Run BloodHound CE in Docker
Summary
Runs BloodHound CE in Docker; grab the temp admin password from the startup logs and reset it on first login each time you spin up a fresh container.
Walkthrough
Spin up BloodHound Community Edition with Docker Compose, then collect and upload AD data. The temporary admin password is printed in the container logs on first run — update it each time you start fresh.
Install Docker
``bash sudo apt update sudo apt install -y docker.io docker-compose sudo systemctl enable --now docker sudo usermod -aG docker $USER newgrp docker ``
Start BloodHound CE
Pull the compose file and bring it up on port 8888, then browse to http://localhost:8888 and log in as admin with the temporary password from the logs:
``bash curl -L https://ghst.ly/getbhce | BLOODHOUND_PORT=8888 docker compose -f - up ``
Tear down / reset
Stop all containers and remove the related volumes so the next run starts clean:
``bash docker stop $(docker ps -aq) docker rm $(docker ps -aq) docker volume rm $(docker volume ls -q | grep -E "(medtech|bloodhound|neo4j|postgres)") 2>/dev/null || true docker volume prune -f docker compose down -v ``
Alternative: collect with netexec
``bash netexec ldap <IP> -u '<USER>' -p '<PASS>' --bloodhound --collection All --dns-server <IP> ``
Commands
bash
sudo apt update sudo apt install -y docker.io docker-compose sudo systemctl enable --now docker sudo usermod -aG docker $USER newgrp docker
bash
curl -L https://ghst.ly/getbhce | BLOODHOUND_PORT=8888 docker compose -f - up
bash
docker stop $(docker ps -aq) docker rm $(docker ps -aq) docker volume rm $(docker volume ls -q | grep -E "(medtech|bloodhound|neo4j|postgres)") 2>/dev/null || true docker volume prune -f docker compose down -v
bash
netexec ldap <IP> -u '<USER>' -p '<PASS>' --bloodhound --collection All --dns-server <IP>