The BloodHound MCP Server enables Large Language Models (primarily Claude Desktop) to query and analyze BloodHound Community Edition data using natural language for Active Directory security assessments and attack path identification.
Core Domain Analysis
Query domains, users, groups, computers, OUs, and GPOs with pagination support
Search objects by name or Object ID with optional type filtering
Analyze user administrative rights, group memberships, sessions, DCSync privileges, and various remote access rights (RDP/PSRemote/DCOM/SQL)
Examine group memberships, controllers, administrative rights, and member sessions
Investigate computer administrative access, sessions, constrained delegation, and remote access rights
Explore OU hierarchies and contained security objects
Analyze GPO assignments, controllers, linked containers, and Tier Zero associations
Attack Path & Privilege Analysis
Find shortest paths between security principals and identify privilege escalation opportunities
Analyze edge compositions and complex relationships between nodes
Discover DCSync capabilities, kerberoastable users, and relay attack targets
Map constrained delegation rights and lateral movement paths
Cross-Domain Analysis
Identify foreign admins, groups, users, and GPO controllers across domains
Analyze inbound/outbound trust relationships and foreign security principals
ADCS Infrastructure Analysis
Investigate Certificate Authorities (Root, Enterprise, AIA), templates, and controllers
Support identification of certificate-based attack paths (ESC1-ESC6)
Advanced Capabilities
Execute and interpret custom Cypher queries for complex Neo4j graph analysis
Perform fuzzy and exact graph searches
Create and manage saved queries
Map all control relationships between security principals
OpenGraph CRUD operations on custom nodes (BloodHound 8.0+)
Assess data quality and completeness
Organize assets into logical groups (Tier Zero, Owned, custom)
Technical Features
Direct REST API integration with BloodHound Community Edition
Properly formatted, paginated results with counts and metadata
Graceful error handling
Enables querying and analysis of BloodHound Community Edition data through its REST API and Cypher queries, providing tools for Active Directory attack path analysis, user/group/computer assessment, privilege escalation identification, and security principal relationship mapping.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@BloodHound MCP Serverfind all users with admin rights to the domain controller"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
BloodHound Model Context Protocol Server
A Model Context Protocol (MCP) server that enables Large Language Models to interact with BloodHound Community Edition data through Claude Desktop. This tool allows security professionals to query and analyze Active Directory attack paths using natural language. This is currently in the state where it works with Claude Desktop by default.
Architecture
This MCP server provides a comprehensive interface to BloodHound Community Edition's REST API, not just a wrapper around Cypher queries. The implementation includes:
API Coverage
BloodHound REST API Integration: Utilizes BloodHound CE's REST API endpoints (
/api/v2/domains,/api/v2/users,/api/v2/groups, etc.) most relevant to an operators use case. The management apis have been left out as i still dont feel comfortable giving an LLM access to management of BloodHoundStructured Data Access: Leverages purpose-built API endpoints for users, computers, groups, OUs, and GPOs
Advanced Functionality: Includes ADCS analysis, graph search, shortest path algorithms, and edge composition analysis
Authentication: Implements BloodHound's signature-based authentication system
Why Not Just Cypher Queries?
While Cypher queries are powerful, this MCP goes beyond simple query execution:
Structured API Responses: Returns properly formatted, paginated data with counts and metadata
Built-in Relationships: Utilizes BloodHound's pre-computed relationship mappings
Error Handling: Proper HTTP status code handling and meaningful error messages
Performance: Leverages BloodHound's optimized endpoints rather than raw graph traversal
Completeness: Access to administrative rights, sessions, group memberships, and other complex relationships through dedicated endpoints
MCP Benefits
As a proper Model Context Protocol implementation:
Tool Discoverability: LLM automatically discovers available analysis capabilities
Type Safety: Strongly typed parameters and responses
Contextual Help: Built-in documentation and examples for the LLM
Resource Access: Provides Cypher query examples and patterns as MCP resources
Demo
Watch the demonstration video - Outdated will update with a new one at some point
Features
Core Capabilities
Domain Analysis: Query domain information, users, groups, computers, and organizational structure
User Intelligence: Analyze user privileges, group memberships, sessions, and administrative rights
Group Analysis: Examine group memberships, controllers, and privilege relationships
Computer Assessment: Investigate computer privileges, sessions, and administrative access
Organizational Units: Explore OU structure and contained objects
Group Policy Objects: Analyze GPO assignments and controllers
Certificate Services: Investigate ADCS infrastructure and certificate templates
Custom Cypher Queries: Execute advanced Neo4j queries for complex analysis
Graph Search: Find shortest paths between security principals
Asset Grouping: Group assets together (Tier Zero, Owned, custom groupings)
Data Quality: Get more information on the data quality in BloodHound
OpenGraph Support: CRUD Operations on Custom Nodes to support the newest version of BloodHound!
