Home / MCP / BloodHound-MCP MCP Server
Offers an MCP-based interface to query BloodHound data and analyze Active Directory security paths using natural language.
Configuration
View docs{
"mcpServers": {
"bloodhound_mcp": {
"command": "python",
"args": [
"<Your_Path>\\\\BloodHound-MCP.py"
],
"env": {
"BLOODHOUND_URI": "bolt://localhost:7687",
"BLOODHOUND_USERNAME": "neo4j",
"BLOODHOUND_PASSWORD": "bloodhoundcommunityedition"
}
}
}
}You can run BloodHound-MCP to query BloodHound data using natural language through the Model Context Protocol (MCP). This enables security professionals to analyze Active Directory attack paths and security postures by asking in plain English, making complex data relationships easier to explore and report on without writing Cypher queries manually.
Use an MCP client to connect to the BloodHound-MCP server and start asking questions in natural language. You can query for attack paths, privilege escalation opportunities, and AD security issues, then refine results with follow‑up questions. Start with high‑level goals such as identifying Kerberoasting exposure, locating computers where users have elevated rights, or mapping paths to high‑value targets. Your MCP client will translate your natural language requests into BloodHound/MCP actions and return readable findings and recommended next steps.
Prerequisites you need before installation:
Follow these concrete steps to set up BloodHound-MCP and run the server locally.
# Step 1: Install dependencies (from your project directory)
pip install -r requirements.txt
# Step 2: Configure the MCP Server for BloodHound
# This snippet shows the MCP server configuration entry to run BloodHound-MCP
"mcpServers": {
"BloodHound-MCP": {
"command": "python",
"args": [
"<Your_Path>\\BloodHound-MCP.py"
],
"env": {
"BLOODHOUND_URI": "bolt://localhost:7687",
"BLOODHOUND_USERNAME": "neo4j",
"BLOODHOUND_PASSWORD": "bloodhoundcommunityedition"
}
}
}Security considerations: This tool is designed for legitimate security assessment purposes. Always obtain proper authorization before analyzing any Active Directory environment. Handle BloodHound data as sensitive information and follow responsible disclosure practices for any vulnerabilities discovered.
Usage notes: You can ask the MCP server to map domain structures, identify privilege escalation paths, assess Kerberos-related issues, review AD hygiene, and generate security posture reports. Start with broad questions and narrow results with follow‑ups to avoid overload and ensure actionable findings.
Troubleshooting tips: Ensure the Neo4j instance is reachable, BloodHound data is loaded, and the MCP client is configured to connect to the BloodHound-MCP server. If you encounter authentication errors, verify that the Neo4j credentials in the environment variables match your database configuration. Check that the BloodHound data model is up‑to‑date after any schema changes.
Interact with BloodHound data through plain English queries that MCP translates into actionable graph searches and analysis.
Identify and visualize possible attack paths within Active Directory, including privilege escalation opportunities.
Assess Kerberos-related issues such as Kerberoasting and AS-REP Roasting.
Evaluate Active Directory hygiene and identify misconfigurations or risky settings.
Detect NTLM relay attack vectors and potential exploitation paths.
Identify delegation abuse opportunities and related security concerns.
Generate comprehensive security reports suitable for stakeholders.