BloodHound
Enables security professionals to query and analyze Active Directory attack paths from BloodHound Community Edition data using natural language through Claude Desktop's Model Context Protocol interface.
What is BloodHound?
BloodHound is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to enables security professionals to query and analyze active directory attack paths from bloodhound community edition data using natural language through claude desktop's model context protocol interfac...
Enables security professionals to query and analyze Active Directory attack paths from BloodHound Community Edition data using natural language through Claude Desktop's Model Context Protocol interface.
This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.
Features
- Enables security professionals to query and analyze Active D
Use Cases
Maintainer
Works with
Installation
Manual Installation
npx bloodhound-mcp-serverConfiguration
Configuration Details
claude_desktop_config.json
Performance
Response Metrics
Resource Usage
How to Set Up and Use BloodHound
BloodHound MCP Server is a Python-based MCP integration that lets security professionals query and analyze Active Directory attack paths from a BloodHound Community Edition or Enterprise instance using natural language through Claude Desktop. It exposes 13 composite tools covering domain and user enumeration, group and computer analysis, shortest attack path graphs, Kerberoasting targets, ADCS certificate service abuse paths, and direct Cypher query execution against the BloodHound Neo4j database. Red teamers and blue teamers can use conversational queries to rapidly identify privilege escalation risks, lateral movement opportunities, and DCSync rights without manually writing Cypher.
Prerequisites
- Python 3.11 or higher installed
- uv package manager installed (https://docs.astral.sh/uv/)
- A running BloodHound Community Edition or BloodHound Enterprise instance
- BloodHound API token (Token ID and Token Key) from Administration → API Tokens
- An MCP client such as Claude Desktop or Claude Code
Clone the repository
Download the BloodHound MCP server source code from GitHub.
git clone https://github.com/mwnickerson/bloodhound_mcp.git
cd bloodhound_mcpInstall dependencies with uv
Use the uv package manager to install all Python dependencies into an isolated environment.
uv syncCreate the .env configuration file
Create a .env file in the project root with your BloodHound instance connection details and API credentials. Obtain the Token ID and Token Key from BloodHound's Administration → API Tokens menu.
BLOODHOUND_DOMAIN=your-bloodhound-instance.domain.com
BLOODHOUND_TOKEN_ID=your-token-id
BLOODHOUND_TOKEN_KEY=your-token-key
BLOODHOUND_PORT=443
BLOODHOUND_SCHEME=httpsConfigure your MCP client
Add the BloodHound MCP server to your claude_desktop_config.json, pointing to the bloodhound_mcp directory. Use the absolute path to your cloned repository.
{
"mcpServers": {
"bloodhound_mcp": {
"command": "uv",
"args": ["--directory", "/absolute/path/to/bloodhound_mcp", "run", "main.py"]
}
}
}Restart your MCP client
Restart Claude Desktop or your chosen MCP client so it picks up the BloodHound server configuration and registers the 13 security analysis tools.
Run integration tests (optional)
Verify end-to-end connectivity to your BloodHound instance by running the included integration test suite.
BLOODHOUND_INTEGRATION_TESTS=1 uv run pytest tests/test_integration.py -vBloodHound Examples
Client configuration
claude_desktop_config.json entry for the BloodHound MCP server. Replace the directory path with the absolute path to your cloned bloodhound_mcp folder.
{
"mcpServers": {
"bloodhound_mcp": {
"command": "uv",
"args": ["--directory", "/Users/yourname/bloodhound_mcp", "run", "main.py"]
}
}
}Prompts to try
Example natural language security queries that map to BloodHound MCP's 13 analysis tools.
- "Find the shortest path from [email protected] to Domain Admins"
- "Show me all kerberoastable users in the domain"
- "Who has DCSync rights in the corp.local domain?"
- "List all computers where Domain Admins are logged in"
- "Find ADCS ESC1 certificate abuse paths in the domain"
- "Run a Cypher query to find users with unconstrained delegation"Troubleshooting BloodHound
Connection refused or authentication errors when connecting to BloodHound
Verify that BLOODHOUND_DOMAIN, BLOODHOUND_TOKEN_ID, and BLOODHOUND_TOKEN_KEY are correct in your .env file. Confirm the BloodHound instance is reachable at the specified domain and port. Test connectivity with 'curl https://your-domain/api/version' to rule out network issues.
'uv' command not found when Claude Desktop tries to start the server
Install uv by following the instructions at https://docs.astral.sh/uv/. On macOS/Linux: 'curl -LsSf https://astral.sh/uv/install.sh | sh'. Ensure uv is on your system PATH, not just your shell PATH, since Claude Desktop may start with a limited environment.
Tools return empty results even though BloodHound has data
Ensure BloodHound has ingested Active Directory data from SharpHound or a compatible collector before querying. Empty results typically mean no data has been imported yet, or the BloodHound database has not been fully processed. Check the BloodHound UI to confirm data is visible there first.
Frequently Asked Questions about BloodHound
What is BloodHound?
BloodHound is a Model Context Protocol (MCP) server that enables security professionals to query and analyze active directory attack paths from bloodhound community edition data using natural language through claude desktop's model context protocol interface. It connects AI assistants to external tools and data sources through a standardized interface.
How do I install BloodHound?
Follow the installation instructions on the BloodHound GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.
Which AI clients work with BloodHound?
BloodHound works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.
Is BloodHound free to use?
Yes, BloodHound is open source and available under the GPL 3.0 license. You can use it freely in both personal and commercial projects.
BloodHound Alternatives — Similar Security Servers
Looking for alternatives to BloodHound? Here are other popular security servers you can use with Claude, Cursor, and VS Code.
Casdoor
★ 13.6kAn open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD
ghidraMCP
★ 9.0kAn Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through
HexStrike AI
★ 8.9kHexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b
IDA Pro MCP
★ 8.7kEnables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.
Anthropic Cybersecurity Skills
★ 6.6k754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform
Hooker
★ 5.1k🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u
Browse More Security MCP Servers
Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.
Set Up BloodHound in Your Editor
Choose your AI client for step-by-step setup instructions.
Quick Config Preview
Add this to your claude_desktop_config.json or .cursor/mcp.json
Ready to use BloodHound?
Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.