playbooks
Learn Rules MCPs Modes
AI Image Editor
Log in

BloodHound MCP server

Integrates with BloodHound security tool to analyze Active Directory and Azure environments for attack paths, privilege escalation opportunities, and security misconfigurations through specialized tools for threat hunting and penetration testing.
Back to servers
Provider
Mor David
Release date
Apr 04, 2025
Language
Python
Stats
194 stars
View on GitHub

BloodHound-MCP is a powerful integration that brings natural language processing capabilities to BloodHound, the industry-standard tool for Active Directory security analysis. It enables security professionals to query and analyze BloodHound data using plain English, making complex Active Directory attack path analysis more accessible.

What is BloodHound-MCP?

BloodHound-MCP combines BloodHound's powerful Active Directory analysis capabilities with the Model Context Protocol (MCP), an open protocol for creating custom AI tools. It allows you to interact with your BloodHound data using natural language, making it easier to discover complex attack paths, assess security postures, and generate detailed reports.

Prerequisites

Before installing BloodHound-MCP, ensure you have:

  • BloodHound 4.x+ with data collected from an Active Directory environment
  • Neo4j database with BloodHound data loaded
  • Python 3.8 or higher
  • MCP Client

Installation

Follow these steps to install and set up BloodHound-MCP:

  1. Clone the repository:

    git clone https://github.com/your-username/MCP-BloodHound.git
cd MCP-BloodHound

  2. Install the required dependencies:

    pip install -r requirements.txt

  3. Configure the MCP Server by adding the following configuration to your MCP Client setup:

    "mcpServers": {
    "BloodHound-MCP": {
        "command": "python",
        "args": [
            "<Your_Path>\\BloodHound-MCP.py"
        ],
        "env": {
            "BLOODHOUND_URI": "bolt://localhost:7687",
            "BLOODHOUND_USERNAME": "neo4j",
            "BLOODHOUND_PASSWORD": "bloodhoundcommunityedition"
        }
    }
}

Usage Examples

You can query BloodHound-MCP using natural language to analyze your Active Directory environment. Here are some example queries you can use:

  • "Show me all paths from kerberoastable users to Domain Admins"
  • "Find computers where Domain Users have local admin rights"
  • "Identify Domain Controllers vulnerable to NTLM relay attacks"
  • "Map all Active Directory certificate services vulnerabilities"
  • "Generate a comprehensive security report for my domain"
  • "Find inactive privileged accounts"
  • "Show me attack paths to high-value targets"

Features

BloodHound-MCP includes:

  • Natural Language Interface: Query BloodHound data using plain English
  • Comprehensive Analysis Categories covering:
    • Domain structure mapping
    • Privilege escalation paths
    • Kerberos security issues (Kerberoasting, AS-REP Roasting)
    • Certificate services vulnerabilities
    • Active Directory hygiene assessment
    • NTLM relay attack vectors
    • Delegation abuse opportunities
    • And much more!

Security Considerations

When using BloodHound-MCP, remember that:

  • Always obtain proper authorization before analyzing any Active Directory environment
  • Handle BloodHound data as sensitive information
  • Follow responsible disclosure practices for any vulnerabilities discovered

Community Support

Join the Telegram channel for updates, tips, and discussion:

How to add this MCP server to Cursor

There are two ways to add an MCP server to Cursor. The most common way is to add the server globally in the ~/.cursor/mcp.json file so that it is available in all of your projects.

If you only need the server in a single project, you can add it to the project instead by creating or adding it to the .cursor/mcp.json file.

Adding an MCP server to Cursor globally

To add a global MCP server go to Cursor Settings > MCP and click "Add new global MCP server".

When you click that button the ~/.cursor/mcp.json file will be opened and you can add your server like this:

{
    "mcpServers": {
        "cursor-rules-mcp": {
            "command": "npx",
            "args": [
                "-y",
                "cursor-rules-mcp"
            ]
        }
    }
}

Adding an MCP server to a project

To add an MCP server to a project you can create a new .cursor/mcp.json file or add it to the existing one. This will look exactly the same as the global MCP server example above.

How to use the MCP server

Once the server is installed, you might need to head back to Settings > MCP and click the refresh button.

The Cursor agent will then be able to see the available tools the added MCP server has available and will call them when it needs to.

You can also explictly ask the agent to use the tool by mentioning the tool name and describing what the function does.

Want to 10x your AI skills?

Get a free account and learn to code + market your apps using AI (with or without vibes!).

Nah, maybe later