BloodHound-MCP
@MorDavid
About BloodHound-MCP
BloodHound-MCP-AI is integration that connects BloodHound with AI through Model Context Protocol, allowing security professionals to analyze Active Directory attack paths using natural language instead of complex Cypher queries.
Basic information
Config
Add this server to your MCP-compatible client using the configuration below.
{
"mcpServers": {
"BloodHound-MCP": {
"command": "python",
"args": [
"<Your_Path>\\BloodHound-MCP.py"
],
"env": {
"BLOODHOUND_URI": "bolt://localhost:7687",
"BLOODHOUND_USERNAME": "neo4j",
"BLOODHOUND_PASSWORD": "bloodhoundcommunityedition"
}
}
}
}Tools
No tools detected
We auto-extract tools from the README. The maintainer can list them under a ## Tools heading to populate this section.
Overview
What is BloodHound-MCP?
BloodHound-MCP is a Model Context Protocol (MCP) server that connects AI assistants to BloodHound, the industry-standard tool for Active Directory security analysis. It lets security professionals query BloodHound data and explore AD attack paths using natural language instead of manual Cypher queries.
How to use BloodHound-MCP?
Clone the repository, install dependencies with pip install -r requirements.txt, then configure the MCP server by setting the BLOODHOUND_URI, BLOODHOUND_USERNAME, and BLOODHOUND_PASSWORD environment variables. Once configured, you can ask natural-language questions about your Active Directory environment through any MCP-compatible client.
Key features of BloodHound-MCP
- Natural-language interface for querying BloodHound data
- Over 75 specialized tools based on original BloodHound CE Cypher queries
- Domain structure mapping and privilege escalation path analysis
- Kerberos security issue detection (Kerberoasting, AS-REP Roasting)
- Certificate services vulnerability identification
- NTLM relay attack vector discovery
Use cases of BloodHound-MCP
- Show all attack paths from kerberoastable users to Domain Admins
- Find computers where Domain Users have local admin rights
- Identify Domain Controllers vulnerable to NTLM relay attacks
- Map all Active Directory certificate services vulnerabilities
- Generate comprehensive security reports for a domain
FAQ from BloodHound-MCP
What prerequisites are needed?
BloodHound 4.x+ with data collected from an Active Directory environment, a Neo4j database loaded with BloodHound data, Python 3.8 or higher, and an MCP client.
How do I configure the server connection?
Set the BLOODHOUND_URI, BLOODHOUND_USERNAME, and BLOODHOUND_PASSWORD environment variables in your MCP client configuration (default URI is bolt://localhost:7687).
Is this an official Anthropic product?
No. BloodHound-MCP is a community-driven integration between BloodHound and MCP, not an official Anthropic product.
What kind of queries can I ask?
You can ask natural-language questions about Active Directory attack paths, privilege escalation, Kerberos issues, certificate services vulnerabilities, delegation abuse, AD hygiene, and more.
What license is this project under?
This project is licensed under the MIT License.
More Other MCP servers
ICSS
chokcoco不止于 CSS

EverArt
modelcontextprotocolModel Context Protocol Servers
Website
FunnyWolfAdversary simulation and Red teaming platform with AI
Mcp
browsermcpBrowser MCP is a Model Context Provider (MCP) server that allows AI applications to control your browser
IDA Pro MCP
mrexodiaAI-powered reverse engineering assistant that bridges IDA Pro with language models through MCP.
Comments