Skip to main content

visualize

Interactive BloodHound graph explorer. Ingests SharpHound / BloodHound JSON exports and renders them as an interactive TUI or exports them as a Graphviz DOT document for SVG/PNG generation.

Usage

r4t visualize [path] [flags]

Flags

FlagShortDescription
--file-fSharpHound JSON or .zip file (repeatable)

Input Sources

Specify the BloodHound data in one of three ways: 
# Positional: a .zip archive of SharpHound output
r4t visualize BloodHound.zip

# Positional: a directory containing exported JSON files
r4t visualize /path/to/sharpHound/exports/

# Flags: individual JSON or .zip files
r4t visualize -f users.json -f groups.json -f computers.json

# No arguments: loads the built-in Contoso demo graph
r4t visualize

Modes

Terminal Mode (Interactive TUI)

When stdout is a terminal (i.e., not piped), R4t launches a full-screen interactive TUI. Features:
  • Attack path search — find shortest paths to Domain Admin and other high-value targets
  • Node browser — navigate users, groups, computers, and OUs
  • Vulnerability edge explorer — inspect ACL edges and privilege relationships
  • Live search — filter and search nodes in real time

Pipe Mode (DOT Export)

When stdout is redirected, R4t writes a Graphviz DOT document to stdout: 
# Generate SVG from BloodHound data
r4t visualize BloodHound.zip | dot -Tsvg -o graph.svg

# Generate PNG
r4t visualize BloodHound.zip | dot -Tpng -o graph.png

# Inspect raw DOT output
r4t visualize BloodHound.zip > graph.dot
This mode requires Graphviz (dot) to be installed for rendering.

Relationship to bloodhound collect

The typical workflow is: 
# 1. Collect BloodHound data
r4t bloodhound collect --zip -o ./bh/ dc01.corp.example.com

# 2. Visualize locally without needing a BloodHound server
r4t visualize ./bh/BloodHound.zip

# 3. Or export to SVG for reporting
r4t visualize ./bh/BloodHound.zip | dot -Tsvg -o attack-paths.svg