Skip to content

Instantly share code, notes, and snippets.

@cutaway

cutaway/bh_ce_docker_setup.md

Created December 11, 2024 18:02
Show Gist options
  • Save cutaway/5b35d19d17f495899ea4ce2cf647465f to your computer and use it in GitHub Desktop.
Save cutaway/5b35d19d17f495899ea4ce2cf647465f to your computer and use it in GitHub Desktop.
Download ZIP
Bloodhound CE Docker Setup Directions
Raw
bh_ce_docker_setup.md

The following instructions are for running Bloodhound CE in docker via Windows PowerShell.

** WARNING: Your install will be different. Adjust commands accordingly. **

Check the BH CE Docker Compose Instructions First and if you have issues: https://support.bloodhoundenterprise.io/hc/en-us/articles/17468450058267-Install-BloodHound-Community-Edition-with-Docker-Compose

Steps

  • Check clean up commands first. To make sure old instances aren't running.
  • Use Start up commands to start
  • Use notes to remember things.
  • Use clean up commands last. You don't need this running in the background after you are done.

Clean Up Commands

The following commands will help clean up BH Docker instances. The BH YAML file is in a directory named 'BH', hence instance names have 'BH' in them. You may not need all of these commands. So, DO NOT run each one as is, update to match your situation.

Stop running instances of BH

docker ps -a
docker stop bh-graph-db-1
docker stop bh-app-db-1
docker stop bh-bloodhound-1
docker ps -a
docker rm bh-graph-db-1
docker rm bh-app-db-1
docker rmbh-bloodhound-1
docker ps -a

Remove volumes

docker volume ls
docker volume rm bh_neo4j-data
docker volume rm bh_postgres-data
docker volume ls
docker volume prune

Remove dangling images

docker image ls

# Note the 'Image ID'. If the following commands fail, then you will need to use those
docker rmi -f postgres
docker rmi -f neo4j
docker rmi -f specterops/bloodhound
docker image prune -a

# Check for hidden dangling images with the following commands. Run the second if the first comes back with something
docker images -f dangling=true -q
docker rmi $(docker images -f dangling=true -q)

Start Up Commands

Download the BH CE YAML file using PowerShell terminal. NOTE that the name of the parent directory will be used in the name of the Docker images and volumes. Consider client code name for the instance.

cd C:\Users\cutaway\Downloads\BH
Invoke-WebRequest -Uri https://ghst.ly/getbhce -OutFile .\docker-compose.yaml

Run these commands separately in PowerShell as Administrator

docker compose pull
docker compose up
  • This will start the docker and run a new instance. Watch out for the password, you'll have to change it after first log in
  • Using 'Cntl-C' in the terminal will stop the BH instance.

Notes

  • The BH instance should be accessible at https://localhost:8080
  • Log in using the password from start up. Change to a strong password, be sure to write it down.
  • Import the BH zipped file, be patient
  • Analysis can start by checking some of the Cypher queries.
    • When you first select Cypher, you won't see anything. No preloaded Cyphers.
    • Find the folder icon. Click on it. This should show you preloaded Cyphers.
    • Make your own.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment