BQM (Bloodhound Query Merger)
Tool to deduplicate custom BloudHound queries from different datasets and merge them in one
customqueries.json
file.
Why?
BloodHound allows you to store custom queries in ~/.config/bloodhound/customqueries.json
. Most pentester are then downloading a custom queries file from an external project. The issue? There are several projects offering very good queries files but they are all very different and complementary and BloodHound supports only one custom queries file. The solution? What if a tool would index all custom queries files, download them for you, remove duplicate queries and merge them all in one file you can use in BloodHound? That’s what BQM offers, no more query file compromise, more AD compromise!
Features
- Inventory many query datasets
- Fetch all query datasets
- Remove duplicate queries
- Merge all queries in one file
- List all available datasets
- Merge existing customqueries.json to the output
- Merge local custom queries files as well as remote ones
- Merge local bqm query sets file
- Offline support
- Folder support
Install
No install, just clone the repository and run! No dependencies, just pure Ruby.
git clone https://github.com/Acceis/bqm.git && cd bqm
ruby bin/bqm -h
See INSTALL for options with package managers.
Usage
Usage: bqm [options]
-o, --output-path PATH Path where to store the query file
-l, --list List available datasets
-i FILE,DIRECTORY,..., Local custom queries files/directories
--local-sets
--ignore-default Ignore the default query-sets.json
-v, --verbose Display the name of the merged files/sets
Example: bqm -o ~/.config/bloodhound/customqueries.json
Example: bqm -o /tmp/customqueries.json -i /tmp/a.json,/home/user/folder
Example:
$ bqm -o ~/.config/bloodhound/customqueries.json
[+] The output path /home/noraj/.config/bloodhound/customqueries.json already exists
[?] Do you want to overwrite it? [y/n]
y
[?] What to do with the existing queries? (merge / discard) [m/d]
d
[+] Fetching and merging datasets
[+] Removing duplicates
[+] All queries have been merged in /home/noraj/.config/bloodhound/customqueries.json
See DOC for more explanation about some options.
Datasets
Datasets used by BQM are referenced in data/query-sets.json
. They are coming from the following projects:
- ly4k/Certipy
- CompassSecurity/BloodHoundQueries
- hausec/Bloodhound-Custom-Queries
- awsmhacks/awsmBloodhoundCustomQueries
- porterhau5/BloodHound-Owned
- ZephrFish/Bloodhound-CustomQueries
- Scoubi/BloodhoundAD-Queries
- InfamousSYN/bloodhound-queries
- zeronetworks/BloodHound-Tools
- egypt/customqueries
- trustedsec/CrackHound
- aress31/bloodhound-utils
- ThePorgs/Exegol-images
Author
Made by Alexandre ZANNI (@noraj) for ACCEIS.
Credits
Logo made with DesignEvo.