ACLs are also dumped.
Then, the conversion works as follows:
$ ldif2bloodhound output_*.ldif
For more options, run ldif2bloodhound --help.
The obvious limitation is that you won't get information about sessions or
local group memberships, just like with
ADExplorerSnapshot.py.
Parsing LDIF data is more equivalent to running SharpHound with -c DCOnly
(perhaps even less).
BloodHound.py is a better choice
to collect this data in most scenarios.
Installation
Install with this command:
$ uv tool install git+https://github.com/SySS-Research/ldif2bloodhound
# Alternatively:
$ pipx install git+https://github.com/SySS-Research/ldif2bloodhound
Copyright and License
SySS GmbH, Adrian Vollmer. MIT Licensed.
Related Skills
node-connect
349.7kDiagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps
frontend-design
109.7kCreate distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, or applications. Generates creative, polished code that avoids generic AI aesthetics.
openai-whisper-api
349.7kTranscribe audio via OpenAI Audio Transcriptions API (Whisper).
qqbot-media
349.7kQQBot 富媒体收发能力。使用 <qqmedia> 标签,系统根据文件扩展名自动识别类型(图片/语音/视频/文件)。
