dirkjanm python ingestor writes out fields without LocalAdmins, RemoteDesktopUsers, DcomUsers, PSRemoteUsers if there was no connection to hosts. Legacy Neo4j cannot process such file. Script fixes it.

fix_py_bloodhound_ingestor.py

# https://github.com/dirkjanm/BloodHound.py
# this ingestor writes out fields without LocalAdmins, RemoteDesktopUsers, DcomUsers, PSRemoteUsers if there was no connection to hosts. 
# Legacy Neo4j cannot process such file. Script fixes it.

import json
import argparse
import sys

def update_json(input_file, output_file):
    # Fields to add
    new_fields = {
        "LocalAdmins": {
            "Results": [],
            "Collected": False,
            "FailureReason": None
        },
        "RemoteDesktopUsers": {
            "Results": [],
            "Collected": False,
            "FailureReason": None
        },
        "DcomUsers": {
            "Results": [],
            "Collected": False,
            "FailureReason": None
        },
        "PSRemoteUsers": {
            "Results": [],
            "Collected": False,
            "FailureReason": None
        }
    }

    try:
        # Read JSON file
        with open(input_file, 'r', encoding='utf-8') as file:
            data = json.load(file)

        # Check if 'data' key exists
        if 'data' not in data:
            print("Error: Missing 'data' key in JSON")
            sys.exit(1)

        # Statistics counters
        stats = {
            "LocalAdmins_added": 0,
            "RemoteDesktopUsers_added": 0,
            "DcomUsers_added": 0,
            "PSRemoteUsers_added": 0,
            "total_items": len(data['data'])
        }

        # Update each item in data array
        for item in data['data']:
            # Check each field separately
            if "LocalAdmins" not in item:
                item["LocalAdmins"] = new_fields["LocalAdmins"]
                stats["LocalAdmins_added"] += 1
            
            if "RemoteDesktopUsers" not in item:
                item["RemoteDesktopUsers"] = new_fields["RemoteDesktopUsers"]
                stats["RemoteDesktopUsers_added"] += 1
            
            if "DcomUsers" not in item:
                item["DcomUsers"] = new_fields["DcomUsers"]
                stats["DcomUsers_added"] += 1
            
            if "PSRemoteUsers" not in item:
                item["PSRemoteUsers"] = new_fields["PSRemoteUsers"]
                stats["PSRemoteUsers_added"] += 1

        # Write updated JSON to file
        with open(output_file, 'w', encoding='utf-8') as file:
            json.dump(data, file, indent=2, ensure_ascii=False)

        # Print statistics
        print(f"Processing completed successfully:")
        print(f"- Input file: {input_file}")
        print(f"- Output file: {output_file}")
        print(f"- Total items processed: {stats['total_items']}")
        print(f"- Fields added:")
        print(f"  * LocalAdmins: {stats['LocalAdmins_added']}")
        print(f"  * RemoteDesktopUsers: {stats['RemoteDesktopUsers_added']}")
        print(f"  * DcomUsers: {stats['DcomUsers_added']}")
        print(f"  * PSRemoteUsers: {stats['PSRemoteUsers_added']}")

    except FileNotFoundError:
        print(f"Error: File {input_file} not found")
        sys.exit(1)
    except json.JSONDecodeError:
        print(f"Error: File {input_file} contains invalid JSON")
        sys.exit(1)
    except Exception as e:
        print(f"Error occurred: {str(e)}")
        sys.exit(1)

def main():
    # Create argument parser
    parser = argparse.ArgumentParser(description='Update JSON file with new fields')
    parser.add_argument('-i', '--input', required=True, help='Input JSON file')
    parser.add_argument('-o', '--output', required=True, help='Output JSON file')

    # Parse arguments
    args = parser.parse_args()

    # Run update
    update_json(args.input, args.output)

if __name__ == "__main__":
    main()