> ## Documentation Index
> Fetch the complete documentation index at: https://bloodhound.specterops.io/llms.txt
> Use this file to discover all available pages before exploring further.

# BloodHound Community Edition Quickstart

> Set up a local instance of BloodHound Community Edition and start identifying and visualizing security risks in your environment.

<img noZoom src="https://mintcdn.com/specterops/tTIczgde9H07oLXf/assets/community-edition-pill-tag.svg?fit=max&auto=format&n=tTIczgde9H07oLXf&q=85&s=3a8d58a0f10bb4bd4c711489b93d6dda" alt="Applies to BloodHound CE only" width="237" height="45" data-path="assets/community-edition-pill-tag.svg" />

This quickstart guide walks you through installing BloodHound Community Edition (BloodHound CE) using the BloodHound CLI (BH-CLI), which is a wrapper around Docker Compose.

After installation, you'll learn how to ingest data into BloodHound CE and explore attack paths in your environment.

<Info>Are you a blue team member looking to remediate identity risks? [Request a demo of BloodHound Enterprise](https://specterops.io/get-a-demo/).</Info>

## Prerequisites

BloodHound CE deploys in a traditional multi-tier container architecture consisting of database, application, and UI layers.

To complete installation, ensure your system meets the following requirements:

| Minimum specifications | For large environments (>50K users) |
| ---------------------- | ----------------------------------- |
| 8GB of RAM             | 96GB of RAM                         |
| 4 processor cores      | 12 processor cores                  |
| 10GB hard disk space   | 50GB hard disk space                |

<Note>
  During startup, BloodHound CE runs initial graph analysis that may continue for about the first minute after launch. On low-memory hosts, sending API requests immediately after container startup can cause the `bloodhound` container to terminate with exit code `137` (out of memory).

  To avoid this behavior, allocate at least **8GB of RAM** or wait for startup processing to complete before running API automation tasks such as user creation.
</Note>

## Install BloodHound CE

<Warning>
  BloodHound Community Edition is a security auditing tool that was written to test the resilience of networks against attackers. Because this tool can equally be used for evil, some anti-malware and endpoint detection and response (EDR) solutions flag BloodHound and its components as **malware**.

  If you encounter issues with downloads being blocked and files being prohibited from execution, create targeted allow-list entries for the specific BloodHound binaries, supporting libraries, and installation paths required for your deployment. We recommend that you set up BloodHound on a dedicated machine so that your regular work environment remains protected. If you are planning to use BloodHound on a corporate network, notify your Security Operations Center (SOC) or Chief Information Security Officer (CISO) ahead of time and ensure you have the required permissions to audit the network.

  For legal and ethical reasons, you must never use BloodHound on systems you do not own or lack explicit permission to audit.
</Warning>

Installing BloodHound CE with the BloodHound CLI is the easiest way to get started. The CLI handles downloading the necessary Docker images and creating the `docker-compose.yml` file with standard defaults.

<Steps>
  <Step title="Install Docker Desktop">
    For ease and convenience, we recommend installing [Docker Desktop](https://www.docker.com/get-started) to run BloodHound CE containers on your local machine.
  </Step>

  <Step title="Download BloodHound CLI">
    Download the latest release of **[BloodHound CLI](https://github.com/SpecterOps/bloodhound-cli/releases)** for your operating system and architecture (AMD or ARM).

    BloodHound CLI is a utility that makes it easy to install BloodHound CE in containers on your machine.

    <Tip>To avoid the software getting blocked as malware in the browser, we recommend downloading it using the command line.</Tip>

    <CodeGroup>
      ```bash Linux theme={null}
      wget https://github.com/SpecterOps/bloodhound-cli/releases/latest/download/bloodhound-cli-linux-amd64.tar.gz
      ```

      ```powershell Windows PowerShell theme={null}
      curl.exe -L -o "$env:USERPROFILE\Downloads\bloodhound-cli-windows-amd64.zip" https://github.com/SpecterOps/bloodhound-cli/releases/latest/download/bloodhound-cli-windows-amd64.zip
      ```

      ```bash Mac theme={null}
      curl -L -o bloodhound-cli-darwin-arm64.tar.gz https://github.com/SpecterOps/bloodhound-cli/releases/latest/download/bloodhound-cli-darwin-arm64.tar.gz
      ```
    </CodeGroup>
  </Step>

  <Step title="Unpack the file">
    Change to the directory where you downloaded the file and unpack it.

