BloodHound MCP AI

v1.0.0Securitystable

BloodHound-MCP-AI is integration that connects BloodHound with AI through Model Context Protocol, allowing security professionals to analyze Active Directory attack paths using natural language instead of complex Cypher queries.

aibloodhoundbloodhoundadcypher-query-languagemcp
Share:
355
Stars
0
Downloads
0
Weekly
0/5

What is BloodHound MCP AI?

BloodHound MCP AI is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to bloodhound-mcp-ai is integration that connects bloodhound with ai through model context protocol, allowing security professionals to analyze active directory attack paths using natural language instea...

BloodHound-MCP-AI is integration that connects BloodHound with AI through Model Context Protocol, allowing security professionals to analyze Active Directory attack paths using natural language instead of complex Cypher queries.

This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.

Features

  • BloodHound-MCP-AI is integration that connects BloodHound wi

Use Cases

Active Directory attack path analysis
Natural language security queries
Cypher query automation
MorDavid

Maintainer

LicenseMIT
Languagepython
Versionv1.0.0
UpdatedMay 20, 2026
Statushealthy
Maintenanceactive

Works with

ClaudeOpenAIwindowsmacoslinux

Installation

Manual Installation

npx bloodhound-mcp-ai

Configuration

Configuration Details

Config File

claude_desktop_config.json

Performance

Response Metrics

Response Time< 200ms
ThroughputMedium

Resource Usage

Memory UsageLow
CPU UsageLow

How to Set Up and Use BloodHound MCP AI

BloodHound MCP AI connects BloodHound Community Edition's Active Directory analysis engine to AI models via the Model Context Protocol, letting security professionals interrogate complex AD attack paths through natural language rather than writing Cypher queries by hand. It bundles over 75 pre-built query templates covering Kerberoasting targets, privilege escalation chains, certificate services misconfigurations, NTLM relay risks, delegation abuse, and domain hygiene — transforming what would be hours of manual graph analysis into a conversational workflow with any MCP-capable AI client.

Prerequisites

  • BloodHound Community Edition running with Neo4j populated from a SharpHound or AzureHound collection run
  • Neo4j reachable at a bolt:// URI (default bolt://localhost:7687)
  • Python 3.9+ with pip
  • An MCP-compatible AI client such as Claude Desktop or Claude Code
1

Clone the BloodHound MCP AI repository

Download the server code from GitHub.

git clone https://github.com/MorDavid/BloodHound-MCP-AI.git
cd BloodHound-MCP-AI
2

Install Python dependencies

Install the required packages listed in requirements.txt.

pip install -r requirements.txt
3

Configure connection credentials

Set environment variables for the Neo4j bolt connection. These three variables are the only required configuration.

export BLOODHOUND_URI="bolt://localhost:7687"
export BLOODHOUND_USERNAME="neo4j"
export BLOODHOUND_PASSWORD="your-neo4j-password"
4

Add the server to your MCP client configuration

Register the BloodHound MCP AI server in your client's config file, supplying the credentials as environment variables so the server can connect to Neo4j at startup.

{
  "mcpServers": {
    "bloodhound-mcp-ai": {
      "command": "python",
      "args": ["/path/to/BloodHound-MCP-AI/server.py"],
      "env": {
        "BLOODHOUND_URI": "bolt://localhost:7687",
        "BLOODHOUND_USERNAME": "neo4j",
        "BLOODHOUND_PASSWORD": "your-neo4j-password"
      }
    }
  }
}
5

Start querying Active Directory data with natural language

Open your AI client and begin asking questions about your Active Directory environment. The server translates your queries into Cypher, runs them against Neo4j, and returns structured results.

BloodHound MCP AI Examples

Client configuration (Claude Desktop)

Complete claude_desktop_config.json entry for the BloodHound MCP AI server.

{
  "mcpServers": {
    "bloodhound-mcp-ai": {
      "command": "python",
      "args": ["/path/to/BloodHound-MCP-AI/server.py"],
      "env": {
        "BLOODHOUND_URI": "bolt://localhost:7687",
        "BLOODHOUND_USERNAME": "neo4j",
        "BLOODHOUND_PASSWORD": "BloodHound"
      }
    }
  }
}

Prompts to try

Natural-language security analysis queries powered by the 75+ built-in Cypher templates.

- "Find all Kerberoastable accounts and their paths to Domain Admin"
- "Which computers have unconstrained delegation enabled?"
- "Show me all NTLM relay attack vectors in the domain"
- "Identify any Active Directory Certificate Services misconfigurations"
- "List all users with DCSync privileges"
- "Give me a prioritized attack path report for this domain"

Troubleshooting BloodHound MCP AI

Server fails to start with 'Unable to connect to bolt://localhost:7687'

Ensure BloodHound CE and Neo4j are both running. Check with 'docker ps' if you are using the Docker deployment. The default BloodHound CE Docker setup exposes Neo4j on bolt://localhost:7687 with credentials neo4j/BloodHound.

Cypher query errors or unexpected empty results

The built-in query templates were written against BloodHound CE schema. If you are using an older BloodHound version or a custom deployment, some property names may differ. Try a simple query like 'List all domain nodes' first to confirm the schema is accessible.

Analysis is very slow on large Active Directory environments

Large domains with thousands of nodes can result in expensive Cypher path queries. Ensure Neo4j has sufficient memory (at least 4 GB heap recommended for environments with 50,000+ objects). Add indexes on commonly queried properties via the Neo4j browser if not already present.

Frequently Asked Questions about BloodHound MCP AI

What is BloodHound MCP AI?

BloodHound MCP AI is a Model Context Protocol (MCP) server that bloodhound-mcp-ai is integration that connects bloodhound with ai through model context protocol, allowing security professionals to analyze active directory attack paths using natural language instead of complex cypher queries. It connects AI assistants to external tools and data sources through a standardized interface.

How do I install BloodHound MCP AI?

Follow the installation instructions on the BloodHound MCP AI GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.

Which AI clients work with BloodHound MCP AI?

BloodHound MCP AI works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.

Is BloodHound MCP AI free to use?

Yes, BloodHound MCP AI is open source and available under the MIT license. You can use it freely in both personal and commercial projects.

BloodHound MCP AI Alternatives — Similar Security Servers

Looking for alternatives to BloodHound MCP AI? Here are other popular security servers you can use with Claude, Cursor, and VS Code.

Casdoor

13.6k

An open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD

ghidraMCP

9.0k

An Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through

HexStrike AI

8.9k

HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b

IDA Pro MCP

8.7k

Enables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.

Anthropic Cybersecurity Skills

6.6k

754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform

Hooker

5.1k

🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u

Browse More Security MCP Servers

Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.

Quick Config Preview

{ "mcpServers": { "bloodhound-mcp-ai": { "command": "npx", "args": ["-y", "bloodhound-mcp-ai"] } } }

Add this to your claude_desktop_config.json or .cursor/mcp.json

Read the full setup guide →

Ready to use BloodHound MCP AI?

Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.

33,000+ ServersFree & Open SourceStep-by-Step Guides