Collect infrastructure and permissions data from vCenter and export it as a BloodHound‑compatible graph using Custom Nodes/Edges.

vCenterHound connects to one or more vCenters, collects infrastructure entities (Datacenter/Cluster/Host/VM/Network/Datastore, etc.) and permissions (Roles/Users/Groups/Assignments), then builds a BloodHound‑compatible JSON graph with Custom Nodes/Edges. The model.json file provides icons and styles for these custom kinds.

• Infrastructure: Datacenters, Clusters, ESXi Hosts, Resource Pools, VMs, Datastores, Networks, Folders
• Permissions: Roles, Privileges, Users, Groups, Permission Assignments (with role details), and Group Memberships

The resulting graph can be imported into BloodHound (with Custom Nodes/Edges support) to investigate infrastructure relationships and permission paths.

Requirements: Python 3.8+

Install dependencies:

pip3 install pyvmomi
pip3 install requests

The model.json file defines icons/styles for all custom kinds. Upload it to BloodHound via API using update_custom_nodes_to_bloodhound.py.

Authenticate and upload:

python update_custom_nodes_to_bloodhound.py -s https://bloodhound.example.com -u [email protected] -p "Password!" -m model.json

Basic run:

python vCenterHound.py -s vc.example.com -u [email protected] -p "Password!"

Multiple vCenters (comma‑separated):

python vCenterHound.py -s vc1.example.com,vc2.example.com -u administrator -p pass

Custom output file:

python vCenterHound.py -s vc.example.com -u admin -p pass -o custom_graph.json

CLI flags:

• -s/--server: vCenter server(s) (required; comma‑separated supported)
• -u/--user: username (required)
• -p/--password: password (required)
• -P/--port: default 443
• -o/--output: default vcenter_graph.json
• -v/--verbose: enable DEBUG logging

All kinds are prefixed with vCenter_ (see model.json). Key mappings below.

• vCenter_VCenter - props: name
• vCenter_RootFolder - name, moid
• vCenter_Datacenter - name, moid
• vCenter_Cluster - name, moid, totalCpu, totalMemory, numHosts, numCpuCores, numCpuThreads, effectiveCpu, effectiveMemory, drsEnabled, haEnabled
• vCenter_ESXiHost - name, moid, vendor, model, cpuModel, numCpuCores, numCpuThreads, cpuMhz, memorySize, version, build, connectionState, powerState, inMaintenanceMode, isStandalone?
• vCenter_ResourcePool - name, moid
• vCenter_VM - name, moid, powerState, connectionState, bootTime, hostName, guestFullName, guestId, version, uuid, isTemplate, numCPU, numCoresPerSocket, memoryMB, toolsStatus, toolsVersion, ipAddresses[], macAddresses[], storageCommitted, storageUncommitted, storageTotalUsed
• vCenter_Datastore - name, moid
• vCenter_Network - name, moid, type
• vCenter_User - name, domain, username, isGroup=false
• vCenter_Group - name, domain, username, isGroup=true
• vCenter_Role - roleId, name, privilegeCount, privilegeGroups[]
• vCenter_Privilege - privilegeId, name, group
• vCenter_Folder - name, moid

Kinds present in model.json but not currently emitted by code: vCenter_Principal, vCenter_IdentityDomain, vCenter_StandardPortgroup, vCenter_DatastoreCluster, vCenter_DVSwitch, vCenter_DVPortgroup, vCenter_vApp.

• vCenter_Contains - general hierarchy. Examples: VCenter → RootFolder → Datacenter → Cluster → ESXiHost/ResourcePool/Network/Datastore. Props: none.
• vCenter_Hosts - ESXiHost → VM. Props: none.
• vCenter_UsesDatastore - VM → Datastore. Props: none.
• vCenter_UsesNetwork - VM → Network. Props: none.
• vCenter_HasPermission - User/Group → Entity (direct permission assignment). Props: roleId, roleName, propagate, privilegeIds[], privilegeNames[], privilegeGroups[], privilegeCount.
• vCenter_HasPrivilege - Role → Privilege. Props: none.
• vCenter_MemberOf - User/Group → Group (nested group membership). Props: none.

Edge kinds present in model.json but not currently emitted by code: vCenter_Mounts, vCenter_HasDatastore, vCenter_HasNetwork, vCenter_HasRole, vCenter_AssignedTo.

• Create edges from User (Active Directory) to vCenter_User

Mor David - Offensive Security Specialist & AI Security Researcher

I specialize in offensive security with a focus on integrating Artificial Intelligence and Large Language Models (LLM) into penetration testing workflows. My expertise combines traditional red team techniques with cutting‑edge AI technologies to develop next‑generation security tools.

• X (Twitter): x.com/m0rd4vid
• LinkedIn: linkedin.com/in/mor-david-cyber
• Website: www.mordavid.com