bloodhound 4.0.1 on macOS Mojave
更新履歴
- 2021.02.10
はじめに
- このドキュメントでは,macOS Mojave に,bloodhoundをインストールする.
- パッケージをHomeBrewを使ってインストールしていく.
- BloodHoundを動かすためには,グラフデータベースのneo4jが必要.neo4jを動かすにはJDKが必要なので,順次それらをインストールしていく.
- また,BloodHoundの動作確認用のデータ生成プログラムのneo4j-driverもいれてみるが,うまく動作しない...
BrewでBloodhoundのインストール
- まずは,パッケージの確認.
$ brew info bloodhound🆑
bloodhound: 4.0.1🈁
https://github.com/BloodHoundAD/BloodHound
Not installed
From: https://github.com/Homebrew/homebrew-cask/blob/HEAD/Casks/bloodhound.rb
==> Name
bloodhound
==> Description
Six Degrees of Domain Admin
==> Artifacts
BloodHound-darwin-x64/BloodHound.app (App)
==> Analytics
install: 26 (30 days), 75 (90 days), 256 (365 days)
[macmini2014:ujpadmin 15:54:21 ~ ]
$
- インストールを行う.
$ brew install bloodhound🆑
Updating Homebrew...
==> Auto-updated Homebrew!
Updated 2 taps (homebrew/core and homebrew/cask).
==> New Formulae
libmd
==> Updated Formulae
Updated 86 formulae.
==> New Casks
parsify
==> Updated Casks
Updated 34 casks.
==> Downloading https://github.com/BloodHoundAD/BloodHound/releases/download/4.0.1/BloodHound-darwin-x64.zip
==> Downloading from https://github-releases.githubusercontent.com/56452110/c5569700-2f44-11eb-8811-3a04ae6f5888?X-A
######################################################################## 100.0%
==> Installing Cask bloodhound
==> Moving App 'BloodHound.app' to '/Applications/BloodHound.app'🈁
🍺 bloodhound was successfully installed!
[macmini2014:ujpadmin 15:57:26 ~ ]
$
- アプリケーションフォルダに保存されたということで,確認してみる.
- アプリケーションの詳細.
初回起動
- アプリを起動.
- macOSのゲートキーパーがブロックしている.
- システム環境設定で,実行許可を行う.
- 次のようなダイアログが表示される.
- No database found となっている.
- neo4jというグラフデータベースが必要となっている.
neo4jのインストール
- bloodhoundには,neo4jというグラフDBが必要ということで,同じくbrewからインストールする.
- パッケージの確認.
$ brew info neo4j🆑
Warning: Treating neo4j as a formula. For the cask, use homebrew/cask/neo4j
neo4j: stable 4.2.3🈁
Robust (fully ACID) transactional property graph database
https://neo4j.com/
Not installed
From: https://github.com/Homebrew/homebrew-core/blob/HEAD/Formula/neo4j.rb
License: GPL-3.0-or-later
==> Dependencies
Required: openjdk@11 ✘🈁
==> Caveats
To have launchd start neo4j now and restart at login:
brew services start neo4j
Or, if you don't want/need a background service you can just run:
neo4j start
==> Analytics
install: 1,369 (30 days), 4,351 (90 days), 12,727 (365 days)
install-on-request: 1,356 (30 days), 4,141 (90 days), 11,808 (365 days)
build-error: 0 (30 days)
[macmini2014:ujpadmin 16:26:09 ~ ]
$
- OpenJDK11も必要とのこと...
OpenJDK11 のインストール
- OpenJDKのパッケージ情報を確認する.
$ brew info openjdk@11🆑
openjdk@11: stable 11.0.9 (bottled) [keg-only]
Development kit for the Java programming language
https://openjdk.java.net/
Not installed
From: https://github.com/Homebrew/homebrew-core/blob/HEAD/Formula/openjdk@11.rb
License: GPL-2.0-only
==> Dependencies
Build: autoconf ✔
==> Caveats
For the system Java wrappers to find this JDK, symlink it with
sudo ln -sfn /usr/local/opt/openjdk@11/libexec/openjdk.jdk /Library/Java/JavaVirtualMachines/openjdk-11.jdk
openjdk@11 is keg-only, which means it was not symlinked into /usr/local,
because this is an alternate version of another formula.
