MCP.so
Sign In
Servers

BloodHound-MCP

@MorDavid

BloodHound-MCP-AI is integration that connects BloodHound with AI through Model Context Protocol, allowing security professionals to analyze Active Directory attack paths using natural language instead of complex Cypher queries.

Overview

What is BloodHound-MCP?

BloodHound-MCP is a Model Context Protocol (MCP) server that connects AI assistants to BloodHound, the industry-standard tool for Active Directory security analysis. It lets security professionals query BloodHound data and explore AD attack paths using natural language instead of manual Cypher queries.

How to use BloodHound-MCP?

Clone the repository, install dependencies with pip install -r requirements.txt, then configure the MCP server by setting the BLOODHOUND_URI, BLOODHOUND_USERNAME, and BLOODHOUND_PASSWORD environment variables. Once configured, you can ask natural-language questions about your Active Directory environment through any MCP-compatible client.

Key features of BloodHound-MCP

  • Natural-language interface for querying BloodHound data
  • Over 75 specialized tools based on original BloodHound CE Cypher queries
  • Domain structure mapping and privilege escalation path analysis
  • Kerberos security issue detection (Kerberoasting, AS-REP Roasting)
  • Certificate services vulnerability identification
  • NTLM relay attack vector discovery

Use cases of BloodHound-MCP

  • Show all attack paths from kerberoastable users to Domain Admins
  • Find computers where Domain Users have local admin rights
  • Identify Domain Controllers vulnerable to NTLM relay attacks
  • Map all Active Directory certificate services vulnerabilities
  • Generate comprehensive security reports for a domain

FAQ from BloodHound-MCP

What prerequisites are needed?

BloodHound 4.x+ with data collected from an Active Directory environment, a Neo4j database loaded with BloodHound data, Python 3.8 or higher, and an MCP client.

How do I configure the server connection?

Set the BLOODHOUND_URI, BLOODHOUND_USERNAME, and BLOODHOUND_PASSWORD environment variables in your MCP client configuration (default URI is bolt://localhost:7687).

Is this an official Anthropic product?

No. BloodHound-MCP is a community-driven integration between BloodHound and MCP, not an official Anthropic product.

What kind of queries can I ask?

You can ask natural-language questions about Active Directory attack paths, privilege escalation, Kerberos issues, certificate services vulnerabilities, delegation abuse, AD hygiene, and more.

What license is this project under?

This project is licensed under the MIT License.

Tags

More from Other