Skip to content

DPAT enhancements: CE compatibility, interactive reporting, and bug fixes#56

Open
exploit-development wants to merge 4 commits into
knavesec:masterfrom
exploit-development:master
Open

DPAT enhancements: CE compatibility, interactive reporting, and bug fixes#56
exploit-development wants to merge 4 commits into
knavesec:masterfrom
exploit-development:master

Conversation

@exploit-development

@exploit-development exploit-development commented Jun 14, 2026

Copy link
Copy Markdown

Summary

Ports the DPAT module to BloodHound Community Edition (Neo4j, 2.x collector
schema) and rebuilds the report as a self-contained interactive HTML file.
Adds password reuse and blank-hash analytics, privileged account exposure
scoring, and several collector compatibility fixes.

Live sample report: https://exploit-development.github.io/Max-BloodHound-CE/sample_report.html

What's new

Enhanced DPAT reporting

  • Single-file HTML report with all CSS, JS, and icons embedded as base64, no external dependencies
  • Summary dashboard with charts and privileged account exposure
  • Password reuse detection across all shared hashes, not just cracked ones
  • Blank password detection (flags empty NT hash 31d6cfe0d16ae931b73c59d7e0c089c0)
  • Improved LM hash parsing in potfiles
  • Group risk scoring weighted by cracked users x percentage, so large compromised groups are not buried under small 100% groups
  • Group membership ranking to surface over-privileged accounts
  • Interactive drill-down across stats, users, groups, and charts
  • Per-user detail pages showing group membership, password info, and accounts sharing the same hash
  • CSV export on every table
  • Sanitise option to redact passwords and hashes for sharing

Sample data

  • Bundled BloodHound JSON (three domains), NTDS, and potfile for testing the full report end to end

Bug fixes

  • Fixed Builtin Administrators group detection broken by the new collector appending the domain name to the group
  • Unsupported OS query no longer flags Windows 11 as end of life

exploit-development and others added 4 commits May 29, 2026 02:16
@exploit-development
Fix LM hash cracking and Builtin Administrators group detection for B…
c8d8f9d 
…loodHound CE

Fix Administrators group (S-1-5-32-544) detection for data collected with SharpHound 2.x and BloodHound.py, which prefix builtin group SIDs with the domain name (e.g. DOMAIN-S-1-5-32-544). The previous regex anchored at S-1-5- causing all Builtin Administrators members to show as 0.

Fix LM hash lookup to split hashes into two 16-character halves as stored by hashcat, and allow 16-character half-hashes through the potfile parser.
Add sample data, enhanced DPAT report, README overhaul and asset cleanup
67275c6 
- Add synthetic sample data (PHANTOM/GHOST/WRAITH domains, 100 users, potfile)
- Add BloodHound CE sample JSON files for all three domains
- Add sample_report.html for demo/download
- Overhaul README with gallery, download badge, sample data instructions
- Add wiki/Home.md with fork overview and key features
- Add production assets (Bootstrap, Chart.js)
- Remove dev-only win98 icon files and downloader script
- Update .gitignore to exclude generated reports and run.sh
- LM hash cracking and Builtin Administrators fixes in max.py
Move stars/forks badges above hero image, remove duplicate screenshot…
78bf91a 
… from header
Update sample report link to GitHub Pages for direct browser rendering
a807f69
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@exploit-development