    <CodeGroup>
      ```bash Linux theme={null}
      tar -xvzf bloodhound-cli-linux-amd64.tar.gz
      ```

      ```powershell Windows PowerShell theme={null}
      cd "$env:USERPROFILE\Downloads"; tar -xf bloodhound-cli-windows-amd64.zip
      ```

      ```bash Mac theme={null}
      tar -xvzf bloodhound-cli-darwin-arm64.tar.gz
      ```
    </CodeGroup>
  </Step>

  <Step title="Run the install command">
    In your terminal or PowerShell, navigate to the directory where you unpacked the BloodHound CLI and install BloodHound CE:

    <CodeGroup>
      ```bash Linux theme={null}
      ./bloodhound-cli install
      ```

      ```powershell Windows PowerShell theme={null}
      .\bloodhound-cli install
      ```

      ```bash Mac theme={null}
      ./bloodhound-cli install
      ```
    </CodeGroup>

    <Note>Encountering issues? See [troubleshooting](#troubleshooting).</Note>
  </Step>

  <Step title="Wait for installation to complete">
    Keep your terminal open until you see the randomly generated password displayed. Save this password for the next step.

    ```bash theme={null}
    [+] BloodHound is ready to go!
    [+] You can log in as `admin` with this password: <Password>
    ```

    If you lose the password, reset it with:

    <CodeGroup>
      ```bash Linux theme={null}
      ./bloodhound-cli resetpwd
      ```

      ```powershell Windows PowerShell theme={null}
      .\bloodhound-cli resetpwd
      ```

      ```bash Mac theme={null}
      ./bloodhound-cli resetpwd
      ```
    </CodeGroup>
  </Step>

  <Step title="Log in to BloodHound">
    In a browser, go to [http://localhost:8080/ui/login](http://localhost:8080/ui/login) and log in with the `admin` username and the randomly generated password.

    <Note>
      The default `docker-compose.yml` file binds only to localhost (127.0.0.1). To access BloodHound outside localhost, follow the instructions in [examples/docker-compose/README.md](https://github.com/SpecterOps/BloodHound/blob/main/examples/docker-compose/README.md).
    </Note>
  </Step>

  <Step title="Reset your password">
    Reset your password as prompted on first login.
  </Step>
</Steps>

## Get data into BloodHound

To get data into BloodHound, ingest sample data or collect data from your environment with either standalone collectors or OpenHound.

<Tabs>
  <Tab title="Option 1: Sample data (faster)" icon="file-zipper">
    Use sample data to quickly explore BloodHound CE without setting up a SharpHound or AzureHound data collector.

    <Steps>
      <Step title="Download sample data">
        <Tabs>
          <Tab title="Active Directory" icon="building">
            Download sample data for [Active Directory](https://raw.githubusercontent.com/SpecterOps/BloodHound-Docs/main/docs/assets/sample-data/ad_sampledata.zip).

            **Active Directory sample data** generated with SharpHound includes:

            * 3 collected domains with trusts between them
            * Additional, visible, trusted domains without collections
            * Coverage for local permissions
            * Multiple ADCS escalation paths
          </Tab>

          <Tab title="Azure" icon="cloud">
            Download sample data for [Azure](https://raw.githubusercontent.com/SpecterOps/BloodHound-Docs/main/docs/assets/sample-data/entra_sampledata.zip).

