BloodHound MCP
Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
No arguments | |||
Capabilities
Server capabilities have not been inspected yet.
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| run_queryC | 執行Cypher查詢並返回結果 Args: query: Cypher查詢字符串 parameters: 查詢參數字典 Returns: 查詢結果列表 |
| users_with_most_local_admin_rightsD | [WIP] Users with Most Local Admin Rights |
| computers_with_most_sessionsD | [WIP] Computers with Most Sessions [Required: sessions] |
| users_with_most_sessionsD | [WIP] Users with Most Sessions [Required: sessions] |
| non_privileged_users_with_dangerous_permissionsC | List non-privileged user(s) with dangerous permissions to any node type |
| route_non_privileged_users_with_dangerous_permissionsC | Route non-privileged user(s) with dangerous permissions to any node type |
| users_with_most_cross_domain_sessionsD | [WIP] Users with most cross-domain sessions [Required: sessions] |
| list_high_value_targetsD | List high value target(s) |
| list_domainsD | List domain(s) |
| list_domain_trustsD | List domain trust(s) |
| list_enabled_usersD | List enabled user(s) |
| list_enabled_users_with_emailC | List enabled user(s) with an email address |
| list_non_managed_service_accountsD | List non-managed service account(s) |
| list_enabled_principals_with_unconstrained_delegationC | List enabled principal(s) with "Unconstrained Delegation" |
| list_enabled_principals_with_constrained_delegationC | List enabled principal(s) with "Constrained Delegation" |
| list_domain_controllersD | List domain controller(s) |
| list_domain_computersD | List domain computer(s) |
| list_certificate_authority_serversC | List Certificate Authority server(s) [Required: Certipy] |
| list_privileges_for_certificate_authority_serversD | [WIP] List privileges for Certificate Authority server(s) [Required: Certipy] |
| list_all_certificate_templatesC | List all Certificate Template(s) [Required: Certipy] |
| find_enabled_certificate_templatesC | Find enabled Certificate Template(s) [Required: Certipy] |
| list_all_enrollment_rights_for_certificate_templatesD | [WIP] List all Enrollment Right(s) for Certificate Template(s) |
| list_computers_without_lapsD | List computer(s) WITHOUT LAPS |
| list_network_shares_ignoring_sysvolC | List network share(s), ignoring SYSVOL |
| list_all_groupsD | List all group(s) |
| list_all_gposC | List all GPO(s) |
| list_all_principals_with_local_admin_permissionC | List all principal(s) with "Local Admin" permission |
| list_all_principals_with_rdp_permissionC | List all principal(s) with "RDP" permission |
| list_all_principals_with_sqladmin_permissionC | List all principal(s) with "SQLAdmin" permission |
| list_all_user_sessionsD | List all user session(s) [Required: sessions] |
| list_all_users_with_description_fieldD | List all user(s) with description field |
| list_all_enabled_users_with_userpassword_attributeC | List all enabled user(s) with "userpassword" attribute |
| list_all_enabled_users_with_password_never_expiresC | List all enabled user(s) with "password never expires" attribute |
| list_enabled_users_pwd_never_expires_unchanged_1yrC | List all enabled user(s) with "password never expires" attribute and not changed in last year |
| list_all_enabled_users_with_no_password_requiredC | List all enabled user(s) with "don't require passwords" attribute |
| list_all_enabled_users_never_logged_inC | List all enabled user(s) but never logged in |
| list_all_enabled_users_logged_in_last_90_daysC | List all enabled user(s) that logged in within the last 90 days |
| list_all_enabled_users_set_password_last_90_daysC | List all enabled user(s) that set password within the last 90 days |
| list_all_enabled_users_with_foreign_group_membershipD | List all enabled user(s) with foreign group membership |
