playbooks
Learn Rules MCPs Modes
AI Image Editor
Log in

BloodHound MCP server

Enables security professionals to analyze Active Directory and Azure AD environments through natural language queries by connecting to BloodHound's Neo4j database for identifying attack paths and vulnerabilities.
Back to servers
Provider
Steven Yu
Release date
Apr 04, 2025
Language
Python
Stats
149 stars
View on GitHub

BloodHound MCP (Model Context Protocol) extends the BloodHound tool to enable Large Language Models (LLMs) to interact with and analyze Active Directory and Azure Active Directory environments through natural language queries. This server allows users to perform complex analysis using simple, conversational commands without writing Cypher queries manually.

Installation and Setup

Prerequisites

Before installing BloodHound MCP, ensure you have:

  • A running Neo4j database with BloodHound data
  • Python and pip installed on your system

Configuration

Configure the MCP server by creating a configuration file with your Neo4j database connection details:

{
  "mcpServers": {
    "BloodHound": {
      "name": "BloodHound",
      "isActive": true,
      "command": "uv",
      "args": [
        "run",
        "--with",
        "mcp[cli],neo4j",
        "mcp",
        "run",
        "<PATH_TO_THE_PROJECT>server.py"
      ],
      "env": {
        "BLOODHOUND_URI": "bolt://localhost:7687",
        "BLOODHOUND_USERNAME": "neo4j",
        "BLOODHOUND_PASSWORD": "bloodhound"
      }
    }
  }
}

Make sure to replace <PATH_TO_THE_PROJECT> with the actual path to where you've installed BloodHound MCP.

Environment Variables

The following environment variables need to be set:

  • BLOODHOUND_URI: Connection URI for your Neo4j database (default: bolt://localhost:7687)
  • BLOODHOUND_USERNAME: Your Neo4j username (default: neo4j)
  • BLOODHOUND_PASSWORD: Your Neo4j password (default: bloodhound)

Using BloodHound MCP

Basic Usage

Once configured, you can interact with your Active Directory or Azure AD environment using natural language queries. The MCP server processes these queries and returns insights from your BloodHound data.

Example Queries

You can ask questions like:

  • "Show me all domain administrators"
  • "Find the shortest path from user X to Domain Admins group"
  • "Identify users with paths to high-value targets"
  • "List all computers with local admin access from user Y"

Query Capabilities

BloodHound MCP supports various types of analysis:

  • Path Finding: Discover attack paths between entities
  • Privilege Analysis: Identify users with excessive privileges
  • Security Assessment: Detect potential security vulnerabilities
  • Relationship Mapping: Visualize connections between AD/AAD objects

Customizing Your Experience

You can adjust the server settings in the configuration file to match your specific environment and tool requirements. This includes changing the command and arguments used to launch the server.

Troubleshooting

If you encounter issues:

  • Verify your Neo4j database is running and accessible
  • Check that your configuration file has the correct connection details
  • Ensure you have the necessary permissions to access the Neo4j database
  • Confirm that all required dependencies are installed

How to add this MCP server to Cursor

There are two ways to add an MCP server to Cursor. The most common way is to add the server globally in the ~/.cursor/mcp.json file so that it is available in all of your projects.

If you only need the server in a single project, you can add it to the project instead by creating or adding it to the .cursor/mcp.json file.

Adding an MCP server to Cursor globally

To add a global MCP server go to Cursor Settings > MCP and click "Add new global MCP server".

When you click that button the ~/.cursor/mcp.json file will be opened and you can add your server like this:

{
    "mcpServers": {
        "cursor-rules-mcp": {
            "command": "npx",
            "args": [
                "-y",
                "cursor-rules-mcp"
            ]
        }
    }
}

Adding an MCP server to a project

To add an MCP server to a project you can create a new .cursor/mcp.json file or add it to the existing one. This will look exactly the same as the global MCP server example above.

How to use the MCP server

Once the server is installed, you might need to head back to Settings > MCP and click the refresh button.

The Cursor agent will then be able to see the available tools the added MCP server has available and will call them when it needs to.

You can also explictly ask the agent to use the tool by mentioning the tool name and describing what the function does.

Want to 10x your AI skills?

Get a free account and learn to code + market your apps using AI (with or without vibes!).

Nah, maybe later