# BloodHound BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. Attacks can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. You can find the tool here : {% embed url="" %} After installing it, start your neo4j plateform : ``` neo4j console ``` and start your bloodhound in another tab by typing ``` bloodhound ``` \ Now bloodhound needs data, and it does so by using an ingestor called [SharpHound](https://github.com/BloodHoundAD/BloodHound/blob/master/Ingestors/SharpHound.ps1), you should download, move and execute that script on your domain user that you compromised by typing ``` powershell -ep bypass . .\SharpHound.ps1 Invoke-BloodHound -CollectionMethod All -Domain TARGETDOMAIN -ZipFileName bloodhound.zip ``` once you finish that, copy the zip file to your system, and feed it to bloodhound through drag and drop or import data functionality. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://xedex.gitbook.io/internalpentest/internal-pentest/active-directory/reconnaissance/bloodhound.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.