| list_all_owned_usersD | List all owned user(s) |
| list_all_owned_enabled_usersC | List all owned & enabled user(s) |
| list_all_owned_enabled_users_with_emailC | List all owned & enabled user(s) with an email address |
| list_own_en_usrs_local_adm_sessC | List all owned & enabled user(s) with "Local Admin" permission, and any active sessions and their group membership(s) |
| list_all_owned_enabled_users_with_rdp_and_sessionsC | List all owned & enabled user(s) with "RDP" permission, and any active sessions and their group membership(s) |
| list_all_owned_enabled_users_with_sqladminC | List all owned & enabled user(s) with "SQLAdmin" permission |
| list_all_owned_computersD | List all owned computer(s) |
| route_all_owned_enabled_group_membershipsD | Route all owned & enabled group membership(s) |
| route_all_owned_enabled_non_privileged_group_membershipsD | Route all owned & enabled non-privileged group(s) membership |
| route_all_owned_enabled_privileged_group_membershipsD | Route all owned & enabled privileged group(s) membership |
| route_owned_users_dangerous_rights_to_anyC | Route all owned & enabled user(s) with Dangerous Rights to any node type |
| route_owned_users_dangerous_rights_to_groupsC | Route all owned & enabled user(s) with Dangerous Rights to group(s) |
| route_own_en_usrs_dang_rts_usrsC | Route all owned & enabled user(s) with Dangerous Rights to user(s) |
| route_own_en_usrs_unconst_delC | Route from owned & enabled user(s) to all principals with "Unconstrained Delegation" |
| route_from_owned_enabled_principals_to_high_value_targetsD | Route from owned & enabled principals to high value target(s) |
| find_owned_users_with_azure_tenancy_accessC | Owned: [WIP] Find all owned user with privileged access to Azure Tenancy (Required: azurehound) |
| find_owned_users_with_group_granted_azure_accessC | Owned: [WIP] Find all owned user where group membership grants privileged access to Azure Tenancy (Required: azurehound) |
| find_azure_app_owners_with_dangerous_rightsC | Owned: [WIP] Find all Owners of Azure Applications with Owners to Service Principals with Dangerous Rights (Required: azurehound) |
| find_all_owned_groups_granting_network_share_accessC | Find all owned groups that grant access to network shares |
| route_all_sessions_to_computers_without_lapsC | Route all sessions to computers WITHOUT LAPS (Required: sessions) |
| route_all_sessions_to_computersD | Route all sessions to computers (Required: sessions) |
| list_enabled_non_privileged_users_with_local_adminC | List enabled non-privileged user(s) with "Local Admin" permission |
| list_non_priv_users_with_admin_and_sessionsC | List enabled non-privileged user(s) with "Local Admin" permission, and any active sessions and their group membership(s) |
| list_enabled_non_privileged_users_with_rdpC | List enabled non-privileged user(s) with "RDP" permission |
| list_enabled_non_privileged_users_with_rdp_and_sessionsC | List enabled non-privileged user(s) with "RDP" permission, and any active sessions and their group membership(s) |
| list_enabled_non_privileged_users_with_sqladminC | List enabled non-privileged user(s) with "SQLAdmin" permission |
| list_all_domain_users_group_membershipsC | List all "Domain Users" group membership(s) |
| list_all_authenticated_users_group_membershipsC | List all "Authenticated Users" group membership(s) |
| find_all_enabled_as_rep_roastable_usersC | Find all enabled AS-REP roastable user(s) |
| find_all_enabled_kerberoastable_usersC | Find all enabled kerberoastable user(s) |
| route_non_privileged_users_with_dangerous_rights_to_usersC | Route non-privileged user(s) with dangerous rights to user(s) [HIGH RAM] |
| route_non_priv_usrs_dang_rts_grpsC | Route non-privileged user(s) with dangerous rights to group(s) [HIGH RAM] |
