Pentesting Tools

Ansible Role : Bloodhound-CE (Ludus) – A Quick Deployment Guide

An Ansible Role that installs Bloodhound-CE on a debian based system.

  • Checks if {{ ludus_bloodhound_ce_install_path }}/docker-compose.yml exists
  • If not, it installs vanilla bloodhound-ce (via docker-compose)
  • Outputs the admin password in bloodhound_ce_install_path (default: /opt/bloodhound)

To force the role to re-run, stop the docker container and remove the ludus_bloodhound_ce_install_path folder

cd /opt/bloodhound
docker compose down
cd ..
rm -rf /opt/bloodhound

Requirements

Debian based OS

Role Variables

Available variables are listed below, along with default values (see defaults/main.yml):

# Path where docker-compose.yml and admin creds are placed
ludus_bloodhound_ce_install_path: /opt/bloodhound
# Expose bloodhound web UI to 0.0.0.0:8080 if set to false (default: true)
ludus_bloodhound_listen_only_localhost: true
# The port bloodhound CE listens on
ludus_bloodhound_port: "8080"
# The default admin password for bloodhound (default: generate a random password)
ludus_bloodhound_admin_password:
# Other admin details defaults
ludus_bloodhound_admin_principal_name: 'admin'
ludus_bloodhound_admin_email_address: 'email@bloodhound.ludus'
ludus_bloodhound_admin_first_name: 'Bloodhound'
ludus_bloodhound_admin_last_name: 'Admin'

Dependencies

geerlingguy.docker

Example Ludus Range Config

ludus:
  - vm_name: "{{ range_id }}-docker-services"
    hostname: "{{ range_id }}-services"
    template: debian-12-x64-server-template
    vlan: 99
    ip_last_octet: 2
    ram_gb: 8
    cpus: 2
    linux: true
    testing:
      snapshot: false
      block_internet: false
    roles:
      - badsectorlabs.ludus_bloodhound_ce
    role_vars:
      ludus_bloodhound_listen_only_localhost: false

ludus:

  • vm_name: “{{ range_id }}-docker-services” hostname: “{{ range_id }}-services” template: debian-12-x64-server-template vlan: 99 ip_last_octet: 2 ram_gb: 8 cpus: 2 linux: true testing: snapshot: false block_internet: false roles:
    • badsectorlabs.ludus_bloodhound_ce
      role_vars:
      ludus_bloodhound_listen_only_localhost: false
ludus ansible roles add badsectorlabs.ludus_bloodhound_ce
ludus range config get > config.yml
# Edit config to add the role to the VMs you wish to install bloodhound on and define your desired ludus_bloodhound_ce vars
ludus range config set -f config.yml
ludus range deploy -t user-defined-roles
Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

Leave a Comment
Share
Published by
Varshini
Tags: Ansible Rolecybersecurityinformationsecuritykalilinuxkalilinuxtools
11 months ago

Recent Posts

Starship : Revolutionizing Terminal Experiences Across Shells

Starship is a powerful, minimal, and highly customizable cross-shell prompt designed to enhance the terminal…

1 day ago

Lemmy : A Decentralized Link Aggregator And Forum For The Fediverse

Lemmy is an innovative, open-source platform designed for link aggregation and discussion, providing a decentralized…

1 day ago

Massive UX Improvements, Custom Disassemblers, And MSVC Support In ImHex v1.37.0

The latest release of ImHex v1.37.0 introduces a host of exciting features and improvements, enhancing…

2 days ago

Ghauri : A Powerful SQL Injection Detection And Exploitation Tool

Ghauri is a cutting-edge, cross-platform tool designed to automate the detection and exploitation of SQL…

2 days ago

Writing Tools : Revolutionizing The Art Of Writing

Writing tools have become indispensable for individuals looking to enhance their writing efficiency, accuracy, and…

2 days ago

PatchWerk : A Tool For Cleaning NTDLL Syscall Stubs

PatchWerk is a proof-of-concept (PoC) tool designed to clean NTDLL syscall stubs by patching syscall…

2 days ago