← All tools

profilehound

https://github.com/m4lwhere/profilehound

Open Source

Categories

Exploitation Post-Exploitation

Description

ProfileHound - BloodHound OpenGraph collector for user profiles stored on domain machines. Make informed decisions about looting secrets by identifying active user profiles on domain machines.

Keywords

active-directory bloodhound pentest-tool pentesting redteam redteam-tools python

Screenshots

Example Usage

$ profilehound --auth-user alice --auth-password whiteRabbit --auth-domain sccm.lab --target 192.168.57.0/27
    ____             _____ __     __  __                      __
   / __ \_________  / __(_) /__  / / / /___  __  ______  ____/ /
  / /_/ / ___/ __ \/ /_/ / / _ \/ /_/ / __ \/ / / / __ \/ __  /
 / ____/ /  / /_/ / __/ / /  __/ __  / /_/ / /_/ / / / / /_/ /
/_/   /_/   \____/_/ /_/_/\___/_/ /_/\____/\__,_/_/ /_/\__,_/    v0.1.1
@m4lwhere

BloodHound CE OpenGraph collector for user profiles stored on domain machines.

[12/30/25 11:58:05] INFO     Loaded 32 targets
[12/30/25 11:58:08] INFO     Successful authentication on 192.168.57.10 (192.168.57.10) as sccm.lab\alice
                    INFO     Successfully connected to share \\192.168.57.10\C$ as sccm.lab\alice
                    INFO     Enumerating profiles in \\192.168.57.10\C$\Users\...
                    INFO         vagrant:    S-1-5-21-3016982856-3796307652-1246469985-1000  created:2025-11-07      modified:2025-11-07
                    INFO     Found 1 domain profile(s) for 192.168.57.10
                    INFO     Successful authentication on 192.168.57.11 (192.168.57.11) as sccm.lab\alice
[12/30/25 11:58:09] IN