Bloodbornepkg Updated May 2026

This article breaks down exactly what the bloodbornepkg update entails, why it matters for your next engagement, and how to mitigate breaking changes. Before analyzing the update , we must distinguish the packages. The official BloodHound GUI and the C# ingestor (SharpHound) are maintained by SpecterOps. However, bloodbornepkg is the PyPI package that installs bloodhound.py , originally authored by Fox-IT (part of NCC Group).

Whether you are mapping a path to Domain Admin or hardening your AD environment, update your tooling, update your detections, and always— always —test in a lab first. Stay sharp. The paths are waiting. bloodbornepkg updated

After updating, always test with --help to review new flags like --disable-jsonl (reverts to old format) and --session-timeout (adjusts the new async session collector). This article breaks down exactly what the bloodbornepkg

For red teamers, blue teamers, and Active Directory (AD) forensic analysts, few tools have revolutionized privilege escalation auditing like BloodHound. At the heart of the data collection process lies the ingestor. However, for those operating in Python environments—specifically when dealing with restricted shells, Linux-based attack machines, or cross-platform C2 frameworks—the Python implementation known as bloodbornepkg (or simply bloodhound.py ) has been the go-to solution. However, bloodbornepkg is the PyPI package that installs

Note: Timed on a 2020 MacBook Pro (2.3 GHz i7) connecting to a remote DC over VPN. If you have automation scripts that rely on the old bloodhound.py output format, you have two paths forward. Quick Fix: Convert JSONL back to legacy JSON If you cannot update your parser immediately, use jq to reconstruct the legacy format:

This analysis was compiled by the AD Security Collective. For technical verification, refer to the official changelog at PyPI.org/project/bloodhound and the GitHub repository under NCC Group.

bloodhound.py -d CORP.LOCAL -u Administrator -p 'P@ssw0rd' --disable-jsonl -ns 10.10.10.1 The bloodbornepkg update is the most significant evolution of the Python BloodHound collector since its inception. By embracing JSONL, asynchronous LDAP, and native roasting, it bridges the gap between rapid Python prototyping and production-scale C# tooling.