ADPathFinder
ADPathFinder is an Active Directory attack path mapping and password auditing tool that integrates data from BloodHound collectors including SharpHound, MSSQLHound, and ConfigManBearPig. It automates the identification of privilege escalation paths across AD, ADCS, MSSQL, and SCCM by querying combined graph data, grouping related paths, and producing detailed reports. The tool also enhances password audits by contextualizing cracked passwords with BloodHound graph data, highlighting risks based on account privileges and group memberships. ADPathFinder is intended for use in internal penetration testing engagements to efficiently identify complex attack paths and password weaknesses.
AI Analysis
Technical Summary
ADPathFinder is a tool designed to map privilege escalation paths within Active Directory environments by combining data from multiple BloodHound collectors (SharpHound, MSSQLHound, ConfigManBearPig) into a unified graph. It identifies shortest paths from low-privileged accounts to high-value targets such as Domain Admins and Domain Controllers, including cross-dataset paths involving AD, ADCS, MSSQL, and SCCM. The tool groups users and computers sharing the same attack paths to reduce duplicate findings and prioritizes paths by severity. Additionally, ADPathFinder performs password audits using cracked NTDS and hashcat results, enriched with BloodHound context to assess password reuse, weak patterns, and roastable accounts. It produces detailed HTML and JSON reports with attack graphs and PowerShell commands for validation. The tool is intended for internal network penetration testing and requires BloodHound CE and Neo4j to operate.
Potential Impact
ADPathFinder itself is a security assessment tool rather than a vulnerability or exploit. Its impact lies in enabling penetration testers and red teams to more efficiently discover and prioritize complex Active Directory attack paths and password weaknesses that could be exploited by adversaries. By automating the correlation of multiple data sources and contextualizing password audit results, it improves the accuracy and speed of internal security assessments. There are no known exploits or malicious use cases inherent to ADPathFinder; it is a legitimate tool for authorized security testing.
Mitigation Recommendations
This is a security assessment tool designed for authorized internal penetration testing. There is no vulnerability or exploit to patch. Organizations should ensure that ADPathFinder and related tools are used only by authorized personnel within controlled environments. No specific remediation or patch is applicable. If unauthorized use is suspected, standard access control and monitoring measures should be enforced.
ADPathFinder
Description
ADPathFinder is an Active Directory attack path mapping and password auditing tool that integrates data from BloodHound collectors including SharpHound, MSSQLHound, and ConfigManBearPig. It automates the identification of privilege escalation paths across AD, ADCS, MSSQL, and SCCM by querying combined graph data, grouping related paths, and producing detailed reports. The tool also enhances password audits by contextualizing cracked passwords with BloodHound graph data, highlighting risks based on account privileges and group memberships. ADPathFinder is intended for use in internal penetration testing engagements to efficiently identify complex attack paths and password weaknesses.
Reddit Discussion
I'm incredibly proud to announce the public release of ADPathFinder, an Active Directory attack path mapping tool that works directly with BloodHound collectors. It's the first tool of its type to produce detailed attack mapping across SharpHound and OpenGraph collectors — including MSSQLHound and ConfigManBearPig (SCCM). This enables testers to get the most out of BloodHound for the least amount of effort! It also produces an in-depth password audit, covering password reuse, weak patterns, Kerberoastable accounts, and much more - filtering out disabled accounts by default. Check out the blog, contributors very welcome.
Links cited in this discussion
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
ADPathFinder is a tool designed to map privilege escalation paths within Active Directory environments by combining data from multiple BloodHound collectors (SharpHound, MSSQLHound, ConfigManBearPig) into a unified graph. It identifies shortest paths from low-privileged accounts to high-value targets such as Domain Admins and Domain Controllers, including cross-dataset paths involving AD, ADCS, MSSQL, and SCCM. The tool groups users and computers sharing the same attack paths to reduce duplicate findings and prioritizes paths by severity. Additionally, ADPathFinder performs password audits using cracked NTDS and hashcat results, enriched with BloodHound context to assess password reuse, weak patterns, and roastable accounts. It produces detailed HTML and JSON reports with attack graphs and PowerShell commands for validation. The tool is intended for internal network penetration testing and requires BloodHound CE and Neo4j to operate.
Potential Impact
ADPathFinder itself is a security assessment tool rather than a vulnerability or exploit. Its impact lies in enabling penetration testers and red teams to more efficiently discover and prioritize complex Active Directory attack paths and password weaknesses that could be exploited by adversaries. By automating the correlation of multiple data sources and contextualizing password audit results, it improves the accuracy and speed of internal security assessments. There are no known exploits or malicious use cases inherent to ADPathFinder; it is a legitimate tool for authorized security testing.
Mitigation Recommendations
This is a security assessment tool designed for authorized internal penetration testing. There is no vulnerability or exploit to patch. Organizations should ensure that ADPathFinder and related tools are used only by authorized personnel within controlled environments. No specific remediation or patch is applicable. If unauthorized use is suspected, standard access control and monitoring measures should be enforced.
Technical Details
- Source Type
- Subreddit
- cybersecurity
- Reddit Score
- 0
- Discussion Level
- minimal
- Content Source
- reddit_link_post
- Post Type
- link
- Domain
- null
- Newsworthiness Assessment
- {"score":27,"reasons":["external_link","established_author","very_recent"],"isNewsworthy":true,"foundNewsworthy":[],"foundNonNewsworthy":[]}
- Has External Source
- true
- Trusted Domain
- false
Threat ID: 6a578be768715ace43ccce4c
Added to database: 07/15/2026, 13:32:23 UTC
Last enriched: 07/15/2026, 13:32:42 UTC
Last updated: 07/15/2026, 14:47:25 UTC
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.