| route_non_priv_users_dangerous_rights_to_compsC | Route non-privileged user(s) with dangerous rights to computer(s) [HIGH RAM] |
| route_non_privileged_users_with_dangerous_rights_to_gposD | Route non-privileged user(s) with dangerous rights to GPO(s) [HIGH RAM] |
| route_non_priv_users_dangerous_rights_to_priv_nodesC | Route non-privileged user(s) with dangerous rights to privileged node(s) [HIGH RAM] |
| route_non_priv_comps_dangerous_rights_to_usersC | Route non-privileged computer(s) with dangerous rights to user(s) [HIGH RAM] |
| route_non_priv_comps_dangerous_rights_to_groupsC | Route non-privileged computer(s) with dangerous rights to group(s) [HIGH RAM] |
| route_non_priv_comps_dangerous_rights_to_compsD | Route non-privileged computer(s) with dangerous rights to computer(s) [HIGH RAM] |
| route_non_priv_comps_dangerous_rights_to_gposC | Route non-privileged computer(s) with dangerous rights to GPO(s) [HIGH RAM] |
| route_non_priv_comps_dangerous_rights_to_priv_nodesC | Route non-privileged computer(s) with dangerous rights to privileged node(s) [HIGH RAM] |
| list_esc1_vulnerable_certificate_templatesC | List ESC1 vulnerable Certificate Template(s) [Required: Certipy] |
| list_esc2_vulnerable_certificate_templatesC | List ESC2 vulnerable Certificate Template(s) [Required: Certipy] |
| list_esc3_vulnerable_certificate_templatesC | List ESC3 vulnerable Certificate Template(s) [Required: Certipy] |
| list_esc4_vulnerable_certificate_templatesC | List ESC4 vulnerable Certificate Template(s) [Required: Certipy] |
| list_esc6_vulnerable_certificate_templatesC | List ESC6 vulnerable Certificate Template(s) [Required: Certipy] |
| list_esc7_vulnerable_certificate_templatesC | List ESC7 vulnerable Certificate Template(s) [Required: Certipy] |
| list_esc8_vulnerable_certificate_templatesC | List ESC8 vulnerable Certificate Template(s) [Required: Certipy] |
| list_all_cross_domain_user_sessions_and_membershipsC | List all cross-domain user session(s) and user group membership(s) |
| list_privileged_users_without_protected_usersC | List privileged user(s) without "Protected Users" group membership |
| list_custom_privileged_groupsD | List custom privileged group(s) |
| list_en_svc_accts_priv_grp_memsC | List all enabled SVC account(s) with privileged group membership(s) |
| route_priv_users_sessions_to_non_priv_compsC | Route all privileged user(s) with sessions to non-privileged computer(s) [Required: sessions] |
| find_paths_dangerous_rights_to_adminsdholderC | Find allshortestpaths with dangerous rights to AdminSDHolder object |
| find_allshortestpaths_with_dcsync_to_domainD | Find allshortestpaths with DCSync to domain object |
| find_allshortestpaths_with_shadow_credential_permissionD | Find allshortestpaths with Shadow Credential permission to principal(s) |
| list_all_tenancyC | List all Tenancy (Required: azurehound) |
| list_all_aad_groups_synchronized_with_adC | [WIP] List all AAD Group(s) that are synchronized with AD (Required: azurehound) |
| list_all_principals_used_for_syncing_ad_and_aadC | [WIP] List all principal(s) used for syncing AD and AAD |
| list_all_enabled_azure_usersC | List all enabled Azure User(s) (Required: azurehound) |
| list_all_enabled_azure_users_group_membershipsC | List all enabled Azure User(s) Azure Group membership(s) (Required: azurehound) |
| list_all_ad_principals_with_edges_to_azure_principalsC | [WIP] List all AD principal(s) with edge(s) to Azure principal(s) (Required: azurehound) |
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
| prompt |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
No resources | |
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/stevenyu113228/BloodHound-MCP'
If you have feedback or need assistance with the MCP directory API, please join our Discord server