            **Azure sample data** generated with AzureHound includes:

            * Full collection of an Azure environment
            * Support for user-sync hybrid paths when ingested alongside the example AD data
          </Tab>
        </Tabs>
      </Step>

      <Step title="Upload sample data to BloodHound CE">
        1. Log in to the BloodHound CE UI.
        2. In the left menu, click <Icon icon="arrow-up-from-bracket" iconType="sharp-solid" /> **Quick Upload**
        3. Click the **Upload Files** modal to open a file system dialog or drag and drop the downloaded sample data ZIP file.
        4. Click **Upload** to begin the data ingest process.

        <Note>
          The default admin email is `spam@example.com` and will appear as the user ingesting the data.
        </Note>
      </Step>
    </Steps>
  </Tab>

  <Tab title="Option 2: Data collectors (more realistic)" icon="microchip">
    There are two main ways to collect data for BloodHound CE:

    * Active Directory, collected by SharpHound CE
    * Entra ID (formerly Azure AD) and Azure IaaS, collected by AzureHound CE
    * Github, Jamf, and Okta, collected by OpenHound CLI for BloodHound CE

    <Tip>
      Use [OpenHound](/openhound/overview) for built-in collectors and workflows for platforms like Github, Jamf, and Okta. For additional community-built collectors, explore the [OpenGraph Library](/opengraph/library).
    </Tip>

    <Steps>
      <Step title="Choose a collection method">
        Pick the collection method that best fits your environment:

        * Use **SharpHound CE** for Active Directory and **AzureHound CE** for Entra ID.
        * Use **OpenHound CLI** for supported SaaS and platform data sources, such as Github, Jamf, and Okta.
      </Step>

      <Step title="Download a collector">
        Each collector is a standalone binary. You can download SharpHound CE and AzureHound CE using one of the following methods:

        <Note>
          To install the OpenHound CLI and configure supported collectors, see [OpenHound Community](/openhound/community).
        </Note>

        <Tabs>
          <Tab title="BloodHound CE UI" icon="download">
            Download the collectors directly from the BloodHound CE UI:

            1. Log in to the BloodHound CE UI.
            2. In the left menu, click **Download Collectors**.
            3. Click one of the links in the **Community Collectors** section to download the SharpHound or AzureHound binary.
          </Tab>

          <Tab title="GitHub" icon="github">
            Download the latest releases from GitHub:

            * [SharpHound releases](https://github.com/SpecterOps/SharpHound/releases/latest)
            * [AzureHound releases](https://github.com/SpecterOps/AzureHound/releases/latest)
          </Tab>

          <Tab title="Source" icon="code">
            Build the collector from the data collector source code

            * [SharpHound](/collect-data/ce-collection/sharphound)
            * [AzureHound](/collect-data/ce-collection/azurehound)
          </Tab>
        </Tabs>
      </Step>

      <Step title="Run a collector">
        Start the collector to generate and compress JSON files into a ZIP archive.

        <CodeGroup>
          ```powershell SharpHound CE theme={null}
          # Run SharpHound CE from a domain-joined Windows system
          C:\> SharpHound.exe
          ```

          ```powershell AzureHound CE theme={null}
          # Provide your credentials and tenant information to run AzureHound CE
          C:\> AzureHound.exe --username "MattNelson@contoso.onmicrosoft.com" --password "MyVeryStrongPassword" --tenant "contoso.onmicrosoft.com" list
          ```

          ```bash OpenHound CLI theme={null}
          # Collect data with OpenHound CLI for BloodHound CE
          openhound collect okta ./output

          # Convert collected data to OpenGraph format for BloodHound CE
          openhound convert okta ./output/okta ./graph/okta
          ```
        </CodeGroup>

        <Tip>
          For command options, see:

          * [SharpHound Community Edition Flags](/collect-data/ce-collection/sharphound-flags)
          * [AzureHound Community Edition Flags](/collect-data/ce-collection/azurehound-flags)
          * [OpenHound CLI](/openhound/community#cli-commands)
        </Tip>
      </Step>

      <Step title="Ingest data into BloodHound">
        Use the BloodHound CE API or the BloodHound CE UI to ingest collected data into BloodHound.

