Issue when generate report

[Smithds90]

Describe the bug il try generate default report "D-miner -c -cf My_Report -u neo4j -p *****" And met some issue.....

Terminal Output

[1/111] [+]From cache : Delete orphan objects that have no labels - 0 objects
[2/111] [+]From cache : Clean AD Miner custom attributes - 0 objects
[3/111] [+]From cache : Delete objects for which SID could not resolved - 0 objects
[4/111] [+]From cache : Set domain names to upper case when not the case - 0 objects
[5/111] [+]From cache : Clean AD Miner custom relations - 0 objects
[6/111] [+]From cache : Set is_server=TRUE to computers for which operatingsystem contains Server) - 0 objects
[7/111] [+]From cache : Set is_server=FALSE to other computers ) - 0 objects
[8/111] [+]From cache : Set dc=TRUE to computers that are domain controllers) - 0 objects
[9/111] [+]From cache : Set dc=FALSE to computers that are not domain controllers) - 0 objects
[10/111] [+]From cache : ADD CanExtractDCSecrets relation from BACKUP OPERATORS OR SERVER OPERATORS groups to DCs of same domain - 0 objects
[11/111] [+]From cache : ADD UnconstrainedDelegations relation from objects with KUD to the corresponding domain - 0 objects
[12/111] [+]From cache : Set is_adminsdholder to Container with AdminSDHOLDER in name - 0 objects
[13/111] [+]From cache : Set is_dnsadmin to Group with DNSAdmins in name - 0 objects
[14/111] [+]From cache : ADD CanLoadCode relation from PRINT OPERATORS groups to DCs of same domain - 0 objects
[15/111] [+]From cache : ADD CanLogOnLocallyOnDC relation from ACCOUNT OPERATORS groups to DCs of same domain - 0 objects
[16/111] [+]From cache : Set da=TRUE to users that are domain admins or administrators or enterprise admin - 0 objects
[17/111] [+]From cache : Set the da type (domain, enterprise, key or builtin) - 0 objects
[18/111] [+]From cache : Set da=TRUE to groups that are domain admins or administrators or enterprise admin - 0 objects
[19/111] [+]From cache : Set the da type (domain, enterprise, key or builtin) - 0 objects
[20/111] [+]From cache : Set da=TRUE to groups that are domain admins or administrators or enterprise admin - 0 objects
[21/111] [+]From cache : Set the da type (domain, enterprise, key or builtin) - 0 objects
[22/111] [+]From cache : Set dag=TRUE to the exact domain admin group (end with 512) - 0 objects
[23/111] [+]From cache : Set is_da=FALSE to all objects that do not have is_da=TRUE - 0 objects
[24/111] [+]From cache : Set is_dag=FALSE to all objects that do not have is_da=TRUE - 0 objects
[25/111] [+]From cache : Delete AdminTo edges from non-DA to DC - 0 objects
[26/111] [+]From cache : Set is_group_operator to Operator Groups (cf: ACCOUNT OPERATORS, SERVER OPERATORS, BACKUP OPERATORS, PRINT OPERATORS) - 0 objects
[27/111] [+]From cache : Set is_operator_member to objects member of Operator Groups (cf: ACCOUNT OPERATORS, SERVER OPERATORS, BACKUP OPERATORS, PRINT OPERATORS) - 0 objects
[28/111] [+]From cache : Set dcsync=TRUE to nodes that can DCSync (GetChanges/GetChangesAll) - 0 objects
[29/111] [+]From cache : Set dcsync=TRUE to nodes that can DCSync (GenericAll/AllExtendedRights) - 0 objects