==> Analytics
install: 25,690 (30 days), 75,018 (90 days), 210,955 (365 days)
install-on-request: 12,406 (30 days), 35,051 (90 days), 98,005 (365 days)
build-error: 0 (30 days)
[macmini2014:ujpadmin 16:28:10 ~ ]
$
- OpenJDKをインストールする.
$ brew install openjdk@11🆑
Updating Homebrew...
==> Auto-updated Homebrew!
Updated 1 tap (homebrew/core).
==> Updated Formulae
Updated 1 formula.
==> Downloading https://homebrew.bintray.com/bottles/openjdk%4011-11.0.9.mojave.bottle.tar.gz
==> Downloading from https://d29vzk4ow07wi7.cloudfront.net/facf3c10d2f0183c5f55c2e7aad5bc9ad28da3979712a7fee342bb00b
######################################################################## 100.0%
==> Pouring openjdk@11-11.0.9.mojave.bottle.tar.gz
==> Caveats
For the system Java wrappers to find this JDK, symlink it with
sudo ln -sfn /usr/local/opt/openjdk@11/libexec/openjdk.jdk /Library/Java/JavaVirtualMachines/openjdk-11.jdk🈁
openjdk@11 is keg-only, which means it was not symlinked into /usr/local,
because this is an alternate version of another formula.
If you need to have openjdk@11 first in your PATH, run:
echo 'export PATH="/usr/local/opt/openjdk@11/bin:$PATH"' >> /Users/ujpadmin/.bash_profile🈁
For compilers to find openjdk@11 you may need to set:
export CPPFLAGS="-I/usr/local/opt/openjdk@11/include"
==> Summary
🍺 /usr/local/Cellar/openjdk@11/11.0.9: 653 files, 295.7MB
[macmini2014:ujpadmin 16:30:13 ~ ]
$
- 環境を設定する.
$ echo 'export PATH="/usr/local/opt/openjdk@11/bin:$PATH"' >> /Users/ujpadmin/.bash_profile🆑
[macmini2014:ujpadmin 16:31:06 ~ ]
$
- シンボリックリンクを設定.
$ sudo ln -sfn /usr/local/opt/openjdk@11/libexec/openjdk.jdk /Library/Java/JavaVirtualMachines/openjdk-11.jdk🆑
Password:
[macmini2014:ujpadmin 16:31:37 ~ ]
$
- セットアップ完了.
neo4jをインストール
- OpenJDKをインストールできたので,パッケージをインストール.
$ brew install neo4j🆑
Updating Homebrew...
Warning: Treating neo4j as a formula. For the cask, use homebrew/cask/neo4j
==> Downloading https://neo4j.com/artifact.php?name=neo4j-community-4.2.3-unix.tar.gz
==> Downloading from https://s3-eu-west-1.amazonaws.com/dist.neo4j.org/neo4j-community-4.2.3-unix.tar.gz?x-amz-secur
######################################################################## 100.0%
==> Caveats
To have launchd start neo4j now and restart at login:
brew services start neo4j🈁
Or, if you don't want/need a background service you can just run:
neo4j start
==> Summary
🍺 /usr/local/Cellar/neo4j/4.2.3: 175 files, 121.5MB, built in 9 seconds
[macmini2014:ujpadmin 16:49:57 ~ ]
$
- インストール完了.ダウンロードに時間がかかった.
neo4jを起動
- グラフデータベースのneo4jを起動する.
$ brew services start neo4j🆑
==> Tapping homebrew/services
Cloning into '/usr/local/Homebrew/Library/Taps/homebrew/homebrew-services'...
remote: Enumerating objects: 3, done.
remote: Counting objects: 100% (3/3), done.
remote: Compressing objects: 100% (3/3), done.
remote: Total 1124 (delta 0), reused 0 (delta 0), pack-reused 1121
Receiving objects: 100% (1124/1124), 325.21 KiB | 480.00 KiB/s, done.
Resolving deltas: 100% (476/476), done.
Tapped 1 command (40 files, 413.8KB).
==> Successfully started `neo4j` (label: homebrew.mxcl.neo4j)
[macmini2014:ujpadmin 16:52:10 ~ ]
$
-
起動した模様.プロセスを確認.
