How to Successfully Install BloodHound in Linux/Ubuntu

Ibrahim Isiaq Bolaji February 08, 2026

Welcome back to my blog, today we will discuss about what BloodHound is, how it can be used in active directory (AD) enumeration, installation steps, how to collect active directory data with SharpHound, how to analyze attack paths with BloodHound, how to exploit weak kerberos delegation, and how we can secure active directory against BloodHound attacks.


What is BloodHound?

BloodHound is a cybersecurity tool used to analyze and map relationships inside Active Directory (AD) environments. Active Directory is a system used by organizations (such as companies, universities, or government offices) to manage users, computers, permissions, and access to resources like files, applications, and networks.

BloodHound Active Directory Penetration Testing

BloodHound helps security professionals, penetration testers, and system administrators understand how attackers might move inside a network if they gain access to one account or computer. Instead of only showing individual accounts or permissions, BloodHound builds a visual graph that shows how everything in Active Directory is connected.

Think of Active Directory like a large school with:

  1. Students (Users)
  2. Classrooms (Computers)
  3. Teachers and principals (Administrators)
  4. Rules about who can enter which rooms (Permissions)

BloodHound works like a map that shows how someone could move through the school by using the permissions and relationships between people and rooms.


How to Install and Run BloodHound on Linux/Ubuntu

To prepare for Active Directory enumeration and attack path analysis, BloodHound was installed directly from the Kali Linux repositories. Installing BloodHound locally ensures access to both its graphical analysis interface and the required data collection utilities used throughout the assessment.

The system package lists were first updated to ensure the latest repository metadata was available. BloodHound and its dependencies were then installed using the following command:

sudo apt update && sudo apt install -y bloodhound

During installation, several supporting components were automatically deployed. The package manager installed SharpHound, which is responsible for collecting Active Directory enumeration data from target environments. AzureHound was also included to support hybrid or cloud-based enumeration scenarios.

BloodHound relies on a graph database backend to store and visualize domain relationships. As part of the installation, Neo4j was installed and configured as the primary database service. Since Neo4j operates on Java, the installer also deployed the required OpenJDK 11 runtime environment along with supporting Java utilities.

The installation process downloaded approximately 234 MB of packages and configured all required dependencies automatically. Once completed, the system contained the full BloodHound toolkit, including:

  • Graphical interface for relationship visualization
  • Data collection utilities
  • Graph database backend for storing enumeration results

With BloodHound successfully installed, the environment was prepared for Active Directory data collection and privilege escalation path analysis in later stages of the assessment.


Initializing the BloodHound Environment

Following the installation of BloodHound and its dependencies, the environment required initial service configuration before the tool could be used for Active Directory relationship analysis. Kali provides a helper utility that automates the setup of the required database services and backend components.

To initialize the BloodHound environment, the setup script was executed:

The setup utility first verified that the required PostgreSQL service was running. PostgreSQL is used by the BloodHound API to store application-related data. The script confirmed that both the BloodHound database and its associated user account already existed and adjusted permissions accordingly.

Next, the script checked the status of the Neo4j graph database, which is responsible for storing and visualizing Active Directory relationship data. The output indicated that Neo4j was not currently running, prompting the setup script to automatically start the service. Once started, Neo4j exposed its management interface locally on port 7474.

At this stage, the setup process highlighted an important security requirement. Neo4j ships with default credentials (neo4j:neo4j), which must be changed before BloodHound can be used. The setup script also instructed updating the BloodHound API configuration file after modifying the password to ensure proper authentication between BloodHound and the Neo4j database.

The Neo4j web interface was then opened automatically, allowing the initial password change and confirmation that the database service was functioning correctly. With Neo4j running and PostgreSQL configured, the BloodHound backend services were successfully prepared for data ingestion and graph-based analysis during later enumeration stages.

cc

dd

ee

ff

gg

hh

ii

jj

kk

Why BloodHound is Useful in Active Directory Enumeration

1. Helps Discover Hidden Permission Relationships

In large organizations, permissions are often complicated. A user may not appear to have high privileges directly, but they might have indirect access through group memberships or delegated permissions.

BloodHound helps identify:

  • Who controls certain accounts
  • Which users can modify other users
  • Which computers can be accessed by specific accounts
  • Paths that could lead to administrative privileges

This makes it easier to detect weak security configurations.


2. Visualizes Attack Paths

Instead of reading thousands of lines of technical data, BloodHound creates graphs that show how access can spread across a network.

