← Back to search

Run BloodHound CE in Docker

ad enumlinuxtool

Summary

Runs BloodHound CE in Docker; grab the temp admin password from the startup logs and reset it on first login each time you spin up a fresh container.

Walkthrough

Spin up BloodHound Community Edition with Docker Compose, then collect and upload AD data. The temporary admin password is printed in the container logs on first run — update it each time you start fresh.

Install Docker

``bash sudo apt update sudo apt install -y docker.io docker-compose sudo systemctl enable --now docker sudo usermod -aG docker $USER newgrp docker ``

Start BloodHound CE

Pull the compose file and bring it up on port 8888, then browse to http://localhost:8888 and log in as admin with the temporary password from the logs:

``bash curl -L https://ghst.ly/getbhce | BLOODHOUND_PORT=8888 docker compose -f - up ``

Tear down / reset

Stop all containers and remove the related volumes so the next run starts clean:

``bash docker stop $(docker ps -aq) docker rm $(docker ps -aq) docker volume rm $(docker volume ls -q | grep -E "(medtech|bloodhound|neo4j|postgres)") 2>/dev/null || true docker volume prune -f docker compose down -v ``

Alternative: collect with netexec

``bash netexec ldap <IP> -u '<USER>' -p '<PASS>' --bloodhound --collection All --dns-server <IP> ``

Commands

bash

sudo apt update
sudo apt install -y docker.io docker-compose
sudo systemctl enable --now docker
sudo usermod -aG docker $USER
newgrp docker

bash

curl -L https://ghst.ly/getbhce | BLOODHOUND_PORT=8888 docker compose -f - up

bash

docker stop $(docker ps -aq)
docker rm $(docker ps -aq)
docker volume rm $(docker volume ls -q | grep -E "(medtech|bloodhound|neo4j|postgres)") 2>/dev/null || true
docker volume prune -f
docker compose down -v

bash

netexec ldap <IP> -u '<USER>' -p '<PASS>' --bloodhound --collection All --dns-server <IP>

References