$ ps -ef|grep neo4j🆑
503 72025 1 0 4:52PM
?? 0:39.15
/usr/local/opt/openjdk@11/bin/java -cp
/usr/local/Cellar/neo4j/4.2.3/libexec/plugins:/usr/local/Cellar/neo4j/4.2.3/libexec/conf:/usr/local/Cellar/neo4j/4.2.3/libexec/lib/*:/usr/local/Cellar/neo4j/4.2.3/libexec/plugins/*
-XX:+UseG1GC
-XX:-OmitStackTraceInFastThrow -XX:+AlwaysPreTouch
-XX:+UnlockExperimentalVMOptions -XX:+TrustFinalNonStaticFields
-XX:+DisableExplicitGC -XX:MaxInlineLevel=15 -XX:-UseBiasedLocking
-Djdk.nio.maxCachedBufferSize=262144
-Dio.netty.tryReflectionSetAccessible=true
-Djdk.tls.ephemeralDHKeySize=2048
-Djdk.tls.rejectClientInitiatedRenegotiation=true
-XX:FlightRecorderOptions=stackdepth=256 -XX:+UnlockDiagnosticVMOptions
-XX:+DebugNonSafepoints -Dlog4j2.disable.jmx=true -Dfile.encoding=UTF-8
org.neo4j.server.CommunityEntryPoint
--home-dir=/usr/local/Cellar/neo4j/4.2.3/libexec
--config-dir=/usr/local/Cellar/neo4j/4.2.3/libexec/conf
503 72116 66942 0 5:06PM ttys004 0:00.00 grep neo4j
[macmini2014:ujpadmin 17:06:32 ~ ]
$
net4jの初期設定
- ブラウザで,管理画面にアクセス.
http://localhost:7474/
-
次のような画面が表示される.
-
ユーザID,パスワードともにneo4jを入力.
-
[Generate]ボタンを押してパスワードを生成してみる.
- 今回は, phrase-detail-finish-relax-modem-1611 というパスワードになった.フレーズ詳細仕上げリラックスモデム?
-
[Change password]ボタンをクリック.
-
起動した.
Bloodhoundにログイン(2回目の起動)
-
Bloodhoundを起動すると,次のようなダイアログが表示される.
-
接続URIのチェックボックスがグリーンになっていることを確認して,neo4jで作成したユーザIDでログインする.
- パスワードはphrase-detail-finish-relax-modem-1611だった.
- 何もデータがない状態が確認できた.
BloodHoundの動作確認
-
動作確認するために,ランダムなテストデータを作成するBloodHound-Toolsを使う.
-
ちょっとまだ理解ができてないけれど,,,接続のためにneo4j-driverを使うので,それらをインストールする.
neo4j-driverのインストール
-
pipのバージョンを確認.
$ pip -V🆑
pip 21.0.1 from /usr/local/lib/python3.9/site-packages/pip (python 3.9)
[macmini2014:ujpadmin 17:26:12 ~ ]
$
-
ドライバのインストール.
$ pip install neo4j-driver🆑
Collecting neo4j-driver
Downloading neo4j-driver-4.2.1.tar.gz (69 kB)
|████████████████████████████████| 69 kB 2.9 MB/s
Collecting pytz
Downloading pytz-2021.1-py2.py3-none-any.whl (510 kB)
|████████████████████████████████| 510 kB 3.4 MB/s
Building wheels for collected packages: neo4j-driver
Building wheel for neo4j-driver (setup.py) ... done
Created wheel for neo4j-driver:
filename=neo4j_driver-4.2.1-py3-none-any.whl size=95273
sha256=794b8cf0393f6070cb399b092590d2e2e4c2c8ee4226122e3bf06a3511f43e72
Stored in directory:
/Users/ujpadmin/Library/Caches/pip/wheels/fe/a2/12/36d9ab6287417260db156b6021d409f296d274a11f23373cfe
Successfully built neo4j-driver
Installing collected packages: pytz, neo4j-driver
Successfully installed neo4j-driver-4.2.1 pytz-2021.1🈁
[macmini2014:ujpadmin 17:26:36 ~ ]
$
- インストールは成功している.
BloodHound-Toolsのインストール
-
私の場合,ホームディレクトリにbinディレクトリがあるので,そこにインストールする.
$ cd bin🆑
[macmini2014:ujpadmin 17:24:07 ~/bin ]
$ git clone https://github.com/BloodHoundAD/BloodHound-Tools🆑
Cloning into 'BloodHound-Tools'...
remote: Enumerating objects: 18, done.
remote: Counting objects: 100% (18/18), done.
remote: Compressing objects: 100% (14/14), done.
remote: Total 128 (delta 7), reused 11 (delta 4), pack-reused 110
Receiving objects: 100% (128/128), 1.60 MiB | 1.65 MiB/s, done.