Requires BloodHound 8.0 or greater
This is just implemented and has not been througohly tested
Advanced Features
Natural language querying of BloodHound data
Attack path visualization and analysis
Privilege escalation identification
Cross-domain relationship analysis
Kerberoasting target identification
Administrative relationship mapping
OpenGraph Usage
OpenGraph is a new feature to BloodHound 8.0. It gives users the power to expand BloodHound beyond standard AD and Azure AD. For more information on OpenGraph please see the below resources
Prerequisites
Python 3.11+
uv (Python package manager)
Claude Desktop
BloodHound Community Edition instance (accessible via network)
BloodHound data loaded (from SharpHound, BloodHound.py, etc.)
BloodHound API credentials (Token ID and Token Key)
Installation
Clone the repository
git clone <repository-url> cd bloodhound-mcpInstall dependencies
uv syncConfigure environment variables
Create a
.envfile in the project root:BLOODHOUND_DOMAIN=your-bloodhound-instance.domain.com BLOODHOUND_TOKEN_ID=your-token-id BLOODHOUND_TOKEN_KEY=your-token-keyNote: By default, the server connects using
httpson port443. If you're using BloodHound Community Edition with a different configuration, add these optional variables:BLOODHOUND_PORT=8080 BLOODHOUND_SCHEME=http
Configuration
Claude Desktop Setup
Open Claude Desktop and navigate to Settings β Developer Tools
Add the following configuration to your
claude_desktop_config.json:
Replace
/path/to/your/bloodhound-mcpwith the actual path to your installationRestart Claude Desktop
BloodHound API Token Setup
Log into your BloodHound CE instance
Navigate to Administration β API Tokens
Create a new token with appropriate permissions
Note the Token ID and Token Key for your
.envfile
Usage
Getting Started
Start a new conversation in Claude Desktop
Look for the hammer icon (π¨) indicating MCP tools are available
Begin by asking about your domains:
Example Queries
Domain Reconnaissance:
User Analysis:
Privilege Escalation:
Advanced Analysis:
Security Considerations
Data Sensitivity Warning
This tool processes BloodHound data through Claude Desktop, which means Active Directory information is transmitted to Anthropic's servers. Do not use this tool with production or sensitive BloodHound data.
Recommended Use Cases
Training environments (GOAD, DetectionLab, etc.)
Demonstration purposes
Learning and research
Non-production domain analysis
Best Practices
Use isolated lab environments
Sanitize data before analysis
Consider local LLM alternatives for sensitive environments
there are projects coming out that allow for the connecting of MCPs to local llms
Regular token rotation for BloodHound API access
A note on Local LLM Support
Initially I was planning to allow for this to connect to Local LLMs, however during this process the research and testing has led me in another direction. This direction requires a lot more time and energy that takes away from building a connector for Ollama or other Local LLM support. There are a lot of projects coming out (that I have not tested with this) that can serve as a bridge. Therefore I do not plan on directly making this project work with local LLMs for the time being (this may be something i explore in the future). Hopefully the next evolution of this project will be seen as a worthwhile investment of my time and energy!
Testing
Run the test suite to verify functionality:
Contributing
Contributions are welcome! This project is designed for learning and experimentation with MCPs and BloodHound APIs.
Development Setup
Fork the repository
Create a feature branch
Make your changes
Add tests for new functionality
Run the test suite
Submit a pull request
Roadmap
Enhanced attack path analysis
Azure Active Directory support
Advanced graph visualizations
Asset management integration
Local LLM compatibility
Additional ADCS attack scenarios
License
This project is licensed under the GNU General Public License v3.0 - see the LICENSE file for details.