Neo4LDAP is a query and visualization tool focused on Active Directory. It combines LDAP syntax with graph-based data analysis in Neo4j, offering an alternative approach to tools like BloodHound.
- Run complex and expressive queries directly against Neo4j
- No need to learn Cypher: queries can be written in LDAP syntax
- Create custom reusable queries
- Owned nodes are highlighted to improve visibility and search efficiency
- Analyze Active Directory ACLs through interactive graphs.
- Outbound analysis
- Inbound analysis
- Targeted analysis
- Advanced techniques to reduce visual noise
- Exclude nodes to remove irrelevant elements from the view
- Temporarily hide graph sections to improve focus and readability
- Depth-limited search to control graph size and prevent visual clutter
- Full control over graph behavior
- Define the relevance of each ACE to match your objectives
- Context-driven algorithms that adapt to your analytical needs
- Neo4LDAP can ingest data from BloodHound JSON files
- Support for both Legacy and Community Edition (CE) formats
- Fast, multithreaded ingestion
- Multi-database support
- Independent panels: analyze graphs while querying data simultaneously, without losing context
📘 To maximize the effectiveness of Neo4LDAP and gain a deeper understanding of how it handles special cases and internal logic, it is highly recommended to read through the full project wiki. The documentation covers key design decisions, usage examples, and query behaviors that may not be immediately apparent.
Additionally, there are two articles covering the tool's internals:
- Goodbye Cypher, Hello LDAP: Querying Neo4j with Neo4LDAP
- Finding optimal attack paths in Active Directory with Neo4LDAP
Ingestion of large JSONs may affect memory efficiency. If you have a large JSON file, it is advisable to split it into chunks using ShredHound before uploading them.
You can modify the scale factor of Neo4LDAP by using the following command:
QT_SCALE_FACTOR=<VALUE> neo4ldapNeo4LDAP uses Neo4j as its database. To use the tool, you must install and run a Neo4j instance. For installation instructions, please refer to the official Neo4j installation guide
Once Neo4j is installed, start it by running:
neo4j consoleTo install Neo4LDAP, it is recommended to use a Conda virtual environment with Python 3.9.13 or higher to isolate the installation and avoid dependency conflicts:
conda create -n neo4ldap python=3.9.13
conda activate neo4ldapOnce the conda environment is activated, install the following Python dependencies using pip:
pip install networkx neo4j-rust-ext PySide6Depending on the display server protocol you are using, you must install some extra dependencies. To check which display server protocol you are using, execute the following command:
echo $XDG_SESSION_TYPEIf that command returns x11, you must install the following dependency:
sudo apt install libxcb-cursor0It is recommended to define the following shell alias in .bashrc, .zshrc, or equivalent shell configuration:
nano ~/.bashrc
neo4ldap() {
cd <installation path> || return
python -m Neo4LDAP.Neo4LDAP
}
source ~/.bashrcSpecial thanks to @_wald0, @CptJesus, and @harmj0y for their work on BloodHound, a tool that has served as a foundational reference and source of inspiration for the development of Neo4LDAP.