Resolving deltas: 100% (53/53), done.
[macmini2014:ujpadmin 17:24:28 ~/bin ]
$ cd BloodHound-Tools🆑
[macmini2014:ujpadmin 17:25:23 ~/bin/BloodHound-Tools ]
$ ls -la🆑
total 628
drwxr-xr-x 9 ujpadmin staff 288 2 10 17:24 .
drwxr-xr-x 5 ujpadmin staff 160 2 10 17:24 ..
drwxr-xr-x 12 ujpadmin staff 384 2 10 17:24 .git
-rw-r--r-- 1 ujpadmin staff 1360 2 10 17:24 .gitignore
drwxr-xr-x 8 ujpadmin staff 256 2 10 17:24 DBCreator🈁
-rw-r--r-- 1 ujpadmin staff 7651 2 10 17:24 LICENSE
-rw-r--r-- 1 ujpadmin staff 355 2 10 17:24 README.md
-rw-r--r-- 1 ujpadmin staff 579415 2 10 17:24 bloodhoundanalytics.pbix
-rw-r--r-- 1 ujpadmin staff 43155 2 10 17:24 bloodhoundanalytics.py
[macmini2014:ujpadmin 17:25:25 ~/bin/BloodHound-Tools ]
$
-
DBCreatorディレクトリへ移動してファイルを確認.
$ cd DBCreator/🆑
[macmini2014:ujpadmin 17:35:15 ~/bin/BloodHound-Tools/DBCreator ]
$ ls -la🆑
total 1348
drwxr-xr-x 8 ujpadmin staff 256 2 10 17:24 .
drwxr-xr-x 9 ujpadmin staff 288 2 10 17:24 ..
-rw-r--r-- 1 ujpadmin staff 35587 2 10 17:24 DBCreator.py
-rw-r--r-- 1 ujpadmin staff 35053 2 10 17:24 DBCreator.py.bak
-rw-r--r-- 1 ujpadmin staff 1029 2 10 17:24 README.md
-rw-r--r-- 1 ujpadmin staff 66356 2 10 17:24 first.pkl
-rw-r--r-- 1 ujpadmin staff 1227638 2 10 17:24 last.pkl
-rw-r--r-- 1 ujpadmin staff 150 2 10 17:24 requirements.txt🈁
[macmini2014:ujpadmin 17:35:16 ~/bin/BloodHound-Tools/DBCreator ]
$
-
requirements.txtファイルがある.
-
pipを使って追加パッケージをインストール.
$ pip install -r requirements.txt🆑
Collecting neo4j==1.7.6
Downloading neo4j-1.7.6.tar.gz (23 kB)
Collecting neobolt==1.7.16
Downloading neobolt-1.7.16.tar.gz (183 kB)
|████████████████████████████████| 183 kB 8.9 MB/s
Collecting neotime==1.7.4
Downloading neotime-1.7.4.tar.gz (17 kB)
Collecting pytz==2019.3
Downloading pytz-2019.3-py2.py3-none-any.whl (509 kB)
|████████████████████████████████| 509 kB 3.3 MB/s
Collecting six==1.14.0
Downloading six-1.14.0-py2.py3-none-any.whl (10 kB)
Building wheels for collected packages: neo4j, neobolt, neotime
Building wheel for neo4j (setup.py) ... done
Created wheel for neo4j: filename=neo4j-1.7.6-py3-none-any.whl
size=32571
sha256=2d1882a36cb6baae977b98fef3b873dddc51e2f0d9f9ee3da08698ee11c9fcea
Stored in directory:
/Users/ujpadmin/Library/Caches/pip/wheels/0e/a7/b5/bf1049e8285ffd2c49c7e7ac27265d7803d31f7d91d88f5211
Building wheel for neobolt (setup.py) ... done
Created wheel for neobolt:
filename=neobolt-1.7.16-py3-none-any.whl size=37140
sha256=e2ed557da10aeb79a2d6921f6bdfa65b1615baf44b0dc23d8330796e0ecaa3ce
Stored in directory:
/Users/ujpadmin/Library/Caches/pip/wheels/4d/d0/11/131027012ce04b3a7f0dc770d59e895f011f3618c4b8a87616
Building wheel for neotime (setup.py) ... done
Created wheel for neotime:
filename=neotime-1.7.4-py3-none-any.whl size=20541
sha256=73a317202645a25475ccfe823517b9be988d99623f06b785d3fb5f6806c8a3ba
Stored in directory:
/Users/ujpadmin/Library/Caches/pip/wheels/aa/47/bb/6e5c41d174666c8a7d870f7db23f120b1a70fa64b60154535f
Successfully built neo4j neobolt neotime
Installing collected packages: six, pytz, neotime, neobolt, neo4j
Attempting uninstall: six
Found existing installation: six 1.15.0
Uninstalling six-1.15.0:
Successfully uninstalled six-1.15.0
Attempting uninstall: pytz
Found existing installation: pytz 2021.1
Uninstalling pytz-2021.1:
Successfully uninstalled pytz-2021.1
Successfully installed neo4j-1.7.6 neobolt-1.7.16 neotime-1.7.4 pytz-2019.3 six-1.14.0
[macmini2014:ujpadmin 17:37:12 ~/bin/BloodHound-Tools/DBCreator ]
$
-
インストール完了の模様.
