Information Security News

RustHound: cross-platform BloodHound collector tool, written in Rust

by ·

RustHound

RustHound is a cross-platform BloodHound collector tool, written in Rust. (Linux, Windows, MacOS)

No anti-virus detection and cross-compiled.

RustHound generates users, groups, computers, ous, gpos, containers, domains json files to analyze with the BloodHound application.

? If you can use SharpHound.exe, use it. Rusthound is a backup solution if SharpHound.exe is detected by AV or if SharpHound.exe isn’t executable from the system where you have access to.

? Statistics

In order to make statistics on a DC with more LDAP objects, we run the BadBlood project on the domain controller ESSOS.local from GOAD. The DC has now around 3500 objects. An execution average time has been done and here is the output:

Tool Environment Objects Time Command line
SharpHound.exe Windows  ~3500 ~51.605s Measure-Command { sharphound.exe -d essos.local –ldapusername ‘khal.drogo’ –ldappassword ‘horse’ –domaincontroller ‘192.168.56.12’ -c All }
BloodHound.py Linux  ~3500 ~9.657s time python3 bloodhound.py -u khal.drogo -p horse -d essos.local -ns 192.168.56.12 –zip -c all
RustHound.exe Windows  ~3500 ~5.315s Measure-Command { rusthound.exe -d essos.local -u khal.drogo@essos.local -p horse -z }
RustHound Linux  ~3500 ~3.166s time rusthound -d essos.local -u khal.drogo@essos.local -p horse -z

Roadmap

Authentification

  •  LDAP (389)
  •  LDAPS (636)
  •  BIND
  •  NTLM
  •  Kerberos
  •  Prompt for password

Outputs

  •  users.json
  •  groups.json
  •  computers.json
  •  ous.json
  •  gpos.json
  •  containers.json
  •  domains.json
  •  cas.json
  •  templates.json
  •  args and function to zip JSON files –zip

Modules

  •  Retreive LAPS password if your user can read them automatic
  •  Resolve FQDN computers found to IP address –fqdn-resolver
  •  Retrieve certificates for ESC exploitation with Certipy –adcs
  •  Kerberos attack module (ASREPROASTING and KERBEROASTING) –attack-kerberos
  •  Retrieve datas from trusted domains –follow-trust (Currently working on it, got beta version of this module)

Limitations

Not all SharpHound features have been implemented. Some exist in RustHound and not in SharpHound or BloodHound-Python. Please refer to the roadmap for more information.

Install & Use

Copyright (c) 2022 OPENCYBER

Support Our Threat Intelligence

If you find our technology report and cybersecurity news helpful, consider supporting our work.

Crypto QR Code
USDT (TRC20):
TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm
USDT (ERC20):
0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce

Tags: