Integrates with GitHub for repository access and installation, allowing users to clone and use the BloodHound-MCP codebase.
Connects to Neo4j database containing BloodHound Active Directory data, enabling natural language queries to analyze attack paths, security vulnerabilities, and domain relationships.
Uses Python to run the MCP server and execute BloodHound queries, supporting natural language analysis of Active Directory security data.
Connects users to a Telegram channel for community support, updates, and discussions about the BloodHound-MCP tool.
BloodHound-MCP
Model Context Protocol (MCP) Server for BloodHound
BloodHound-MCP is a powerful integration that brings the capabilities of Model Context Procotol (MCP) Server to BloodHound, the industry-standard tool for Active Directory security analysis. This integration allows you to analyze BloodHound data using natural language, making complex Active Directory attack path analysis accessible to everyone.
🥇 First-Ever BloodHound AI Integration!
This is the first integration that connects BloodHound with AI through MCP, originally announced here.
🔍 What is BloodHound-MCP?
BloodHound-MCP combines the power of:
BloodHound: Industry-standard tool for visualizing and analyzing Active Directory attack paths
Model Context Protocol (MCP): An open protocol for creating custom AI tools, compatible with various AI models
Neo4j: Graph database used by BloodHound to store AD relationship data
With over 75 specialized tools based on the original BloodHound CE Cypher queries, BloodHound-MCP allows security professionals to:
Query BloodHound data using natural language
Discover complex attack paths in Active Directory environments
Assess Active Directory security posture more efficiently
Generate detailed security reports for stakeholders
📱 Community
Join our Telegram channel for updates, tips, and discussion:
Telegram: root_sec
🌟 Star History
✨ Features
Natural Language Interface: Query BloodHound data using plain English
Comprehensive Analysis Categories:
Domain structure mapping
Privilege escalation paths
Kerberos security issues (Kerberoasting, AS-REP Roasting)
Certificate services vulnerabilities
Active Directory hygiene assessment
NTLM relay attack vectors
Delegation abuse opportunities
And much more!
📋 Prerequisites
BloodHound 4.x+ with data collected from an Active Directory environment
Neo4j database with BloodHound data loaded
Python 3.8 or higher
MCP Client
🔧 Installation
Clone this repository:
git clone https://github.com/your-username/MCP-BloodHound.git cd MCP-BloodHoundInstall dependencies:
pip install -r requirements.txtConfigure the MCP Server
"mcpServers": { "BloodHound-MCP": { "command": "python", "args": [ "<Your_Path>\\BloodHound-MCP.py" ], "env": { "BLOODHOUND_URI": "bolt://localhost:7687", "BLOODHOUND_USERNAME": "neo4j", "BLOODHOUND_PASSWORD": "bloodhoundcommunityedition" } } }
🚀 Usage
Example queries you can ask through the MCP:
"Show me all paths from kerberoastable users to Domain Admins"
"Find computers where Domain Users have local admin rights"
"Identify Domain Controllers vulnerable to NTLM relay attacks"
"Map all Active Directory certificate services vulnerabilities"
"Generate a comprehensive security report for my domain"
"Find inactive privileged accounts"
"Show me attack paths to high-value targets"
🔐 Security Considerations
This tool is designed for legitimate security assessment purposes. Always:
Obtain proper authorization before analyzing any Active Directory environment
Handle BloodHound data as sensitive information
Follow responsible disclosure practices for any vulnerabilities discovered
📜 License
This project is licensed under the MIT License - see the LICENSE file for details.
🙏 Acknowledgments
The BloodHound team for creating an amazing Active Directory security tool
The security community for continuously advancing AD security practices
Note: This is not an official Anthropic product. BloodHound-MCP is a community-driven integration between BloodHound and MCP.
This server cannot be installed
hybrid server
The server is able to function both locally and remotely, depending on the configuration or use case.
BloodHound-MCP-AI is integration that connects BloodHound with AI through Model Context Protocol, allowing security professionals to analyze Active Directory attack paths using natural language instead of complex Cypher queries.
Related MCP Servers
- AsecurityAlicenseAqualityA server that uses the Model Context Protocol (MCP) to allow AI agents to safely execute shell commands on a host system.Last updated -1526MIT License
- -securityAlicense-qualityA lightweight, extensible cybersecurity toolkit that connects AI assistants to security tools through the Model Context Protocol (MCP), enabling AI-assisted security research, scanning, and analysis.Last updated -9MIT License
- -securityAlicense-qualityAn open-source implementation of the Model Context Protocol (MCP) that bridges AI agents with enterprise systems, enabling secure access to real-world data and capabilities.Last updated -5Apache 2.0
- AsecurityAlicenseAqualityAn MCP server that enables AI tools to interact with ActiveCampaign API, allowing contact management and tracking event analysis through natural language queries.Last updated -5MIT License