SpecterOps’ open source pentesting software receives major updates

Adversary-focused cybersecurity provider SpecterOPS has released a new version of its open source penetration testing software BloodHound to help open source users with a stack of new features.

Dubbed BloodHound Community Edition (CE), version 5.0 of BloodHound, includes a suite of new capabilities, a few of which are also being uploaded to BloodHound Enterprise, SpecterOps' commercial enterprise-grade defensive product.

"We're releasing BloodHound CE as a 'thank you' to our community users for their amazing support," said Andy Robbins, principal product architect at SpecterOps and a co-creator of BloodHound. "SpecterOps strongly believes in supporting the security community, and with BloodHound CE we're taking many of the improvements we developed in BloodHound Enterprise and bringing them back to the open source community."

BloodHound CE will be available on August 8 in early access and the company is showcasing the new capabilities at the Black Hat conference on August 9.

Open source version receives deployment and API updates

BloodHound CE will be available as a three-tiered application with a database, an API layer, and a web-based user interface. With the new version, open source users will be able to use Representational State Transfer (REST) APIs to interact with data rather than needing to write queries directly to the database.

BloodHound CE will also deploy as a containerized product, with a claimed reduction of 80% in deployment time.

"Previously, users needed to manually download and install the individual components of BloodHound, including a specific version of a specific graph database management system," Robbins said. "This was a complicated process that could take hours. Now, everything needed to run BloodHound CE is packaged in a container so the correct versions of all necessary software will download and install with a single click."

The containerized deployment will also enable enterprise-grade user management with multiuser support through role-based access control (RBAC).

Other features include community support and custom queries

The changes made in the new version will allow SpecterOps to increase the rate of updates and will also increase the number of pull requests from the community that can be implemented, according to the company.

"Right now, BloodHound and BloodHound Enterprise have different code bases, so updates and new features need to be done separately for each," said Robbins. "After this update, the code for both products will be very similar, so updates and new features can be written once and applied to both products."

"This will save a great deal of time for the SpecterOps team, which will allow them to implement more changes requested by BloodHound users. The pace of future updates to BloodHound will increase," he added.

BloodHound Enterprise users will now be able to write custom Cypher queries to explore their active directory (AD) environments with safeguards in place, borrowed from Bloodhound CE, to prevent queries from accidentally causing security or performance issues. All the previous versions of BloodHound (everything before v5.0) will be referred to as "BloodHound Legacy" and will remain available, the company added.