Comment
Author: Admin | 2025-04-27
AD Miner AD Miner is an Active Directory (on-premise and Entra ID) auditing tool that:Leverages Cypher queries to analyze data from the BloodHound graph database (Neo4j).Provides a comprehensive overview of existing weaknesses through a static, web-based report.Web-based reports features:Detailed listings of identified weaknessesDynamic graphs for visual analysisHistorical key indicators to track changes over timeRisk ratings to prioritize threats and actionsQuick overview of a reportComprehensive Mitigation Paths for Active Directory RisksA risk-based rating of Active Directory weaknesses, along with comprehensive mitigation paths. A dynamic web interfaceSearch bar and controls that are carefully tailored to identify the most risky misconfigurations. Progress Monitoring through an Evolving InterfaceYou can also observe indicators over time to help measuring mitigation efficiency. AD Miner has been initially created by Forvis Mazars Cybersecurity team.PrerequisitesTo run AD Miner, you first need a neo4j database which contains the Active Directory objects:To extract the data from the domain, you can use tools like SharpHound, RustHound-CE or BloodHound.py and AzureHound for EntraID environments.To set up your BloodHound environment (including the GUI and Neo4j database), BloodHound Automation is highly recommended due to its seamless integration with the Graph Data Science plugin. Though it is perfectly fine to use the default BloodHound CE installation, be aware that you will miss out on the benefits of GDS (e.g., smarter pathfinding, improved execution speed, etc.).By default, BloodHound creates a neo4j base accessible on port 7687.Installation and setupThe easier way is to do the following command using pipx:pipx install 'git+https://github.com/Mazars-Tech/AD_Miner.git'ADMiner is also available on some Linux distributions:BlackArch: pacman -S ad-minerNixOS: nix-env -iA nixos.ad-minerUsageRun the tool:AD-miner [-h] [-b BOLT] [-u USERNAME] [-p PASSWORD] [-e EXTRACT_DATE] [-r RENEWAL_PASSWORD] [-a] [-c] [-l LEVEL] -cf CACHE_PREFIX [-ch NB_CHUNKS] [-co NB_CORES] [--rdp] [--evolution EVOLUTION] [--cluster CLUSTER]Example:AD-miner -cf My_Report -u neo4j -p mypasswordCache files are generated at the completion of each Neo4j request.
Add Comment