BloodHound MCP

v1.0.0Securitystable

BloodHound-MCP-AI is integration that connects BloodHound with AI through Model Context Protocol, allowing security professionals to analyze Active Directory attack paths using natural language instead of complex Cypher queries.

aibloodhoundbloodhoundadcypher-query-languagemcp
Share:
355
Stars
0
Downloads
0
Weekly
0/5

What is BloodHound MCP?

BloodHound MCP is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to bloodhound-mcp-ai is integration that connects bloodhound with ai through model context protocol, allowing security professionals to analyze active directory attack paths using natural language instea...

BloodHound-MCP-AI is integration that connects BloodHound with AI through Model Context Protocol, allowing security professionals to analyze Active Directory attack paths using natural language instead of complex Cypher queries.

This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.

Features

  • BloodHound-MCP-AI is integration that connects BloodHound wi

Use Cases

Analyze AD attack paths with AI
Natural language AD queries
Security assessment automation
MorDavid

Maintainer

LicenseMIT
Languagepython
Versionv1.0.0
UpdatedMay 20, 2026
Statushealthy
Maintenanceactive

Works with

ClaudeOpenAIwindowsmacoslinux

Installation

Manual Installation

npx bloodhound-mcp

Configuration

Configuration Details

Config File

claude_desktop_config.json

Performance

Response Metrics

Response Time< 200ms
ThroughputMedium

Resource Usage

Memory UsageLow
CPU UsageLow

How to Set Up and Use BloodHound MCP

BloodHound MCP AI bridges the BloodHound Active Directory auditing tool with AI models through the Model Context Protocol, enabling security professionals to analyze AD attack paths using natural language instead of hand-crafted Cypher queries. It wraps over 75 specialized queries derived from the official BloodHound CE Cypher query library — covering domain structure, Kerberoastable accounts, privilege escalation chains, certificate services, delegation abuse, and NTLM relay vectors — and makes them accessible through conversational prompts to any connected AI client.

Prerequisites

  • BloodHound Community Edition running with a populated Neo4j database (data imported from SharpHound or AzureHound collectors)
  • Neo4j accessible at a bolt:// URI (default bolt://localhost:7687)
  • Python 3.9+ with pip for installing dependencies
  • An MCP-compatible AI client such as Claude Desktop
1

Clone the repository

Clone the BloodHound MCP AI repository to your local machine.

git clone https://github.com/MorDavid/BloodHound-MCP-AI.git
cd BloodHound-MCP-AI
2

Install Python dependencies

Install the required Python packages from the requirements file.

pip install -r requirements.txt
3

Set environment variables

Export your BloodHound/Neo4j connection credentials. These are the only three configuration values required.

export BLOODHOUND_URI="bolt://localhost:7687"
export BLOODHOUND_USERNAME="neo4j"
export BLOODHOUND_PASSWORD="your-password-here"
4

Configure your MCP client

Add the BloodHound MCP server to your AI client configuration, passing the connection credentials as environment variables.

{
  "mcpServers": {
    "bloodhound-mcp": {
      "command": "python",
      "args": ["path/to/BloodHound-MCP-AI/server.py"],
      "env": {
        "BLOODHOUND_URI": "bolt://localhost:7687",
        "BLOODHOUND_USERNAME": "neo4j",
        "BLOODHOUND_PASSWORD": "your-password-here"
      }
    }
  }
}
5

Verify data is loaded and query BloodHound

Ensure SharpHound collection data has been imported into BloodHound CE before querying. Once connected, ask the AI to run a domain structure query to confirm the integration is working.

BloodHound MCP Examples

Client configuration (Claude Desktop)

Full Claude Desktop configuration for BloodHound MCP AI with Neo4j credentials.

{
  "mcpServers": {
    "bloodhound-mcp": {
      "command": "python",
      "args": ["/path/to/BloodHound-MCP-AI/server.py"],
      "env": {
        "BLOODHOUND_URI": "bolt://localhost:7687",
        "BLOODHOUND_USERNAME": "neo4j",
        "BLOODHOUND_PASSWORD": "your-neo4j-password"
      }
    }
  }
}

Prompts to try

Natural-language queries that map to BloodHound's built-in Cypher analysis capabilities.

- "Show me all attack paths from Kerberoastable users to Domain Admins"
- "Find computers where Domain Users have local admin rights"
- "Identify Domain Controllers vulnerable to NTLM relay attacks"
- "Map all Active Directory certificate services vulnerabilities in my domain"
- "Which accounts have unconstrained delegation enabled?"
- "Generate a comprehensive security report summarizing the highest-risk attack paths"

Troubleshooting BloodHound MCP

Connection error: 'ServiceUnavailable: Unable to connect to bolt://localhost:7687'

Verify that BloodHound Community Edition and its Neo4j database are running. The default Neo4j bolt port is 7687. If your Neo4j instance uses a different port or is on a remote host, update BLOODHOUND_URI accordingly (e.g., bolt://192.168.1.10:7687).

Queries return empty results even though BloodHound shows data in the UI

Confirm that SharpHound/AzureHound collection data has been fully imported into the running Neo4j instance. Query results depend on the scope of your collection run — if only a partial domain was collected, many path queries will return empty. Try a basic query like 'List all domains in the database' to confirm data is present.

Authentication failure connecting to Neo4j

The default Neo4j credentials for BloodHound CE are neo4j/BloodHound (note the capital B and H). Check the BloodHound CE documentation for your version's default credentials, and update BLOODHOUND_USERNAME and BLOODHOUND_PASSWORD to match.

Frequently Asked Questions about BloodHound MCP

What is BloodHound MCP?

BloodHound MCP is a Model Context Protocol (MCP) server that bloodhound-mcp-ai is integration that connects bloodhound with ai through model context protocol, allowing security professionals to analyze active directory attack paths using natural language instead of complex cypher queries. It connects AI assistants to external tools and data sources through a standardized interface.

How do I install BloodHound MCP?

Follow the installation instructions on the BloodHound MCP GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.

Which AI clients work with BloodHound MCP?

BloodHound MCP works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.

Is BloodHound MCP free to use?

Yes, BloodHound MCP is open source and available under the MIT license. You can use it freely in both personal and commercial projects.

BloodHound MCP Alternatives — Similar Security Servers

Looking for alternatives to BloodHound MCP? Here are other popular security servers you can use with Claude, Cursor, and VS Code.

Casdoor

13.6k

An open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD

ghidraMCP

9.0k

An Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through

HexStrike AI

8.9k

HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b

IDA Pro MCP

8.7k

Enables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.

Anthropic Cybersecurity Skills

6.6k

754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform

Hooker

5.1k

🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u

Browse More Security MCP Servers

Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.

Quick Config Preview

{ "mcpServers": { "bloodhound-mcp": { "command": "npx", "args": ["-y", "bloodhound-mcp"] } } }

Add this to your claude_desktop_config.json or .cursor/mcp.json

Read the full setup guide →

Ready to use BloodHound MCP?

Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.

33,000+ ServersFree & Open SourceStep-by-Step Guides