BloodHound MCP server

BloodHound MCP (Model Context Protocol) extends the BloodHound tool to enable Large Language Models (LLMs) to interact with and analyze Active Directory and Azure Active Directory environments through natural language queries. This server allows users to perform complex analysis using simple, conversational commands without writing Cypher queries manually.

Installation and Setup

Prerequisites

Before installing BloodHound MCP, ensure you have:

• A running Neo4j database with BloodHound data
• Python and pip installed on your system

Configuration

Configure the MCP server by creating a configuration file with your Neo4j database connection details:

{
  "mcpServers": {
    "BloodHound": {
      "name": "BloodHound",
      "isActive": true,
      "command": "uv",
      "args": [
        "run",
        "--with",
        "mcp[cli],neo4j",
        "mcp",
        "run",
        "<PATH_TO_THE_PROJECT>server.py"
      ],
      "env": {
        "BLOODHOUND_URI": "bolt://localhost:7687",
        "BLOODHOUND_USERNAME": "neo4j",
        "BLOODHOUND_PASSWORD": "bloodhound"
      }
    }
  }
}

Make sure to replace <PATH_TO_THE_PROJECT> with the actual path to where you've installed BloodHound MCP.

Environment Variables

The following environment variables need to be set:

• BLOODHOUND_URI: Connection URI for your Neo4j database (default: bolt://localhost:7687)
• BLOODHOUND_USERNAME: Your Neo4j username (default: neo4j)
• BLOODHOUND_PASSWORD: Your Neo4j password (default: bloodhound)

Using BloodHound MCP

Basic Usage

Once configured, you can interact with your Active Directory or Azure AD environment using natural language queries. The MCP server processes these queries and returns insights from your BloodHound data.

Example Queries

You can ask questions like:

• "Show me all domain administrators"
• "Find the shortest path from user X to Domain Admins group"
• "Identify users with paths to high-value targets"
• "List all computers with local admin access from user Y"

Query Capabilities

BloodHound MCP supports various types of analysis:

• Path Finding: Discover attack paths between entities
• Privilege Analysis: Identify users with excessive privileges
• Security Assessment: Detect potential security vulnerabilities
• Relationship Mapping: Visualize connections between AD/AAD objects

Customizing Your Experience

You can adjust the server settings in the configuration file to match your specific environment and tool requirements. This includes changing the command and arguments used to launch the server.

Troubleshooting

If you encounter issues:

• Verify your Neo4j database is running and accessible
• Check that your configuration file has the correct connection details
• Ensure you have the necessary permissions to access the Neo4j database
• Confirm that all required dependencies are installed

How to install this MCP server

For Claude Code

To add this MCP server to Claude Code, run this command in your terminal:

claude mcp add-json "BloodHound" '{"name":"BloodHound","isActive":true,"command":"uv","args":["run","--with","mcp[cli],neo4j","mcp","run","<PATH_TO_THE_PROJECT>server.py"],"env":{"BLOODHOUND_URI":"bolt://localhost:7687","BLOODHOUND_USERNAME":"neo4j","BLOODHOUND_PASSWORD":"bloodhound"}}'

See the official Claude Code MCP documentation for more details.

For Cursor

There are two ways to add an MCP server to Cursor. The most common way is to add the server globally in the ~/.cursor/mcp.json file so that it is available in all of your projects.

If you only need the server in a single project, you can add it to the project instead by creating or adding it to the .cursor/mcp.json file.

Adding an MCP server to Cursor globally

To add a global MCP server go to Cursor Settings > Tools & Integrations and click "New MCP Server".

When you click that button the ~/.cursor/mcp.json file will be opened and you can add your server like this:

{
    "mcpServers": {
        "BloodHound": {
            "name": "BloodHound",
            "isActive": true,
            "command": "uv",
            "args": [
                "run",
                "--with",
                "mcp[cli],neo4j",
                "mcp",
                "run",
                "<PATH_TO_THE_PROJECT>server.py"
            ],
            "env": {
                "BLOODHOUND_URI": "bolt://localhost:7687",
                "BLOODHOUND_USERNAME": "neo4j",
                "BLOODHOUND_PASSWORD": "bloodhound"
            }
        }
    }
}

Adding an MCP server to a project

To add an MCP server to a project you can create a new .cursor/mcp.json file or add it to the existing one. This will look exactly the same as the global MCP server example above.

How to use the MCP server

Once the server is installed, you might need to head back to Settings > MCP and click the refresh button.

The Cursor agent will then be able to see the available tools the added MCP server has available and will call them when it needs to.

You can also explicitly ask the agent to use the tool by mentioning the tool name and describing what the function does.

For Claude Desktop

To add this MCP server to Claude Desktop:

1. Find your configuration file:

• macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
• Windows: %APPDATA%\Claude\claude_desktop_config.json
• Linux: ~/.config/Claude/claude_desktop_config.json

2. Add this to your configuration file:

{
    "mcpServers": {
        "BloodHound": {
            "name": "BloodHound",
            "isActive": true,
            "command": "uv",
            "args": [
                "run",
                "--with",
                "mcp[cli],neo4j",
                "mcp",
                "run",
                "<PATH_TO_THE_PROJECT>server.py"
            ],
            "env": {
                "BLOODHOUND_URI": "bolt://localhost:7687",
                "BLOODHOUND_USERNAME": "neo4j",
                "BLOODHOUND_PASSWORD": "bloodhound"
            }
        }
    }
}

3. Restart Claude Desktop for the changes to take effect