Use This MCP server To

Analyze Active Directory attack paths using natural language queries Convert complex Cypher queries into simple natural language requests Visualize and explore Active Directory security relationships interactively Integrate AI-driven insights into BloodHound security assessments Automate detection of potential attack vectors in Active Directory environments Simplify security audits by querying BloodHound data conversationally

README

BloodHound-MCP

Model Context Protocol (MCP) Server for BloodHound

BloodHound-MCP is a powerful integration that brings the capabilities of Model Context Procotol (MCP) Server to BloodHound, the industry-standard tool for Active Directory security analysis. This integration allows you to analyze BloodHound data using natural language, making complex Active Directory attack path analysis accessible to everyone.

🥇 First-Ever BloodHound AI Integration!
This is the first integration that connects BloodHound with AI through MCP, originally announced here.

🔍 What is BloodHound-MCP?

BloodHound-MCP combines the power of:

BloodHound: Industry-standard tool for visualizing and analyzing Active Directory attack paths
Model Context Protocol (MCP): An open protocol for creating custom AI tools, compatible with various AI models
Neo4j: Graph database used by BloodHound to store AD relationship data

With over 75 specialized tools based on the original BloodHound CE Cypher queries, BloodHound-MCP allows security professionals to:

Query BloodHound data using natural language
Discover complex attack paths in Active Directory environments
Assess Active Directory security posture more efficiently
Generate detailed security reports for stakeholders

📱 Community

Join our Telegram channel for updates, tips, and discussion:

Telegram: root_sec

🌟 Star History

✨ Features

Natural Language Interface: Query BloodHound data using plain English
Comprehensive Analysis Categories:
- Domain structure mapping
- Privilege escalation paths
- Kerberos security issues (Kerberoasting, AS-REP Roasting)
- Certificate services vulnerabilities
- Active Directory hygiene assessment
- NTLM relay attack vectors
- Delegation abuse opportunities
- And much more!

📋 Prerequisites

BloodHound 4.x+ with data collected from an Active Directory environment
Neo4j database with BloodHound data loaded
Python 3.8 or higher
MCP Client

🔧 Installation

Clone this repository:

git clone https://github.com/your-username/MCP-BloodHound.git
cd MCP-BloodHound

Install dependencies:
```
pip install -r requirements.txt
```

Configure the MCP Server

"mcpServers": {
    "BloodHound-MCP": {
        "command": "python",
        "args": [
            "<Your_Path>\\BloodHound-MCP.py"
        ],
        "env": {
            "BLOODHOUND_URI": "bolt://localhost:7687",
            "BLOODHOUND_USERNAME": "neo4j",
            "BLOODHOUND_PASSWORD": "bloodhoundcommunityedition"
        }
    }
}

🚀 Usage

Example queries you can ask through the MCP:

"Show me all paths from kerberoastable users to Domain Admins"
"Find computers where Domain Users have local admin rights"
"Identify Domain Controllers vulnerable to NTLM relay attacks"
"Map all Active Directory certificate services vulnerabilities"
"Generate a comprehensive security report for my domain"
"Find inactive privileged accounts"
"Show me attack paths to high-value targets"

🔐 Security Considerations

This tool is designed for legitimate security assessment purposes. Always:

Obtain proper authorization before analyzing any Active Directory environment
Handle BloodHound data as sensitive information
Follow responsible disclosure practices for any vulnerabilities discovered

📜 License

This project is licensed under the MIT License - see the LICENSE file for details.

🙏 Acknowledgments

The BloodHound team for creating an amazing Active Directory security tool
The security community for continuously advancing AD security practices

Note: This is not an official Anthropic product. BloodHound-MCP is a community-driven integration between BloodHound and MCP.

BloodHound-MCP-AI FAQ

How does BloodHound-MCP-AI simplify Active Directory analysis?

It allows users to query BloodHound data using natural language instead of complex Cypher queries, making analysis more accessible.

What is required to use BloodHound-MCP-AI?

You need a BloodHound instance and an MCP-compatible AI model such as OpenAI, Claude, or Gemini to interact with the server.

Can BloodHound-MCP-AI work with different AI providers?

Yes, it supports any AI model compatible with the Model Context Protocol, including OpenAI, Anthropic Claude, and Google Gemini.

Is BloodHound-MCP-AI suitable for non-expert users?

Yes, it lowers the barrier for security professionals who are not experts in Cypher by enabling natural language queries.

How does BloodHound-MCP-AI integrate with existing BloodHound workflows?

It acts as an MCP server that exposes BloodHound data and functionality to AI clients, enabling seamless integration.

Does BloodHound-MCP-AI support real-time analysis?

Yes, it provides real-time access to BloodHound data for dynamic query and response.

What security benefits does BloodHound-MCP-AI provide?

It helps identify attack paths and potential vulnerabilities faster by simplifying query complexity and enabling AI-driven insights.

How do I get started with BloodHound-MCP-AI?

Install the MCP server alongside BloodHound and connect it to your preferred MCP client and AI model.