playbooks

Home / MCP / BloodHound MCP Server

BloodHound MCP Server

Provides LLM-assisted querying of AD/AAD data from Neo4j, enabling natural language prompts to fetch insights.

other
154stars
View on GitHub
Installation
Add the following to your MCP client configuration file.

Configuration

View docs
{
    "mcpServers": {
        "bloodhound": {
            "command": "uv",
            "args": [
                "run",
                "--with",
                "mcp[cli],neo4j",
                "mcp",
                "run",
                "<PATH_TO_THE_PROJECT>server.py"
            ],
            "env": {
                "BLOODHOUND_URI": "bolt://localhost:7687",
                "BLOODHOUND_USERNAME": "neo4j",
                "BLOODHOUND_PASSWORD": "bloodhound"
            }
        }
    }
}

BloodHound MCP lets large language models interact with and analyze Active Directory and Azure Active Directory environments through natural language queries. By converting conversational prompts into actionable insights, you can ask questions about AD/AAD data stored in Neo4j and receive structured results without writing Cypher queries manually.

How to use

You run BloodHound MCP as an MCP server and connect to it with an MCP client. Use natural language queries to explore AD/AAD data, request insights, and perform complex analyses that would normally require multiple command-line steps. Your prompts should describe what you want to know, and the system will interpret and execute the underlying data queries for you.

How to install

Prerequisites: make sure you have a working Node/Python environment and access to a Neo4j database where BloodHound data is stored.

1) Prepare the MCP config with the BloodHound MCP server settings shown in the code block below.

{
  "mcpServers": {
    "BloodHound": {
      "name": "BloodHound",
      "isActive": true,
      "command": "uv",
      "args": [
        "run",
        "--with",
        "mcp[cli],neo4j",
        "mcp",
        "run",
        "<PATH_TO_THE_PROJECT>server.py"
      ],
      "env": {
        "BLOODHOUND_URI": "bolt://localhost:7687",
        "BLOODHOUND_USERNAME": "neo4j",
        "BLOODHOUND_PASSWORD": "bloodhound"
      }
    }
  }
}

Additional setup steps

2) Ensure your Neo4j database is accessible at the address provided in BLOODHOUND_URI and that the provided credentials are correct.

3) Start the MCP client and connect to the BloodHound MCP endpoint you configured. You can then begin issuing natural language queries to retrieve AD/AAD insights.

Configuration

Customize BloodHound MCP by adjusting the environment variables and the command line arguments to match your environment and tooling. The key connection details are the Neo4j database URI, username, and password.

Notes

Security: protect Neo4j credentials and ensure network access is restricted to trusted clients. Use strong passwords and consider applying roles and access controls within Neo4j.

Troubleshooting

If the MCP server fails to start, verify that the uv runtime is installed and accessible. Double-check the path to server.py and confirm that the Neo4j connection details are correct.