DBCreator.pyを使ってデータベースの設定を行う
-
Python3を使って,DBCreatory.pyを実行する.
$ /usr/local/opt/python\@3.9/bin/python3 DBCreator.py🆑
================================================================
BloodHound Sample Database Creator
================================================================
Documented commands (type help <topic>):
========================================
clear_and_generate connect
exit
help setnodes
cleardb dbconfig🈁 generate setdomain
(Cmd)
-
dbconfigを実行する.
(Cmd) dbconfig🆑
Current Settings:
DB Url: bolt://localhost:7687
DB Username: neo4j
DB Password: neo4jj
Use encryption: False
Enter DB URL [bolt://localhost:7687]
-
データベースの情報を入力する.
Enter DB URL [bolt://localhost:7687]🆑
Enter DB Username [neo4j] neo4j🆑
Enter DB Password [neo4jj] phrase-detail-finish-relax-modem-1611🆑
Use encryption? Y/n n🆑
New Settings:
DB Url: bolt://localhost:7687
DB Username: neo4j
DB Password: phrase-detail-finish-relax-modem-1611
Use encryption: False
Testing DB Connection
Database Connection Successful!🈁
(Cmd)
-
データベースに接続成功.
-
データを生成する.
(Cmd) generate🆑
Starting data generation with nodes=500
Populating Standard Nodes
Traceback (most recent call last):
File "/Users/ujpadmin/bin/BloodHound-Tools/DBCreator/DBCreator.py", line 806, in <module>
MainMenu().cmdloop()
File "/Users/ujpadmin/bin/BloodHound-Tools/DBCreator/DBCreator.py", line 69, in cmdloop
cmd.Cmd.cmdloop(self)
File
"/usr/local/Cellar/python@3.9/3.9.1_8/Frameworks/Python.framework/Versions/3.9/lib/python3.9/cmd.py",
line 138, in cmdloop
stop = self.onecmd(line)
File
"/usr/local/Cellar/python@3.9/3.9.1_8/Frameworks/Python.framework/Versions/3.9/lib/python3.9/cmd.py",
line 217, in onecmd
return func(arg)
File "/Users/ujpadmin/bin/BloodHound-Tools/DBCreator/DBCreator.py", line 200, in do_generate
self.generate_data()
File "/Users/ujpadmin/bin/BloodHound-Tools/DBCreator/DBCreator.py", line 261, in generate_data
session.run(f"{base_statement},n.highvalue=true", gname=cn(
File "/usr/local/lib/python3.9/site-packages/neo4j/__init__.py", line 503, in run
self._connection.fetch()
File "/usr/local/lib/python3.9/site-packages/neobolt/direct.py", line 419, in fetch
return self._fetch()
File "/usr/local/lib/python3.9/site-packages/neobolt/direct.py", line 461, in _fetch
response.on_failure(summary_metadata or {})
File "/usr/local/lib/python3.9/site-packages/neobolt/direct.py", line 755, in on_failure
raise CypherError.hydrate(**metadata)
neobolt.exceptions.ClientError: Supplied bookmark
[FB:kcwQTQsLDdTOQhS7m6W//Z2RdyKQ] does not conform to pattern
neo4j:bookmark:v1:tx
[macmini2014:ujpadmin 01:42:05 ~/bin/BloodHound-Tools/DBCreator ]
$
-
エラー.解決方法なし..
