Question 1

How do I install PlumHound and connect it to my BloodHound database?

Accepted Answer

Install via pip with 'pip install plumhound', then use command-line arguments like -s for server and -u for username to connect to your Neo4J instance. Ensure BloodHoundAD data is already imported, as per the environment setup instructions in the README.

Question 2

PlumHound vs BloodHound: what's the difference for security teams?

Accepted Answer

BloodHound is a graphical tool for visualizing attack paths, while PlumHound is a reporting engine that turns those paths into actionable reports. PlumHound is better for generating structured outputs and batch analysis, whereas BloodHound is for interactive exploration.

Question 3

How can I create a custom TaskList for specific AD vulnerabilities?

Accepted Answer

TaskLists are text files with syntax like ['Report Title','HTML','output.html','cypher query']. Start by modifying the default.tasks file or check the PlumHound-Tasks repository for examples, ensuring cypher queries use single quotes to avoid syntax issues.

Question 4

Does PlumHound work with Azure AD or cloud environments?

Accepted Answer

PlumHound is primarily designed for on-premises Active Directory via BloodHoundAD. While it includes an AzHound module for basic Azure analysis, it's limited to presets like Global Administrator relationships and not as comprehensive as for AD.

Question 5

What are the performance implications for large AD domains?

Accepted Answer

Performance depends on Neo4J database size and query complexity. PlumHound can handle large datasets, but it's recommended to test with sample data first, use quiet output modes, and optimize cypher queries to avoid timeouts, as noted in the execution examples.

Question 6

How to integrate PlumHound reports into existing security workflows?

Accepted Answer

Export reports in CSV or HTML formats and use external tools to parse or display them. For automation, schedule PlumHound runs via cron or scripts, and leverage the Report Indexer and TaskZipper modules to bundle outputs for easy sharing.

PlumHound

What is PlumHound?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions