I have had a few people over the last couple of months asking me how to get Bloodhound up and running after I had sung its praise since seeing the “Six Degrees to Domain Admin” video from BSIDES Las Vegas. If you still haven’t seen the video I am referring to I suggest you take a peek before proceeding.

It really is such an awesome tool and I highly recommend it to not only info-sec professionals but to anyone who administrates an Active Directory environment.

The awesome news is that Bloodhound is now in the Kali Linux repository’s and is super easy to install and get up and running and I will show you how.


Ensure an up-to-date system.

Firstly, please ensure you’re running the latest and greatest by performing a dist-upgrade like so.

apt-get update

and then

apt-get dist-upgrade


Installing Bloodhound

You guessed it, simply run the following. Bloodhound depends on neo4j so that will be installed as well.

apt-get install bloodhound


Change the Default Password for Neo4j

We really should change the default password for Neo4j, you know.. For reasons.

Let’s launch Neo4j

neo4j console

We now have a remote interface available at http://localhost:7474. Let’s head over there via a browser and change that default password. You will also see that it enabled Bolt on the localhost, we need this for later.

Login with the default credentials (below) you will then be asked to change the password :-

  • Username: neo4j
  • Password: neo4j

Go ahead and complete the password change and close the browser window.


Let the Hound See The Blood

Pop a new terminal window open and run the following command to launch Bloodhound, leave the Neo4j console running for obvious reasons.


As you can see, Bloodhound is now running and waiting for some user input. Earlier when launching Neo4j it also enabled Bolt on bolt:// You need to use this as your Database URL.

  • Database URL – bolt://
  • Username – neo4j
  • Password – your newly changed password

Hit login and you should be presented with the Bloodhound tool minus any data. You can now import your data and get analyzing.

Hopefully this was a nice and quick guide to help anyone out there having any issues getting up and running with the awesome tool that is Bloodhound.

I also want to take a moment to thank @_wald0@CptJesus, and @harmj0y for their continued hard work on this amazing project.

Cheers Guys!

James Smith

Security Researcher, Penetration Tester & Linux Advocate


defdefdef · December 24, 2017 at 8:30 pm

hi,What is this tool for?

    James Smith · January 22, 2018 at 11:25 am

    Please see the video in the post. This will give you a good over view of what the tool is about.

Stevie · March 28, 2018 at 3:09 pm

Upgrading Kali Rolling today breaks Neo4j: Neo4j reports

“You are using an unsupported version of the Java runtime. Please use Oracle(R) Java(TM) Runtime Environment 8, OpenJDK(TM) 8 or IBM J9”

Output of java –version is

openjdk 9.0.4
OpenJDK Runtime Environment (build 9.0.4+12-Debian-2)
OpenJDK 64-Bit Server VM (build 9.0.4+12-Debian-2, mixed mode)

Will raise as an issue on the Bloodhond Github, but recording here in the hope it helps others.

mechgt · April 2, 2018 at 7:22 am

I solved the issue by adding the following line at the beginning of /etc/neo4j/neo4j.conf:


After this it worked and I was able to connect to the web service.


    James Smith · April 2, 2018 at 7:33 am

    Thanks for sharing your fix with the community.

xsnakedoctor · June 5, 2018 at 5:41 pm

I can’t seem to find any good instructions on how to get data INTO BloodHound. The github page goes through the installation as does this page, but neither talk about the PowerShell component or alternative methods on getting data in. Admittedly, I’m a Linux neophyte so I could really just be that dense and I’m missing it.

Stevie · August 22, 2018 at 4:16 pm

I also thank MECHGT for the helpful response.

And belated thanks go to James for covering so much ground so well. Kali has niche considerations which mean generic Debian instructions *might* leave you with a bork’d platform.

However I do want to echo XSNAKEDOCTOR’s point, perhaps slightly varied:

When following a default Kali installation, where does “apt” place the ingestors? I could acquire directly from Github, but that will inevitably fall prey to incompatibility, as the Kali-packaged version won’t remain in step with the Github repository.

Armed with information, it would then be trivial to follow the “Data Collection” wiki.


James Smith · October 12, 2018 at 10:07 am

Hi Stevie, Do you think it would be worth me creating a post on how to get data into a bloodhound?

Bloodhound – Six Degrees of Domain Admin – Haxf4rall · February 1, 2018 at 10:38 am

[…] For much better instructions on setting up BloodHound on Linux, see this blog post: […]

Sniff Out Vuln Paths: BloodHound Active Directory Walkthrough - · November 12, 2019 at 9:16 pm

[…] very easiest way to install Bloodhound is outlined in this guide. However, for convenience these are the […]

Hackthebox – Forest Write-Up – Malicious Group · December 26, 2019 at 2:59 am

[…] you don’t already have BloodHound installed, you can use the guide here for Kali […]

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: