BloodHound OpenGraph exporter for mfpandas RACF data
Project description
mfpandas-racfhound
Transforms a parsed mfpandas IRRDBU00 object into BloodHound OpenGraph JSON for RACF attack path analysis.
Installation
pip install mfpandas-racfhound
Requires Python 3.10+ and mfpandas.
Usage
Parse your IRRDBU00 unload with mfpandas, then pass it to to_bloodhound:
import time
from mfpandas import IRRDBU00
from mfpandas_racfhound import to_bloodhound
racf = IRRDBU00(irrdbu00="/path/to/irrdbu00.dump")
racf.parse()
while racf._state < IRRDBU00.STATE_READY:
time.sleep(0.1)
graph = to_bloodhound(
racf,
apf_libs={"SYS1.LINKLIB", "SYS1.SVCLIB"},
parmlib_datasets={"SYS1.PARMLIB"},
proclib_datasets={"SYS1.PROCLIB"},
)
to_bloodhound returns a dict ready for upload to the BloodHound API:
{
"graph": {
"nodes": [...],
"edges": [...]
}
}
Parameters
| Parameter | Type | Description |
|---|---|---|
racf |
mfpandas.IRRDBU00 |
Parsed IRRDBU00 instance |
apf_libs |
set[str] |
APF library DSNs (uppercase). Used to resolve generic dataset profiles to concrete APF libraries. |
parmlib_datasets |
set[str] |
PARMLIB dataset DSNs |
proclib_datasets |
set[str] |
PROCLIB dataset DSNs |
All DSN sets are optional and default to empty. Without them, generic profile resolution against APF/PARMLIB/PROCLIB libraries is skipped.
Writing output to a file
import json
with open("racf_opengraph.json", "w") as f:
json.dump(graph, f)
Uploading to BloodHound
import httpx
resp = httpx.post(
"https://<bloodhound-host>/api/v2/graphs/upload",
headers={"Authorization": f"Bearer {token}"},
json=graph,
)
resp.raise_for_status()
mfpandas integration
mfpandas-racfhound can be wired into the mfpandas.IRRDBU00 class as an optional plugin, exposing racf.to_bloodhound() directly without making it a hard dependency:
# In mfpandas IRRDBU00 class:
def to_bloodhound(self, **kwargs):
try:
from mfpandas_racfhound import to_bloodhound
return to_bloodhound(self, **kwargs)
except ImportError:
raise ImportError("Install mfpandas-racfhound for BloodHound export support")
Once wired up, users can call:
graph = racf.to_bloodhound(apf_libs={"SYS1.LINKLIB"})
Running tests
pip install pytest
pytest
The test suite uses a self-contained fixture dump built from raw IRRDBU00 records — no external files or mainframe access required.
To run a specific test file:
pytest tests/test_generics.py # wildcard matching and specificity unit tests
pytest tests/test_integration.py # end-to-end graph output tests
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file mfpandas_racfhound-0.1.0.tar.gz.
File metadata
- Download URL: mfpandas_racfhound-0.1.0.tar.gz
- Upload date:
- Size: 15.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
1e04892e92917b5f9720be0198bfb42b179a40bbc6705cfc9059fb591dd9b817
|
|
| MD5 |
73106f56df0f78bb79ea7b1625996c12
|
|
| BLAKE2b-256 |
50d668d4d7dc2490297f5291d2ebfc42f97aec809db93720ed853880b20a83bd
|
File details
Details for the file mfpandas_racfhound-0.1.0-py3-none-any.whl.
File metadata
- Download URL: mfpandas_racfhound-0.1.0-py3-none-any.whl
- Upload date:
- Size: 11.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
b640772d47fe8be3ff873f1875225af48320427920709cf0b820f8b27019cb01
|
|
| MD5 |
37fa2415f8ee14f35dbdc0f09596abb9
|
|
| BLAKE2b-256 |
19d89944745b64303d0bf421016ebd695fb811dc6759a2533b1f3e409c5883ff
|
