BloodHound MCP

A Model Context Protocol (MCP) server that connects LLMs to BloodHound Community Edition. Ask questions in natural language, get attack path analysis, run Cypher queries, and explore Active Directory, Azure/Entra ID, and OpenGraph environments — all from your AI assistant.

Demo

Watch the demonstration video (updated demo coming soon)

How It Works

The server exposes BloodHound CE's REST API and Neo4j graph through a set of 11 composite MCP tools, 10 reference resources, and a system prompt tuned for offensive security analysis.

Composite Tools

Each tool uses an info_type parameter to select what data is returned, keeping the tool surface small and token-efficient:

Resources

Reference material the LLM loads on demand — no extra API calls:

System Prompt

The bloodhound_assistant prompt includes behavioral rules that guide the LLM:

• Load the offensive query library before writing Cypher for any attack scenario

• Never draw privilege conclusions without checking group memberships and admincount

• Respect BloodHound's property naming conventions (hasspn, enabled, admincount — all lowercase)

• Handle uppercase name storage (DOMAIN ADMINS@CORP.LOCAL) correctly in filters

• Follow proper DCSync and GPO edge traversal patterns

Prerequisites

• Python 3.11+

• uv

• BloodHound Community Edition instance with data loaded

• BloodHound API credentials (Token ID + Token Key)

Installation

git clone https://github.com/mwnickerson/bloodhound_mcp.git
cd bloodhound-mcp
uv sync

Create a .env file in the project root:

BLOODHOUND_DOMAIN=your-bloodhound-instance.domain.com
BLOODHOUND_TOKEN_ID=your-token-id
BLOODHOUND_TOKEN_KEY=your-token-key

The server defaults to https on port 443. Override if needed:

BLOODHOUND_PORT=8080
BLOODHOUND_SCHEME=http

Configuration

Claude Desktop

Add to claude_desktop_config.json:

{
  "mcpServers": {
    "bloodhound_mcp": {
      "command": "uv",
      "args": [
        "--directory",
        "/path/to/bloodhound-mcp",
        "run",
        "main.py"
      ]
    }
  }
}

Claude Code

Add to ~/.claude/mcp.json:

{
  "mcpServers": {
    "bloodhound_mcp": {
      "type": "stdio",
      "command": "uv",
      "args": [
        "--directory",
        "/path/to/bloodhound-mcp",
        "run",
        "main.py"
      ]
    }
  }
}

OpenAI Codex CLI

Add to ~/.codex/config.toml (or .codex/config.toml for project-scoped config):

[mcp_servers.bloodhound_mcp]
command = "uv"
args = ["--directory", "/path/to/bloodhound-mcp", "run", "main.py"]

Since the server loads credentials from .env automatically, no env block is needed. If you prefer to pass them explicitly:

[mcp_servers.bloodhound_mcp]
command = "uv"
args = ["--directory", "/path/to/bloodhound-mcp", "run", "main.py"]

[mcp_servers.bloodhound_mcp.env]
BLOODHOUND_DOMAIN = "your-bloodhound-instance.domain.com"
BLOODHOUND_TOKEN_ID = "your-token-id"
BLOODHOUND_TOKEN_KEY = "your-token-key"

MCP Inspector

• Command: uv

• Args: --directory /path/to/bloodhound-mcp run main.py

BloodHound API Token

1. Log into BloodHound CE

2. Navigate to Administration → API Tokens

3. Create a new token and copy the Token ID and Token Key into your .env

Usage

Example Queries

Reconnaissance:

What domains are in BloodHound?
Show me all Domain Admins in CORP.LOCAL
Find all kerberoastable users
Which computers have unconstrained delegation?

User and Group Analysis:

What admin rights does jsmith@corp.local have?
Show me all sessions for the administrator account
What groups is this user a member of?
Who controls the IT ADMINS group?

Attack Path Analysis:

Find the shortest path from jsmith@corp.local to Domain Admins
Who has DCSync rights in the domain?
Show me all GPO abuse paths
Find ADCS ESC1 paths in the domain

Custom Cypher:

Run a Cypher query to find all users with SPN set and admincount=1
Find all computers where DOMAIN USERS can RDP

OpenGraph Support

BloodHound 8.0+ supports custom node types via OpenGraph, letting you model non-AD infrastructure (cloud resources, databases, custom assets) in the same graph as Active Directory.

The custom_nodes tool handles CRUD operations on node type configurations. Use the bloodhound://opengraph/guide and bloodhound://opengraph/examples resources for schema design and Cypher patterns.

Requires BloodHound CE 8.0 or later.

Security Considerations

BloodHound data processed through this tool is transmitted to your LLM provider's servers. Do not use this with production AD data unless you have assessed that risk.

Recommended use cases:

• Lab environments (GOAD, DetectionLab, custom ranges)

• Training and certification prep

• Research and tool development

• Non-production domain analysis

Best practices:

• Rotate BloodHound API tokens regularly

• Use a read-only API token where possible

• Consider a local LLM bridge for sensitive environments

Testing

# Full test suite (307 tests)
uv run pytest

# Specific modules
uv run pytest tests/test_main_mcp_tools.py -v
uv run pytest tests/test_bloodhound_api.py -v

# Integration tests (requires a live BloodHound instance)
BLOODHOUND_INTEGRATION_TESTS=1 uv run pytest tests/test_integration.py -v

Roadmap

• Direct Neo4j access mode (bypass REST API for complex graph traversal)

• Enhanced Azure/Entra ID tooling

• Improved ADCS attack path coverage

• Additional OpenGraph examples and templates

Contributing

Contributions are welcome. Open an issue to discuss significant changes before submitting a PR.

1. Fork the repo

2. Create a feature branch

3. Add tests for new functionality

4. Run uv run pytest and confirm everything passes

5. Submit a pull request

Acknowledgments

• SpecterOps for BloodHound Community Edition

• Orange Cyberdefense for GOAD (used for testing)

• @jlowin for FastMCP

• @xpn for MCP inspiration via the Mythic MCP project

License

GNU General Public License v3.0 — see LICENSE for details.