bloodhound.py -d lab.local -u user -p pass --kerberoast --asrep This dumps crackable hashes directly into the output/ directory as roastable.txt alongside the JSONL files. The -s (session collection) flag was notoriously unstable in prior versions, often causing LDAP timeouts. The update replaces the synchronous LDAP paging with an asynchronous generator, reducing the chances of SIZELIMIT_EXCEEDED errors on domains with thousands of active sessions. D. BloodHound Enterprise (BHE) Compatibility The output schema now includes optional fields required by BloodHound Enterprise (e.g., OwnedObjects and HighValue flags). While backward compatible with the open-source Community Edition, this update prepares the collector for enterprise-tier attack path analysis. 3. Installation and Upgrade Guide If you are running an older version, you are likely missing critical bug fixes regarding TLS certificate validation and Python 3.11+ compatibility. Fresh Installation # Create a virtual environment (recommended) python3 -m venv bloodhound-env source bloodhound-env/bin/activate Install from PyPI pip install bloodhound Updating Existing Installation # Check current version bloodhound.py --version Upgrade pip install --upgrade bloodhound Verify update pip show bloodhound
Date: October 26, 2023 (Adjusted for context of a major tooling update) Reading Time: 8 minutes bloodbornepkg updated
"JSONL files won't load into BloodHound CE v4.2 or older." Solution: Update BloodHound to v4.3+ OR use the conversion script above. BloodHound Community Edition v4.2 does not support JSONL. 8. The Road Ahead: What This Update Signals The bloodbornepkg update is not merely a maintenance release; it signals a philosophical shift toward streaming data pipelines and enterprise readiness . SpecterOps has moved BloodHound to a SaaS model (BloodHound Enterprise), but the open-source collector ecosystem is adapting. bloodhound
If you are mid-engagement with a legacy BloodHound GUI (version 4.2 or older), . If you are using BloodHound CE 4.3+ or BHE, update immediately for the performance gains. Linux-based attack machines
This analysis was compiled by the AD Security Collective. For technical verification, refer to the official changelog at PyPI.org/project/bloodhound and the GitHub repository under NCC Group.
For red teamers, blue teamers, and Active Directory (AD) forensic analysts, few tools have revolutionized privilege escalation auditing like BloodHound. At the heart of the data collection process lies the ingestor. However, for those operating in Python environments—specifically when dealing with restricted shells, Linux-based attack machines, or cross-platform C2 frameworks—the Python implementation known as bloodbornepkg (or simply bloodhound.py ) has been the go-to solution.
After updating, always test with --help to review new flags like --disable-jsonl (reverts to old format) and --session-timeout (adjusts the new async session collector).