dazzyddos

dazzyddos / PrivHound

Public

A BloodHound OpenGraph collector that models Windows local privilege escalation as interconnected attack paths.

363
35
100% credibility
Found Mar 12, 2026 at 347 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
PowerShell
AI Summary

PrivHound scans Windows systems for local privilege escalation opportunities and models them as interconnected graphs for visualization and querying in BloodHound.

How It Works

1
🔍 Find PrivHound

You hear about this handy security checker while looking for ways to uncover hidden weaknesses on Windows computers that could let someone gain extra control.

2
📥 Grab the tool

Download the simple scanner file from the project page and place it on the Windows machine you want to examine.

3
🚀 Start the scan

Run the scanner with a quick launch – it explores dozens of spots where access could be climbed step by step.

4
📊 Get your map file

Right away, you receive a neat file showing all the connected weak links it discovered.

5
🖼️ Prep the visual viewer

Add colorful icons to your graph viewer once, so security issues show up clearly and invitingly.

6
📤 Load the map

Drop your file into the viewer, and it builds a picture of how issues link together.

7
🗺️ Spot the paths

Zoom around the map to see exact chains from basic access to full control, making risks crystal clear.

Strengthen security

Now you know precisely what to fix, feeling empowered to lock down the computer completely.

Sign up to see the full architecture

6 more

Sign Up Free

Star Growth

See how this repo grew from 347 to 363 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is PrivHound?

PrivHound is a PowerShell BloodHound GitHub collector that models Windows local privilege escalation as interconnected OpenGraph attack paths, solving the gap where tools like WinPEAS list isolated findings without showing multi-hop chains to SYSTEM. Run the CLI on targets to enumerate 30+ vectors—from weak services and stored creds to COM hijacks and WebClient relays—outputting JSON for BloodHound CE or Enterprise ingest. It overlays local graphs on BloodHoundAD data, queryable via Cypher for paths like credential pipeline to admin.

Why is it gaining traction?

It stands out by graphing escalation realistically—e.g., cross-user profiles leading to writable service binaries—not just text dumps, with custom nodes, 50+ prebuilt queries, and credential validation sans SeImpersonate. BloodHound OpenGraph users dig the hostname-scoped multi-endpoint collection and AD-privesc overlays, pulling 326 stars as a fresh BloodHound GitHub Windows alternative to legacy Python collectors.

Who should use this?

Red teamers mapping local-to-domain attacks on Windows fleets, pentesters chaining BloodHound GitHub installation data with privesc, or defenders hunting escalation vectors in BloodHound CE. Perfect for labs testing interconnected paths before real engagements; skip for non-BloodHound or Linux-focused workflows.

Verdict

Worth adding to your BloodHound OpenGraph toolkit—download from GitHub releases, ingest, and query away. With 326 stars, strong docs, and lab helpers but a 1.0% credibility score signaling early maturity, prototype it first before trusting in high-stakes ops.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.