[30/111] [+]From cache : Get list of objects that can DCsync (and should probably not be to) - 0 objects
[31/111] [+]From cache : Set path_candidate=TRUE to candidates eligible to shortestPath to DA - 0 objects
[32/111] [+]From cache : Set ou_candidate=TRUE to candidates eligible to shortestou to DA - 0 objects
[33/111] [+]From cache : Set contains_da_dc=TRUE to all objects that contains a domain administrator - 0 objects
[34/111] [+]From cache : Set contains_da_dc=TRUE to all objects that contains a domain controller - 0 objects
[35/111] [+]From cache : Set is_da_dc=TRUE to all objects that are domain controller or domain admins - 0 objects
[36/111] [+]From cache : Set members_count to groups (recursivity = 5) - 0 objects
[37/111] [+]From cache : Set has_member=True to groups with member, else false  - 0 objects
[38/111] [+]From cache : Set the count of links/object where the GPO is applied - 0 objects
[39/111] [+]From cache : Set has_links=True to GPOs with links, else false  - 0 objects
[40/111] [+]From cache : Set is_adcs to ADCS servers - 0 objects
[41/111] [+]From cache : Set groups which are direct admins of computers - 0 objects
[42/111] [+]From cache : 1 - Set groups which are indirect admins of computers, ie. admins of admin groups (see precedent request) - 0 objects
[43/111] [+]From cache : 2 - Set groups which are indirect admins of computers, ie. admins of admin groups (see precedent request) - 0 objects
[44/111] [+]From cache : 3 - Set groups which are indirect admins of computers, ie. admins of admin groups (see precedent request) - 0 objects
[45/111] [+]From cache : 4 - Set groups which are indirect admins of computers, ie. admins of admin groups (see precedent request) - 0 objects
[46/111] [+]From cache : Count number of domains collected - 0 objects
[47/111] [+]From cache : Count number of users in group - 0 objects
[48/111] [+]From cache : Returns all users member of an admin group - 0 objects
[49/111] [+]From cache : Returns all groups member of an admin group - 0 objects
[50/111] [+]From cache : Returns all computers administrated by an admin group - 0 objects
[51/111] [+]From cache : Return direct admin users - 0 objects
[52/111] [+]From cache : Set ghost_computer=TRUE to computers that did not login for more than 90 days - 0 objects
[53/111] [+]From cache : List of domains - 0 objects
[54/111] [+]From cache : Number of domain controllers - 0 objects
[55/111] [+]From cache : Domain Organisational Units - 0 objects
[56/111] [+]From cache : Non privileged users that can impersonate privileged users - 0 objects
[57/111] [+]Requesting : Non privileged users that can be impersonated by non privileged users
[!]list index out of range
[!]Traceback (most recent call last):
  File "/home/kali/.local/pipx/venvs/ad-miner/lib/python3.11/site-packages/ad_miner/__main__.py", line 76, in populate_data_and_cache
    neo4j.process_request(neo4j, request_key)
  File "/home/kali/.local/pipx/venvs/ad-miner/lib/python3.11/site-packages/ad_miner/sources/modules/neo4j_class.py", line 233, in process_request
    scopeSize = tx.run(scopeQuery).value()[0]
                ~~~~~~~~~~~~~~~~~~~~~~~~~~^^^
IndexError: list index out of range