        To ingest collected data with the API, use the BloodHound CE endpoint `/api/v2/file-upload/`. See the [BloodHound API documentation](/integrations/bloodhound-api/working-with-api) for details.

        To ingest collected data with the BloodHound CE UI, go to **Administration** > **Data Collection** > **File Ingest** and click **Upload File(s)** to upload your files.

        <Note>BloodHound CE accepts .zip archives or JSON files, with no size limit. Your browser's ability to package the uploaded file is a limiting factor in uploading large datasets directly through the UI.</Note>
      </Step>
    </Steps>
  </Tab>
</Tabs>

## Explore attack paths

To look at identified attack paths in the graph, go to the **Explore** page in the BloodHound CE UI.

<Steps>
  <Step title="Search for a user">
    1. In the **Search** bar, search nodes for a user object.

       * For Active Directory sample data, enter `user:bob`.

       * For Azure sample data, enter `azuser:bob`.

    2. Select the user and click on the node that appears.

    3. Explore information about the user's sessions and memberships.
  </Step>

  <Step title="Pathfind">
    Review the path from one user to another on the **Pathfinding** tab. For example, pathfind from `BOB@PHANTOM.CORP` to `ADMINISTRATORS@PHANTOM.CORP`.
  </Step>

  <Step title="Explore Cypher queries">
    Explore the pre-saved Cypher queries on the **Cypher** tab.
  </Step>
</Steps>

<Tip>Learn more in [Explore → Search for Objects](/analyze-data/explore/search).</Tip>

## Update BloodHound CE

The easiest way to update your instance of BloodHound Community Edition is via `bloodhound-cli`.

<CodeGroup>
  ```bash Linux theme={null}
  ./bloodhound-cli update
  ```

  ```powershell Windows PowerShell theme={null}
  .\bloodhound-cli update
  ```

  ```bash Mac theme={null}
  ./bloodhound-cli update
  ```
</CodeGroup>

## Next steps

* [Learn how to work with the BloodHound API](/integrations/bloodhound-api/working-with-api)
* [Configure BloodHound integrations](/integrations/overview)

## Troubleshooting

If you encounter issues during installation, refer to the following common problems and solutions.

<Accordion title="&#x22;bloodhound-cli&#x22; Not Opened - Apple security check">
  When running `./bloodhound-cli install`, you may see an error stating that Apple could not verify the binary is free of malware. This is a standard macOS security check for unsigned or unnotarized applications.

  **Terminal (Quick Fix)**

  1. Clear the quarantine flag by running:
     ```bash theme={null}
     xattr -d com.apple.quarantine ./bloodhound-cli
     ```
  2. Repeat the CLI command: `./bloodhound-cli install`

  **System Settings (GUI)**

  1. Go to **System Settings** (or **System Preferences** on older macOS versions)
  2. Navigate to **Privacy & Security**
  3. Scroll down to the **Security** section
  4. You should see a message stating that bloodhound-cli was blocked
  5. Click **Allow Anyway**
  6. Repeat the CLI command: `./bloodhound-cli install`
  7. Click **Open Anyway** when prompted
  8. Enter your password or use your fingerprint to confirm
</Accordion>

<Accordion title="Malware Blocked - &#x22;com.docker.vmnetd&#x22; contains malware">
  This error occurs when macOS blocks Docker's networking component. Resolve it by reinstalling Docker:

  1. Follow the [Docker uninstall instructions](https://docs.docker.com/desktop/uninstall/) (select your operating system tab)
  2. Re-install [Docker Desktop](https://www.docker.com/get-started/)
  3. Repeat the CLI command: `./bloodhound-cli install`
</Accordion>

<Accordion title="Docker daemon is not running">
  If you see an error stating "Docker is installed on this system, but the daemon is not running":

  1. Simply launch **Docker Desktop** from your Applications folder
  2. Wait for Docker to fully start
  3. Repeat the CLI command: `./bloodhound-cli install`
</Accordion>