BloodHound-MCP

Model Context Protocol (MCP) Server for BloodHound

BloodHound-MCP is a powerful integration that brings the capabilities of Model Context Procotol (MCP) Server to BloodHound, the industry-standard tool for Active Directory security analysis. This integration allows you to analyze BloodHound data using natural language, making complex Active Directory attack path analysis accessible to everyone.

🥇 First-Ever BloodHound AI Integration!
This is the first integration that connects BloodHound with AI through MCP, originally announced here.

🔍 What is BloodHound-MCP?

BloodHound-MCP combines the power of:

• BloodHound: Industry-standard tool for visualizing and analyzing Active Directory attack paths

• Model Context Protocol (MCP): An open protocol for creating custom AI tools, compatible with various AI models

• Neo4j: Graph database used by BloodHound to store AD relationship data

With over 75 specialized tools based on the original BloodHound CE Cypher queries, BloodHound-MCP allows security professionals to:

• Query BloodHound data using natural language

• Discover complex attack paths in Active Directory environments

• Assess Active Directory security posture more efficiently

• Generate detailed security reports for stakeholders

📱 Community

Join our Telegram channel for updates, tips, and discussion:

• Telegram: root_sec

🌟 Star History

✨ Features

• Natural Language Interface: Query BloodHound data using plain English

• Comprehensive Analysis Categories:

  • Domain structure mapping

  • Privilege escalation paths

  • Kerberos security issues (Kerberoasting, AS-REP Roasting)

  • Certificate services vulnerabilities

  • Active Directory hygiene assessment

  • NTLM relay attack vectors

  • Delegation abuse opportunities

  • And much more!

📋 Prerequisites

• BloodHound 4.x+ with data collected from an Active Directory environment

• Neo4j database with BloodHound data loaded

• Python 3.8 or higher

• MCP Client

🔧 Installation

1. Clone this repository:

   git clone https://github.com/your-username/MCP-BloodHound.git cd MCP-BloodHound

2. Install dependencies:

   pip install -r requirements.txt

3. Configure the MCP Server

   "mcpServers": { "BloodHound-MCP": { "command": "python", "args": [ "<Your_Path>\\BloodHound-MCP.py" ], "env": { "BLOODHOUND_URI": "bolt://localhost:7687", "BLOODHOUND_USERNAME": "neo4j", "BLOODHOUND_PASSWORD": "bloodhoundcommunityedition" } } }

🚀 Usage

Example queries you can ask through the MCP:

• "Show me all paths from kerberoastable users to Domain Admins"

• "Find computers where Domain Users have local admin rights"

• "Identify Domain Controllers vulnerable to NTLM relay attacks"

• "Map all Active Directory certificate services vulnerabilities"

• "Generate a comprehensive security report for my domain"

• "Find inactive privileged accounts"

• "Show me attack paths to high-value targets"

🔐 Security Considerations

This tool is designed for legitimate security assessment purposes. Always:

• Obtain proper authorization before analyzing any Active Directory environment

• Handle BloodHound data as sensitive information

• Follow responsible disclosure practices for any vulnerabilities discovered

📜 License

This project is licensed under the MIT License - see the LICENSE file for details.

🙏 Acknowledgments

• The BloodHound team for creating an amazing Active Directory security tool

• The security community for continuously advancing AD security practices

Note: This is not an official Anthropic product. BloodHound-MCP is a community-driven integration between BloodHound and MCP.