For example, BloodHound might reveal:

  • A normal user can reset another user’s password
  • That second user belongs to a privileged group
  • That group can control a domain administrator account

This chain of relationships is called an attack path. BloodHound automatically finds these paths and shows them visually.


3. Helps Improve Security

BloodHound is not just for attackers or penetration testers. System administrators use it to:

  • Identify risky permission settings
  • Reduce unnecessary privileges
  • Strengthen network security
  • Understand how privilege escalation can occur

By fixing weak configurations, organizations can prevent real attacks.


4. Saves Time During Enumeration

Manual Active Directory enumeration can take a long time because AD environments often contain:

  • Thousands of users
  • Hundreds of computers
  • Many nested groups and permissions

BloodHound automates data collection and analysis, allowing security professionals to focus on interpreting results rather than manually searching for relationships.


How BloodHound Works (Simple Explanation)

BloodHound works in two main stages:

Stage 1: Data Collection

BloodHound uses a data collector (such as SharpHound or other collectors) to gather information from the Active Directory environment.

The collector gathers information like:

  • User accounts
  • Group memberships
  • Computer sessions
  • Access permissions
  • Trust relationships between domains


Stage 2: Data Analysis and Visualization

After collecting data, BloodHound imports it into a database and shows the relationships using graphs.

These graphs allow users to:

  • Search for privileged accounts
  • Identify shortest paths to administrative control
  • Understand trust relationships
  • Explore how access spreads through the network


Interesting Things to Explore Using BloodHound

Privilege Escalation Paths

BloodHound can show how a low-privileged account might eventually gain administrator privileges through multiple permission relationships.


Domain Trust Relationships

In organizations with multiple domains, BloodHound can reveal how domains trust each other and how access might move between them.


Session Information

BloodHound can show which users are currently logged into which computers. This helps identify opportunities where privileged credentials might be exposed.


Group Membership Chains

Sometimes users are part of groups that are nested inside other groups. BloodHound makes it easy to see these chains and how they lead to powerful permissions.


Attack Simulation and Defense Planning

Security teams can use BloodHound to simulate how attackers might move inside the network and then fix those weaknesses before they are exploited.


Important Ethical and Security Considerations

BloodHound is a powerful tool and should only be used:

  • During authorized penetration testing
  • In controlled lab environments
  • By security teams performing defensive assessments

Using BloodHound without permission in a real environment is illegal and unethical.


Why BloodHound is Popular in Cybersecurity

BloodHound is widely used because:

  • It simplifies complex Active Directory environments
  • It provides visual attack path analysis
  • It supports both offensive and defensive security
  • It helps security teams prioritize real risks instead of guessing


Simple Real-World Example

Imagine you find a regular employee account in a company network. That account might:

  • Have permission to reset another employee’s password
  • That employee might belong to a server administrator group
  • That group might control domain controllers

BloodHound helps identify this entire chain automatically, showing how a small access point could lead to full network control.


Summary

BloodHound is a powerful Active Directory analysis tool that helps users understand relationships between accounts, computers, and permissions. By visualizing these connections, it helps identify security risks, attack paths, and privilege escalation opportunities. It is widely used by cybersecurity professionals to strengthen network security and understand how attackers might move through an Active Directory environment.


Keywords: Active Directory Penetration Testing, BloodHound Complete Installation, How to Install BloodHound on Kali Linux, How to Install BloodHound on Ubuntu, How to Secure Active Directory Against BloodHound Attacks

Tags
Ibrahim Isiaq Bolaji

Posted by Ibrahim Isiaq Bolaji

I am currently pursing a double master's degree program through the prestigious Erasmus Mundus Joint Master's Programme in Applied Cybersecurity between three consortium universities: Kadir Has University, Istanbul, Turkiye | Saints Cyril and Methodius University in Skopje, North Macedonia | SRH University of Applied Science, Berlin, Germany. Before beginning my master's program, I worked as a cybersecurity instructor at Aptech Education, Gwarinpa, FCT Abuja. Prior to that, I obtained my Bachelor of Technology (B.Tech) degree in Information and Communication Tech from Kebbi State University of Science and Technology, Aliero, Nigeria, where I graduated with a First Class Honours. Upon finishing my master's degree in October 2025, I will be awarded an MSc Applied Cybersecurity from Kadir Has University and an MSc Computer Science from Saints Cyril and Methodius University in Skopje. My area of research interests are in: Software Security & Vulnerabilities | IoT Security | Cloud Computing | Digital Forensics & Incident Response | Malware Analysis | Ethical Hacking | Reverse Engineering | Computer & Network Security | Security & Privacy | Penetration Testing

Post a Comment

0 Comments