Hackles is a security assessment tool designed for authorized penetration testing and security research. It queries BloodHound Community Edition's Neo4j database to identify Active Directory misconfigurations and attack paths.

This tool is intended for:

• Authorized penetration testers
• Security researchers
• Red team operators
• System administrators auditing their own environments

If you discover a security vulnerability in Hackles, please report it responsibly:

1. Do not open a public GitHub issue for security vulnerabilities
2. Open a private security advisory at GitHub Security Advisories
3. Alternatively, contact the maintainer via GitHub: @Real-Fruit-Snacks
4. Include steps to reproduce the issue
5. Allow reasonable time for a fix before public disclosure

• Never commit Neo4j credentials to version control
• Use environment variables for sensitive values:

  export NEO4J_PASSWORD="your-password"
  python -m hackles -p "$NEO4J_PASSWORD" -a

• Hackles connects to Neo4j over the Bolt protocol (default port 7687)
• Ensure your Neo4j instance is not exposed to untrusted networks
• Use TLS/SSL for production Neo4j deployments

• Query results may contain sensitive Active Directory information
• Protect output files (JSON, CSV, HTML reports) appropriately
• Do not share BloodHound data without authorization

This tool is provided for legitimate security testing purposes only. Users are responsible for:

• Obtaining proper authorization before testing
• Complying with all applicable laws and regulations
• Following their organization's security policies
• Protecting any sensitive data discovered during assessments