BloodHound

v1.0.0Securitystable

Enables security professionals to query and analyze Active Directory attack paths from BloodHound Community Edition data using natural language through Claude Desktop's Model Context Protocol interface.

bloodhound-mcp-servermcpai-integration
Share:
90
Stars
0
Downloads
0
Weekly
0/5

What is BloodHound?

BloodHound is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to enables security professionals to query and analyze active directory attack paths from bloodhound community edition data using natural language through claude desktop's model context protocol interfac...

Enables security professionals to query and analyze Active Directory attack paths from BloodHound Community Edition data using natural language through Claude Desktop's Model Context Protocol interface.

This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.

Features

  • Enables security professionals to query and analyze Active D

Use Cases

Query Active Directory attack paths from BloodHound data.
Analyze security vulnerabilities in AD infrastructure.
Identify privilege escalation and lateral movement risks.
mwnickerson

Maintainer

LicenseGPL 3.0
Languagepython
Versionv1.0.0
UpdatedMay 21, 2026
Statushealthy
Maintenanceactive

Works with

ClaudeOpenAIwindowsmacoslinux

Installation

Manual Installation

npx bloodhound-mcp-server

Configuration

Configuration Details

Config File

claude_desktop_config.json

Performance

Response Metrics

Response Time< 200ms
ThroughputMedium

Resource Usage

Memory UsageLow
CPU UsageLow

How to Set Up and Use BloodHound

BloodHound MCP Server is a Python-based MCP integration that lets security professionals query and analyze Active Directory attack paths from a BloodHound Community Edition or Enterprise instance using natural language through Claude Desktop. It exposes 13 composite tools covering domain and user enumeration, group and computer analysis, shortest attack path graphs, Kerberoasting targets, ADCS certificate service abuse paths, and direct Cypher query execution against the BloodHound Neo4j database. Red teamers and blue teamers can use conversational queries to rapidly identify privilege escalation risks, lateral movement opportunities, and DCSync rights without manually writing Cypher.

Prerequisites

  • Python 3.11 or higher installed
  • uv package manager installed (https://docs.astral.sh/uv/)
  • A running BloodHound Community Edition or BloodHound Enterprise instance
  • BloodHound API token (Token ID and Token Key) from Administration → API Tokens
  • An MCP client such as Claude Desktop or Claude Code
1

Clone the repository

Download the BloodHound MCP server source code from GitHub.

git clone https://github.com/mwnickerson/bloodhound_mcp.git
cd bloodhound_mcp
2

Install dependencies with uv

Use the uv package manager to install all Python dependencies into an isolated environment.

uv sync
3

Create the .env configuration file

Create a .env file in the project root with your BloodHound instance connection details and API credentials. Obtain the Token ID and Token Key from BloodHound's Administration → API Tokens menu.

BLOODHOUND_DOMAIN=your-bloodhound-instance.domain.com
BLOODHOUND_TOKEN_ID=your-token-id
BLOODHOUND_TOKEN_KEY=your-token-key
BLOODHOUND_PORT=443
BLOODHOUND_SCHEME=https
4

Configure your MCP client

Add the BloodHound MCP server to your claude_desktop_config.json, pointing to the bloodhound_mcp directory. Use the absolute path to your cloned repository.

{
  "mcpServers": {
    "bloodhound_mcp": {
      "command": "uv",
      "args": ["--directory", "/absolute/path/to/bloodhound_mcp", "run", "main.py"]
    }
  }
}
5

Restart your MCP client

Restart Claude Desktop or your chosen MCP client so it picks up the BloodHound server configuration and registers the 13 security analysis tools.

6

Run integration tests (optional)

Verify end-to-end connectivity to your BloodHound instance by running the included integration test suite.

BLOODHOUND_INTEGRATION_TESTS=1 uv run pytest tests/test_integration.py -v

BloodHound Examples

Client configuration

claude_desktop_config.json entry for the BloodHound MCP server. Replace the directory path with the absolute path to your cloned bloodhound_mcp folder.

{
  "mcpServers": {
    "bloodhound_mcp": {
      "command": "uv",
      "args": ["--directory", "/Users/yourname/bloodhound_mcp", "run", "main.py"]
    }
  }
}

Prompts to try

Example natural language security queries that map to BloodHound MCP's 13 analysis tools.

- "Find the shortest path from [email protected] to Domain Admins"
- "Show me all kerberoastable users in the domain"
- "Who has DCSync rights in the corp.local domain?"
- "List all computers where Domain Admins are logged in"
- "Find ADCS ESC1 certificate abuse paths in the domain"
- "Run a Cypher query to find users with unconstrained delegation"

Troubleshooting BloodHound

Connection refused or authentication errors when connecting to BloodHound

Verify that BLOODHOUND_DOMAIN, BLOODHOUND_TOKEN_ID, and BLOODHOUND_TOKEN_KEY are correct in your .env file. Confirm the BloodHound instance is reachable at the specified domain and port. Test connectivity with 'curl https://your-domain/api/version' to rule out network issues.

'uv' command not found when Claude Desktop tries to start the server

Install uv by following the instructions at https://docs.astral.sh/uv/. On macOS/Linux: 'curl -LsSf https://astral.sh/uv/install.sh | sh'. Ensure uv is on your system PATH, not just your shell PATH, since Claude Desktop may start with a limited environment.

Tools return empty results even though BloodHound has data

Ensure BloodHound has ingested Active Directory data from SharpHound or a compatible collector before querying. Empty results typically mean no data has been imported yet, or the BloodHound database has not been fully processed. Check the BloodHound UI to confirm data is visible there first.

Frequently Asked Questions about BloodHound

What is BloodHound?

BloodHound is a Model Context Protocol (MCP) server that enables security professionals to query and analyze active directory attack paths from bloodhound community edition data using natural language through claude desktop's model context protocol interface. It connects AI assistants to external tools and data sources through a standardized interface.

How do I install BloodHound?

Follow the installation instructions on the BloodHound GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.

Which AI clients work with BloodHound?

BloodHound works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.

Is BloodHound free to use?

Yes, BloodHound is open source and available under the GPL 3.0 license. You can use it freely in both personal and commercial projects.

BloodHound Alternatives — Similar Security Servers

Looking for alternatives to BloodHound? Here are other popular security servers you can use with Claude, Cursor, and VS Code.

Casdoor

13.6k

An open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD

ghidraMCP

9.0k

An Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through

HexStrike AI

8.9k

HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b

IDA Pro MCP

8.7k

Enables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.

Anthropic Cybersecurity Skills

6.6k

754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform

Hooker

5.1k

🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u

Browse More Security MCP Servers

Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.

Quick Config Preview

{ "mcpServers": { "bloodhound-mcp-server": { "command": "npx", "args": ["-y", "bloodhound-mcp-server"] } } }

Add this to your claude_desktop_config.json or .cursor/mcp.json

Read the full setup guide →

Ready to use BloodHound?

Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.

33,000+ ServersFree & Open SourceStep-by-Step Guides