AD Miner is an Active Directory (on-premise and Entra ID) auditing tool that:

• Leverages Cypher queries to analyze data from the BloodHound graph database (Neo4j).
• Provides a comprehensive overview of existing weaknesses through a static, web-based report.

Web-based reports features:

• Detailed listings of identified weaknesses
• Dynamic graphs for visual analysis
• Historical key indicators to track changes over time
• Risk ratings to prioritize threats and actions

Quick overview of a report

Comprehensive Mitigation Paths for Active Directory Risks

A risk-based rating of Active Directory weaknesses, along with comprehensive mitigation paths.

A dynamic web interface

Search bar and controls that are carefully tailored to identify the most risky misconfigurations.

Progress Monitoring through an Evolving Interface

You can also observe indicators over time to help measuring mitigation efficiency.

AD Miner has been initially created by Forvis Mazars Cybersecurity team.

Prerequisites

To run AD Miner, you first need a neo4j database which contains the Active Directory objects:

1. To extract the data from the domain, you can use tools like SharpHound, RustHound-CE or BloodHound.py and AzureHound for EntraID environments.

[!CAUTION] We strongly recommend using BloodHound Automation, as it installs the Graph Data Science Neo4j plugin, which :

• significantly improves computation time and overall performance.
• enables the use of Smartest Path instead of built-in Neo4j shortestPath() (i.e., Paths that are easier to exploit rather than least nodes hops).