Post

How to Convert Custom Queries from BloodHound Legacy to BloodHound CE

Complete guide to migrate and convert custom queries from Legacy BloodHound to BloodHound CE (Community Edition). Includes step-by-step instructions, popular query collections, and python automation script for converting custom queries and bulk uploads.

Posted Updated
Preview Image
By WafflesExploits
1 min read
How to Convert Custom Queries from BloodHound Legacy to BloodHound CE

BloodHound CE (Community Edition) brings numerous improvements over the legacy version, but the custom queries format has changed and you can’t just drag and drop the custom queries into BloodHound CE to upload custom queries. This is very cumbersome since a lot of great custom queries were made for BloodHound Legacy.

To make sure you can still use the awesome queries from BloodHound Legacy, I created a tool to automatically convert and upload any custom query from BloodHound Legacy to BloodHound CE.

To learn more about the tool, you can find its GitHub repository here:

🎥 Quick Demo of the tool:

Step-by-Step Instructions

Here’s how you can use this tool to quickly convert and upload your favorite custom queries

1. Select a Custom Query Collection

Here are some popular query collections you can test with:

2. Get the BloodHound’s API JWT

  1. Open BloodHound’s API Explorer
  2. Find the “Get Self API” request and click “Try It Out”
    • 8c116f87c7c38fee18bfa7669901f475.png
  3. Execute the request
  4. Copy your JWT Token from the Authorization Bearer header
    • e562b5a4f701cbac39d2a1c306da1ac7.png

3. Running the Tool

After grabbing the JWT Token, you can install the tool like so:

1
2
3

git clone https://github.com/WafflesExploits/Bloodhound-query-legacy2ce
cd Bloodhound-query-legacy2ce
pip install -r requirements.txt

Run the command below to convert and upload your custom queries:

1

python upload_bloodhound_queries.py --input-file customqueries.json --jwt-token <YOUR_JWT_TOKEN>

The tool supports additional options:

  1. Convert only (no upload): –convert-only –output-file output-file-name.json
  2. Specify API URL: –api-url API-URL
    • (By defaults the tool uses: http://localhost:8080/api/v2/saved-queries)

4. Verifying Your Queries

After upload, verify your queries in BloodHound CE:

  1. Go to the Explore tab
  2. Select the Cypher tab
  3. Click the folder icon (📁)
  4. Open “Custom Queries” from the dropdown
    • 062c8b6b5dffbb7a3fa59ea7594fba59.png

That’s it! You can now use your favorite BloodHound Legacy queries in BloodHound CE. Happy Hunting! 🎯

Hacking, Red Team, Security Tools, Active Directory, Network Security, Pentesting
BloodHound BloodHound CE BloodHound Community Edition Custom Queries Query Migration Active Directory Cypher Queries Security Tools Network Security Penetration Testing Red Team
This post is licensed under CC BY 4.0 by the author.