BloodHound MCP AI
BloodHound-MCP-AI is integration that connects BloodHound with AI through Model Context Protocol, allowing security professionals to analyze Active Directory attack paths using natural language instead of complex Cypher queries.
What is BloodHound MCP AI?
BloodHound MCP AI is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to bloodhound-mcp-ai is integration that connects bloodhound with ai through model context protocol, allowing security professionals to analyze active directory attack paths using natural language instea...
BloodHound-MCP-AI is integration that connects BloodHound with AI through Model Context Protocol, allowing security professionals to analyze Active Directory attack paths using natural language instead of complex Cypher queries.
This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.
Features
- BloodHound-MCP-AI is integration that connects BloodHound wi
Use Cases
Maintainer
Works with
Installation
Manual Installation
npx bloodhound-mcp-aiConfiguration
Configuration Details
claude_desktop_config.json
Performance
Response Metrics
Resource Usage
How to Set Up and Use BloodHound MCP AI
BloodHound MCP AI connects BloodHound Community Edition's Active Directory analysis engine to AI models via the Model Context Protocol, letting security professionals interrogate complex AD attack paths through natural language rather than writing Cypher queries by hand. It bundles over 75 pre-built query templates covering Kerberoasting targets, privilege escalation chains, certificate services misconfigurations, NTLM relay risks, delegation abuse, and domain hygiene — transforming what would be hours of manual graph analysis into a conversational workflow with any MCP-capable AI client.
Prerequisites
- BloodHound Community Edition running with Neo4j populated from a SharpHound or AzureHound collection run
- Neo4j reachable at a bolt:// URI (default bolt://localhost:7687)
- Python 3.9+ with pip
- An MCP-compatible AI client such as Claude Desktop or Claude Code
Clone the BloodHound MCP AI repository
Download the server code from GitHub.
git clone https://github.com/MorDavid/BloodHound-MCP-AI.git
cd BloodHound-MCP-AIInstall Python dependencies
Install the required packages listed in requirements.txt.
pip install -r requirements.txtConfigure connection credentials
Set environment variables for the Neo4j bolt connection. These three variables are the only required configuration.
export BLOODHOUND_URI="bolt://localhost:7687"
export BLOODHOUND_USERNAME="neo4j"
export BLOODHOUND_PASSWORD="your-neo4j-password"Add the server to your MCP client configuration
Register the BloodHound MCP AI server in your client's config file, supplying the credentials as environment variables so the server can connect to Neo4j at startup.
{
"mcpServers": {
"bloodhound-mcp-ai": {
"command": "python",
"args": ["/path/to/BloodHound-MCP-AI/server.py"],
"env": {
"BLOODHOUND_URI": "bolt://localhost:7687",
"BLOODHOUND_USERNAME": "neo4j",
"BLOODHOUND_PASSWORD": "your-neo4j-password"
}
}
}
}Start querying Active Directory data with natural language
Open your AI client and begin asking questions about your Active Directory environment. The server translates your queries into Cypher, runs them against Neo4j, and returns structured results.
BloodHound MCP AI Examples
Client configuration (Claude Desktop)
Complete claude_desktop_config.json entry for the BloodHound MCP AI server.
{
"mcpServers": {
"bloodhound-mcp-ai": {
"command": "python",
"args": ["/path/to/BloodHound-MCP-AI/server.py"],
"env": {
"BLOODHOUND_URI": "bolt://localhost:7687",
"BLOODHOUND_USERNAME": "neo4j",
"BLOODHOUND_PASSWORD": "BloodHound"
}
}
}
}Prompts to try
Natural-language security analysis queries powered by the 75+ built-in Cypher templates.
- "Find all Kerberoastable accounts and their paths to Domain Admin"
- "Which computers have unconstrained delegation enabled?"
- "Show me all NTLM relay attack vectors in the domain"
- "Identify any Active Directory Certificate Services misconfigurations"
- "List all users with DCSync privileges"
- "Give me a prioritized attack path report for this domain"Troubleshooting BloodHound MCP AI
Server fails to start with 'Unable to connect to bolt://localhost:7687'
Ensure BloodHound CE and Neo4j are both running. Check with 'docker ps' if you are using the Docker deployment. The default BloodHound CE Docker setup exposes Neo4j on bolt://localhost:7687 with credentials neo4j/BloodHound.
Cypher query errors or unexpected empty results
The built-in query templates were written against BloodHound CE schema. If you are using an older BloodHound version or a custom deployment, some property names may differ. Try a simple query like 'List all domain nodes' first to confirm the schema is accessible.
Analysis is very slow on large Active Directory environments
Large domains with thousands of nodes can result in expensive Cypher path queries. Ensure Neo4j has sufficient memory (at least 4 GB heap recommended for environments with 50,000+ objects). Add indexes on commonly queried properties via the Neo4j browser if not already present.
Frequently Asked Questions about BloodHound MCP AI
What is BloodHound MCP AI?
BloodHound MCP AI is a Model Context Protocol (MCP) server that bloodhound-mcp-ai is integration that connects bloodhound with ai through model context protocol, allowing security professionals to analyze active directory attack paths using natural language instead of complex cypher queries. It connects AI assistants to external tools and data sources through a standardized interface.
How do I install BloodHound MCP AI?
Follow the installation instructions on the BloodHound MCP AI GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.
Which AI clients work with BloodHound MCP AI?
BloodHound MCP AI works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.
Is BloodHound MCP AI free to use?
Yes, BloodHound MCP AI is open source and available under the MIT license. You can use it freely in both personal and commercial projects.
BloodHound MCP AI Alternatives — Similar Security Servers
Looking for alternatives to BloodHound MCP AI? Here are other popular security servers you can use with Claude, Cursor, and VS Code.
Casdoor
★ 13.6kAn open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD
ghidraMCP
★ 9.0kAn Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through
HexStrike AI
★ 8.9kHexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b
IDA Pro MCP
★ 8.7kEnables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.
Anthropic Cybersecurity Skills
★ 6.6k754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform
Hooker
★ 5.1k🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u
Browse More Security MCP Servers
Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.
Set Up BloodHound MCP AI in Your Editor
Choose your AI client for step-by-step setup instructions.
Quick Config Preview
Add this to your claude_desktop_config.json or .cursor/mcp.json
Ready to use BloodHound MCP AI?
Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.