[58/111] [+]From cache : Number of domain accounts enabled - 0 objects
[59/111] [+]From cache : Number of groups - 0 objects
[60/111] [+]From cache : Number of computers - 0 objects
[61/111] [+]From cache : Computers not connected since - 0 objects
[62/111] [+]From cache : Number of domain admin accounts - 0 objects
[63/111] [+]From cache : Number of OS - 0 objects
[64/111] [+]From cache : Kerberos password last change in days - 0 objects
[65/111] [+]From cache : Number of Kerberoastable accounts - 0 objects
[66/111] [+]From cache : Number of AS-REP Roastable accounts - 0 objects
[67/111] [+]From cache : Number of machines with unconstrained delegations - 0 objects
[68/111] [+]From cache : Number of users with unconstrained delegations - 0 objects
[69/111] [+]From cache : Number of users with constrained delegations - 0 objects
[70/111] [+]From cache : Dormant accounts - 0 objects
[71/111] [+]From cache : Password last change in days - 0 objects
[72/111] [+]From cache : Number of accounts where password cleartext password is populated - 0 objects
[73/111] [+]From cache : Number of accounts where password is not required - 0 objects
[74/111] [+]From cache : N objects have AdminSDHolder - 0 objects
[75/111] [+]From cache : Password never expired - 0 objects
[76/111] [+]From cache : High privilege group computer member - 0 objects
[77/111] [+]From cache : Objects with path to DA - 0 objects
[78/111] [+]From cache : Objects with path to ADCS servers - 0 objects
[79/111] [+]From cache : Users admin on machines - 0 objects
[80/111] [+]From cache : Users admin on servers n°1 - 0 objects
[81/111] [+]From cache : Users admin on servers n°2 - 0 objects
[82/111] [+]From cache : Number of computers admin of computers - 0 objects
[83/111] [+]From cache : Domain map trust - 0 objects
[84/111] [+]From cache : Object with path to non-DC computers with unconstrained delegations  - 0 objects
[85/111] [+]From cache : Objects with paths to users that have unconstrained delegations  - 0 objects
[86/111] [+]From cache : Number of computers with laps - 0 objects
[87/111] [+]From cache : Objects allowed to read LAPS - 0 objects
[88/111] [+]From cache : Objects to dcsync - 0 objects
[89/111] [+]From cache : Domain admin with session on non DC computers - 0 objects
[90/111] [+]From cache : Unprivileged users with path to DNSAdmins - 0 objects
[91/111] [+]From cache : Users with RDP-access to Computers  - 0 objects
[92/111] [+]From cache : Non-domain admins that can directly or indirectly impersonate a Domain Controller  - 0 objects
[93/111] [+]From cache : RBCD attacks - 0 objects
[94/111] [+]From cache : Builds RBCD attack path graph and sets is_rbcd_target attribute  - 0 objects
[95/111] [+]From cache : Builds RBCD targets to DA paths - 0 objects
[96/111] [+]From cache : paths to objects that can link a gpo on an OU - 0 objects
[97/111] [+]From cache : Insufficient forest and domains functional levels. According to ANSSI (on a scale from 1 to 5, 5 being the better): the security level is at 1 if functional level (FL) <= Windows 2008 R2, at 3 if FL <= Windows 2012R2, at 4 if FL <= Windows 2016 / 2019 / 2022. - 0 objects
[98/111] [+]From cache : Accounts or groups with unexpected SID history - 0 objects
[99/111] [+]From cache : Objects allowed to read the GMSA of objects with admincount=True - 0 objects
[100/111] [+]From cache : Unprivileged users with path to an Operator Member - 0 objects
[101/111] [+]From cache : Dangerous permissions on the adminSDHolder object - 0 objects
[102/111] [+]From cache : Paths between two domain admins belonging to different domains - 0 objects
[103/111] [+]From cache : group_anomaly_acl - 0 objects
[104/111] [+]From cache : Returns empty groups - 0 objects
[105/111] [+]From cache : Returns empty ous - 0 objects
[106/111] [+]From cache : Objects that have a SID History - 0 objects
[107/111] [+]From cache : Initialization request for GPOs [WARNING: If this query is too slow, you can use --gpo_low] - 0 objects
[108/111] [+]From cache : Compromisable GPOs to users (enforced) - 0 objects
[109/111] [+]From cache : Compromisable GPOs to users (not enforced) - 0 objects
[110/111] [+]From cache : Compromisable GPOs to computers (enforced) - 0 objects
[111/111] [+]From cache : Compromisable GPOs to computers (not enforced) - 0 objects
[+]Requests finished !
[+]Computing domains objects
[+]Generate paths to objects that can GPLink GPOs on OUs
[+]Split objects into types...
[+][Done]
[+]Generate paths to unconstrained delegations
[+]Generating path to unconstrained 2nd phase ????
Traceback (most recent call last):
  File "/home/kali/.local/bin/AD-miner", line 8, in <module>
    sys.exit(main())
             ^^^^^^
  File "/home/kali/.local/pipx/venvs/ad-miner/lib/python3.11/site-packages/ad_miner/__main__.py", line 171, in main
    domains = Domains(arguments, neo4j)
              ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/kali/.local/pipx/venvs/ad-miner/lib/python3.11/site-packages/ad_miner/sources/modules/domains.py", line 243, in __init__
    self.genDAPage()
  File "/home/kali/.local/pipx/venvs/ad-miner/lib/python3.11/site-packages/ad_miner/sources/modules/domains.py", line 390, in genDAPage
    self.max_da_per_domain = max(count_da.values())
                             ^^^^^^^^^^^^^^^^^^^^^^
ValueError: max() arg is an empty sequence

Screenshots System information

• OS NAME="Kali GNU/Linux" VERSION_ID="2023.3" VERSION="2023.3" VERSION_CODENAME=kali-rolling

• Python version 3.11.5

[jmbesnard]

Hi,

Since no objects are returned by any queries, can you confirm that you have populated your neo4j database with BloodHound ? Because it looks there is no data in your DB

[Smithds90]

@jmbesnard, screenshot from bloodhound

[jmbesnard]

Thanks for providing this. And so you are positive that you are connecting to the very same database ? Feel free to join our Discord to discuss this further

[jmbesnard]

Closing following discord discussion..... (AD Miner was not the issue)