Pentesting Tools

Ansible Role : Bloodhound-CE (Ludus) – A Quick Deployment Guide

An Ansible Role that installs Bloodhound-CE on a debian based system.

  • Checks if {{ ludus_bloodhound_ce_install_path }}/docker-compose.yml exists
  • If not, it installs vanilla bloodhound-ce (via docker-compose)
  • Outputs the admin password in bloodhound_ce_install_path (default: /opt/bloodhound)

To force the role to re-run, stop the docker container and remove the ludus_bloodhound_ce_install_path folder

cd /opt/bloodhound
docker compose down
cd ..
rm -rf /opt/bloodhound

Requirements

Debian based OS

Role Variables

Available variables are listed below, along with default values (see defaults/main.yml):

# Path where docker-compose.yml and admin creds are placed
ludus_bloodhound_ce_install_path: /opt/bloodhound
# Expose bloodhound web UI to 0.0.0.0:8080 if set to false (default: true)
ludus_bloodhound_listen_only_localhost: true
# The port bloodhound CE listens on
ludus_bloodhound_port: "8080"
# The default admin password for bloodhound (default: generate a random password)
ludus_bloodhound_admin_password:
# Other admin details defaults
ludus_bloodhound_admin_principal_name: 'admin'
ludus_bloodhound_admin_email_address: 'email@bloodhound.ludus'
ludus_bloodhound_admin_first_name: 'Bloodhound'
ludus_bloodhound_admin_last_name: 'Admin'

Dependencies

geerlingguy.docker

Example Ludus Range Config

ludus:
  - vm_name: "{{ range_id }}-docker-services"
    hostname: "{{ range_id }}-services"
    template: debian-12-x64-server-template
    vlan: 99
    ip_last_octet: 2
    ram_gb: 8
    cpus: 2
    linux: true
    testing:
      snapshot: false
      block_internet: false
    roles:
      - badsectorlabs.ludus_bloodhound_ce
    role_vars:
      ludus_bloodhound_listen_only_localhost: false

ludus:

  • vm_name: “{{ range_id }}-docker-services” hostname: “{{ range_id }}-services” template: debian-12-x64-server-template vlan: 99 ip_last_octet: 2 ram_gb: 8 cpus: 2 linux: true testing: snapshot: false block_internet: false roles:
    • badsectorlabs.ludus_bloodhound_ce
      role_vars:
      ludus_bloodhound_listen_only_localhost: false
ludus ansible roles add badsectorlabs.ludus_bloodhound_ce
ludus range config get > config.yml
# Edit config to add the role to the VMs you wish to install bloodhound on and define your desired ludus_bloodhound_ce vars
ludus range config set -f config.yml
ludus range deploy -t user-defined-roles
Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

Leave a Comment
Share
Published by
Varshini
Tags: Ansible Rolecybersecurityinformationsecuritykalilinuxkalilinuxtools
2 years ago

Recent Posts

How UDP Works and Why It Is So Fast

When people ask how UDP works, the simplest answer is this: UDP sends data quickly…

1 week ago

How EDR Killers Bypass Security Tools

Endpoint Detection and Response (EDR) solutions have become a cornerstone of modern cybersecurity, designed to…

2 weeks ago

AI-Generated Malware Campaign Scales Threats Through Vibe Coding Techniques

A large-scale malware campaign leveraging AI-assisted development techniques has been uncovered, revealing how attackers are…

2 weeks ago

How Does a Firewall Work Step by Step

How Does a Firewall Work Step by Step? What Is a Firewall and How Does…

2 weeks ago

Fake VPN Download Trap Can Steal Your Work Login in Minutes

People trying to securely connect to work are being tricked into doing the exact opposite.…

2 weeks ago

This Android Bug Can Crack Your Lock Screen in 60 Seconds

A newly disclosed Android vulnerability is making noise for a good reason. Researchers showed that…

2 weeks ago