Documentation Index
Fetch the complete documentation index at: https://docs.bytejmp.com/llms.txt
Use this file to discover all available pages before exploring further.
Query File Location
# BloodHound CE (web app — stored in browser localStorage)
# Legacy BloodHound (Electron app)
~/.config/bloodhound/customqueries.json
# Windows
%APPDATA%\bloodhound\customqueries.json
Download and apply Hausec’s BloodHound Custom Queries.
curl -o ~/.config/bloodhound/customqueries.json \
https://raw.githubusercontent.com/ZephrFish/Bloodhound-CustomQueries/main/customqueries.json
curl -o ~/.config/bloodhound/customqueries.json \
https://raw.githubusercontent.com/ly4k/BloodHound/main/customqueries.json
jq -s 'map(.queries) | add | {queries: .}' file1.json file2.json > merged.json
BloodHound CE — Import via UI API
Upload custom queries to BloodHound CE via API.
curl -X PUT http://localhost:8080/api/v2/saved-queries \
-H "Authorization: Bearer <token>" \
-H "Content-Type: application/json" \
-d @customqueries.json
curl http://localhost:8080/api/v2/saved-queries \
-H "Authorization: Bearer <token>"
curl -X DELETE http://localhost:8080/api/v2/saved-queries/<query-id> \
-H "Authorization: Bearer <token>"
{
"queries": [
{
"name": "Find Kerberoastable Admins",
"queryList": [
{
"final": true,
"query": "MATCH (u:User {hasspn: true})-[:MemberOf*1..]->(g:Group) WHERE g.name =~ '(?i).*admin.*' RETURN u.name"
}
]
}
]
}
References