Skip to main content
Applies to BloodHound Enterprise and CE The OpenGraph library provides a list of projects created by BloodHound community members that extend the coverage of BloodHound utilizing OpenGraph. Have you built a cool project using OpenGraph and want it featured here? Already got your project in the list and need to update something? Open a “Library Change” issue on the BloodHound Docs repo and we’ll get it added for you! Submissions from the community will have a icon next to them while those by SpecterOps employees will have a SpecterOps icon.

OpenGraph Library

All code linked via this library is provided “as is,” without review, approval, or endorsement by SpecterOps, regardless of authorship. It has not been audited for accuracy, security, or fitness for any purpose. Use at your own risk. You are solely responsible for testing, validating, and ensuring the code meets your requirements before use in any environment. SpecterOps is not responsible for any damages, losses, or security issues arising from the use of any linked code.

1PassHound

DescriptionThe 1Password for Business OpenGraph extension lets you bring your 1Password ACL data into BloodHound’s graph‑analysis framework.Whether you’re auditing permissions, responding to incidents, or simply exploring your 1Password configuration, this extension brings clarity, control and rich visualization to your vaults and items.Authors/MaintainersRepo

AnsibleHound

DescriptionAnsibleHound is a BloodHound OpenGraph collector for Ansible AWX and Ansible Tower. The collector is designed to map the structure and permissions of your organization into a navigable attack-path graph.Authors/MaintainersRepo

IAMhounddog

DescriptionA tool to help pentesters quickly identify privileged principals and second-order privilege escalation opportunities in unfamiliar AWS environments. Creates OpenGraph-compatible IAM to resource models that can be ingested and used in BloodHound CE along with pre-written queries to identify common misconfigurations.Authors/MaintainersRepo

EntraAuthPolicyHound

DescriptionThis PoC community project provides a sample PowerShell script that collects Microsoft Entra ID permissions related to Temporary Access Passes (TAPs) and Passkeys (FIDO2 security keys or mobile devices) and exports the data in BloodHound OpenGraph format.Authors/MaintainersRepo

EntraSSSOHound

DescriptionEntra ID Seamless Single Sign-On (Seamless SSO) is a feature that non-interactively signs users into cloud applications whenever they are connected to Active Directory. EntraSSSOHound extends BloodHound CE with OpenGraph-format coverage, modeling how Active Directory computers can compromise synced Entra ID users through the trust established between the trusted on-premises computer and Entra ID.Authors/MaintainersRepo

GitHound

DescriptionGitHound is a BloodHound OpenGraph collector for GitHub, designed to map your organization’s structure and permissions into a navigable attack‑path graph.With GitHound, you get a clear, interactive graph of your GitHub permissions landscape—perfect for security reviews, compliance audits, and rapid incident investigations.Authors/MaintainersRepo

GitHoundPy

DescriptionA python implementation of the GitHound collector for BloodHound OpenGraph. This project aims to stay in sync with the main PowerShell version.Credit and tons of props to the SpecterOps team for the main implementation, for a detailed breakdown on the features check the main repoAuthors/MaintainersRepo

GCP-Hound

DescriptionGCP-Hound is an open-source security enumeration and privilege escalation discovery tool designed specifically for Google Cloud Platform environments. Built to integrate seamlessly with BloodHound’s OpenGraph framework, it transforms complex GCP IAM relationships into interactive attack graphs.Authors/MaintainersRepo

JamfHound

DescriptionJamfHound is a python3 project designed to collect and identify attack-paths in Jamf Pro tenants for privilege escalation and lateral movement based on existing object permissions. The collector saves data as JSON for ingestion into BloodHound to easily visualize and evaluate the risks of compromise within the Jamf Pro tenant.Authors/MaintainersRepo

OpenGraph DLT

DescriptionA lightweight CLI for collecting service-specific resources and turning it into OpenGraph/BloodHound datasets. The long–term goal is to plug in multiple collectors; Kubernetes is the first source and serves as the reference implementation for future integrations. The kubernetes collector makes use of an (embedded) DuckDB database, which may not be needed for your usecase.Authors/MaintainersRepo

MSSQLHound

DescriptionCollects BloodHound OpenGraph compatible data from one or more MSSQL servers into individual temporary files, then zips them in the current directory.Authors/MaintainersRepo

NetworkHound

DescriptionNetworkHound connects to Active Directory Domain Controllers, discovers computer objects, resolves hostnames to IP addresses using multiple DNS methods, performs comprehensive network scanning (port scanning, HTTP/HTTPS validation), and discovers shadow-IT devices. It then builds a detailed network topology graph in OpenGraph JSON format compatible with BloodHound.Authors/MaintainersRepo

SCCM_SQL_Collector

DescriptionPoC script to collect SCCM attack paths from a SCCM site DB. Credits to @sanjivkawa for SQLRecon, which is where most of the scaffolding code to allow for connecting to SQL came from (thanks Sanj!)Authors/MaintainersRepo

SnowHound

DescriptionThe BloodHound extension for Snowflake tenants enables organizations to visualize their Snowflake environment by mapping key elements such as Users, Databases, Roles, Warehouses, and Integrations, along with the permissions that connect them.This provides a comprehensive view of access and potential attack paths within the Snowflake tenant, empowering security teams to identify vulnerabilities and better manage their environment’s security posture.Authors/MaintainersRepo

vCenterHound

DescriptionvCenterHound connects to one or more vCenters, collects infrastructure entities (Datacenter/Cluster/Host/VM/Network/Datastore, etc.) and permissions (Roles/Users/Groups/Assignments), then builds a BloodHound‑compatible JSON graph with Custom Nodes/Edges. The model.json file provides icons and styles for these custom kinds.Authors/MaintainersRepo

OpenGraph Tools

bhopengraph

Description This module provides Python classes for creating and managing graph structures that are compatible with BloodHound OpenGraph. The classes follow the BloodHound OpenGraph schema and best practices. If you don’t know about BloodHound OpenGraph yet, a great introduction can be found here: https://bloodhound.specterops.io/opengraph/best-practices The complete documentation of this library can be found here: https://bhopengraph.readthedocs.io/en/latest/ Authors/Maintainers Repo

BloodHoundOperator

Description PowerShell client for BloodHound Community Edition and BloodHound Enterprise Learn more:
  • Release blog post: BloodHound Operator — Dog Whispering Reloaded
  • Presentation at PowerShell Conference Europe: The Dog Ate My Homework - A new chapter in my BloodHound adventures with PowerShell
Authors/Maintainers Repo

BloodHound OpenGraph Helper Library

Description A Python library for creating BloodHound OpenGraph JSON data that conforms to the BloodHound OpenGraph schema specification. Authors/Maintainers Repo