Active Directory Attack Path Analysis Platform
ShadowPath is a desktop cybersecurity application inspired by BloodHound that analyzes Active Directory environments to identify privilege escalation paths, assess security risks, map findings to the MITRE ATT&CK framework, and generate professional security reports.
Built with Python and PyQt6, ShadowPath supports both an interactive desktop GUI and a command-line interface for performing Active Directory security assessments.
- Active Directory relationship parsing
- LDAP-based Active Directory data collection
- Relationship graph construction
- Attack path discovery
- Risk scoring engine
- MITRE ATT&CK technique mapping
- Interactive attack graph visualization
- Executive security dashboard
- Professional PDF report generation
- Desktop GUI and Command-Line Interface (CLI)
Screenshots will be added soon.
┌──────────────────────────┐
│ LDAP Collector │
└─────────────┬────────────┘
│
▼
┌──────────────────────────┐
│ Relationship Builder │
└─────────────┬────────────┘
│
▼
┌──────────────────────────┐
│ Attack Graph │
└─────────────┬────────────┘
│
▼
┌──────────────────────────┐
│ Attack Path Discovery │
└─────────────┬────────────┘
│
▼
┌──────────────────────────┐
│ Risk Engine │
└─────────────┬────────────┘
│
▼
┌──────────────────────────┐
│ MITRE ATT&CK Mapping │
└─────────────┬────────────┘
│
▼
┌──────────────────────────┐
│ Actionable Security │
│ Intelligence │
└──────────────────────────┘
- Python
- PyQt6
- NetworkX
- LDAP3
- ReportLab
- Matplotlib
ShadowPath/
│
├── data/
│ └── sample_domain.json # Sample Active Directory dataset
│
├── reports/ # Generated PDF security reports
│
├── src/
│ │
│ ├── ad/ # Active Directory collection & parsing
│ │ ├── ldap_collector.py
│ │ ├── relationship_builder.py
│ │ └── ad_models.py
│ │
│ ├── analysis/ # Security analysis engines
│ │ ├── attack_paths.py
│ │ ├── attack_simulator.py
│ │ ├── risk_engine.py
│ │ ├── mitigation_engine.py
│ │ ├── intelligence_engine.py
│ │ ├── mitre_engine.py
│ │ ├── report_generator.py
│ │ └── security_summary.py
│ │
│ ├── core/ # Graph construction & data models
│ │ ├── graph_builder.py
│ │ ├── parser.py
│ │ └── models.py
│ │
│ ├── engine/ # Main orchestration engine
│ │ ├── engine.py
│ │ └── models.py
│ │
│ ├── gui/ # PyQt6 desktop interface
│ │ ├── pages/
│ │ ├── widgets/
│ │ └── workers/
│ │
│ ├── ui/ # Dashboard framework & reusable UI components
│ │ ├── dashboard/
│ │ └── framework/
│ │
│ ├── visualization/ # Attack graph visualization
│ │ └── graph_visualizer.py
│ │
│ └── main.py # Application entry point
│
├── requirements.txt
├── README.md
└── .gitignore
ShadowPath provides multiple execution modes to support interactive analysis, automation, and realistic Active Directory security simulations.
Interactive PyQt6 desktop application for visualizing attack paths, assessing Active Directory security posture, exploring MITRE ATT&CK mappings, and generating executive security reports.
Lightweight terminal interface for rapid security assessments, automation, console-based analysis, and professional PDF report generation.
Analyze realistic enterprise Active Directory environments using built-in security profiles that simulate organizations with varying security postures and attack surfaces.
Planned enhancements include:
- Multiple built-in Active Directory scan profiles
- Live LDAP environment scanning
- Custom JSON profile imports
- Enhanced attack graph interaction
- Enterprise-scale Active Directory simulations
Clone the repository:
git clone https://github.com/Siri-Bharadwaj-R/ShadowPath.gitNavigate into the project:
cd ShadowPathInstall the required dependencies:
pip install -r requirements.txtShadowPath can be launched in either graphical or command-line mode.
python -m src.gui.apppython -m src.main --cliShadowPath is inspired by Microsoft's Active Directory security model and the concepts introduced by BloodHound for attack path analysis. It is an educational and portfolio project designed to demonstrate Active Directory security analysis techniques.