Script to mark hosts as vulnerable in Bloodhound.

markvulnerable.py

#!/usr/bin/python
import sys, json, urllib, urllib2

#Define the Bloodhound Database
url = 'http://bloodhound-server:7474/db/data/cypher/'
#Define the Bloodhound Credentials
#echo neo4j:bloodhound | base64
base64auth = 'bmVvNGo6Ymxvb2Rob3VuZA=='

request = urllib2.Request(url)

#Parse the Command Line for the ComputerName to Search For

if len(sys.argv) == 2:
  computername = sys.argv[1].upper()
else:
  print "Requires one parameter"
  sys.exit(1)

#Build our Query. Auth Header is base64 username:password, neo4j:bloodhound
data = '''{ "query" : "MATCH (n:Computer) WHERE n.name STARTS WITH \'''' + computername + '''\' RETURN n"}'''
request.add_header('Authorization','Basic ' + base64auth)
request.add_header('Content-Type','application/json')

#Make our query to verify the computer name, Get the Results
response = urllib2.urlopen(request,data)
txtresponse = response.read()
json_obj = json.loads(txtresponse)

if len(json_obj['data']) < 1:
  print "No Match for Name " + computername
  sys.exit(1)
elif len(json_obj['data']) > 1:
  print "Too Many Computer Matches for Name " + computername
  sys.exit(1)
else:
  for rows in json_obj['data']:
    computername = rows[0]['data']['name']

#Get rid of all of our variables
data = ''
txtresponse = ''
request = ''
#--------------------------------------------

#Rebuild our request
request = urllib2.Request(url)

#Build our real query using the full computer name 
data = '''{ "query" : "MATCH (n:Computer) WHERE n.name=\'''' + computername + '''\' SET n.vulnerable=TRUE RETURN n.name"}'''

#Make our Query for computers, Get the Results
request.add_header('Authorization','Basic ' + base64auth)
request.add_header('Content-Type','application/json')
response = urllib2.urlopen(request,data)

txtresponse = response.read()
json_obj = json.loads(txtresponse)
#print json_obj

for rows in json_obj['data']:
  computername = rows[0]

print "Marked " + computername + " as vulnerable"