BloodHound MCP
Visit Project
Analyze AD attack paths with natural-language queries instead of Cypher.
Visit Project
Category
Tags
What is BloodHound-MCP?
BloodHound-MCP is a Model Context Protocol (MCP) Server integration for BloodHound, the industry-standard tool for Active Directory security analysis. It allows security professionals to analyze Active Directory attack paths using natural-language queries instead of Cypher, making complex security analysis more accessible.
How to use BloodHound-MCP?
To use BloodHound-MCP, follow these steps:
- Install BloodHound 4.x+ and collect data from an Active Directory environment
- Set up Neo4j with BloodHound data
- Clone the repository from GitHub
- Install dependencies and configure the MCP Server
- Query BloodHound data using natural-language questions Example queries:
- "Show me all paths from kerberoastable users to Domain Admins"
- "Find computers where Domain Users have local admin rights"
Key Features of BloodHound-MCP?
- Natural-language interface for querying BloodHound data
- Comprehensive AD attack path analysis:
- Privilege escalation identification
- Kerberos security issues detection
- Certificate services vulnerabilities assessment
- NTLM relay attack vectors
- Delegation abuse opportunities
- Generation of detailed security reports for stakeholders
- Community-supported with updates and tips via Telegram
Use Cases of BloodHound-MCP?
- Active Directory security posture assessment
- Discovering complex attack paths in AD environments
- Identifying privileged accounts and their relationships
- Mapping AD structures and vulnerabilities
- Generating comprehensive security reports
FAQ from BloodHound-MCP?
-
What are the prerequisites for using BloodHound-MCP?
BloodHound 4.x+, Neo4j database, Python 3.8+, and MCP Client.
-
Is BloodHound-MCP only available for cybersecurity professionals?
While designed for security professionals, anyone with access to AD data can use it.
-
What makes BloodHound-MCP different from standard BloodHound?
It replaces the need for complex Cypher queries with natural-language questions, making it more accessible.
-
Is this an official product of the BloodHound team?
No, it's a community-driven integration between BloodHound and MCP.
BloodHound-MCP
Model Context Protocol (MCP) Server for BloodHound
BloodHound-MCP is a powerful integration that brings the capabilities of Model Context Procotol (MCP) Server to BloodHound, the industry-standard tool for Active Directory security analysis. This integration allows you to analyze BloodHound data using natural language, making complex Active Directory attack path analysis accessible to everyone.
🥇 First-Ever BloodHound AI Integration!
This is the first integration that connects BloodHound with AI through MCP, originally announced here.
🔍 What is BloodHound-MCP?
BloodHound-MCP combines the power of:
- BloodHound: Industry-standard tool for visualizing and analyzing Active Directory attack paths
- Model Context Protocol (MCP): An open protocol for creating custom AI tools, compatible with various AI models
- Neo4j: Graph database used by BloodHound to store AD relationship data
With over 75 specialized tools based on the original BloodHound CE Cypher queries, BloodHound-MCP allows security professionals to:
- Query BloodHound data using natural language
- Discover complex attack paths in Active Directory environments
- Assess Active Directory security posture more efficiently
- Generate detailed security reports for stakeholders
📱 Community
Join our Telegram channel for updates, tips, and discussion:
- Telegram: root_sec
🌟 Star History
✨ Features
- Natural Language Interface: Query BloodHound data using plain English
- Comprehensive Analysis Categories:
- Domain structure mapping
- Privilege escalation paths
- Kerberos security issues (Kerberoasting, AS-REP Roasting)
- Certificate services vulnerabilities
- Active Directory hygiene assessment
- NTLM relay attack vectors
- Delegation abuse opportunities
- And much more!
📋 Prerequisites
- BloodHound 4.x+ with data collected from an Active Directory environment
- Neo4j database with BloodHound data loaded
- Python 3.8 or higher
- MCP Client
🔧 Installation
-
Clone this repository:
git clone https://github.com/your-username/MCP-BloodHound.git cd MCP-BloodHound -
Install dependencies:
pip install -r requirements.txt -
Configure the MCP Server
"mcpServers": { "BloodHound-MCP": { "command": "python", "args": [ "\\BloodHound-MCP.py" ], "env": { "BLOODHOUND_URI": "bolt://localhost:7687", "BLOODHOUND_USERNAME": "neo4j", "BLOODHOUND_PASSWORD": "bloodhoundcommunityedition" } } } ``` ## 🚀 Usage Example queries you can ask through the MCP: - "Show me all paths from kerberoastable users to Domain Admins" - "Find computers where Domain Users have local admin rights" - "Identify Domain Controllers vulnerable to NTLM relay attacks" - "Map all Active Directory certificate services vulnerabilities" - "Generate a comprehensive security report for my domain" - "Find inactive privileged accounts" - "Show me attack paths to high-value targets" ## 🔐 Security Considerations This tool is designed for legitimate security assessment purposes. Always: - Obtain proper authorization before analyzing any Active Directory environment - Handle BloodHound data as sensitive information - Follow responsible disclosure practices for any vulnerabilities discovered ## 📜 License This project is licensed under the MIT License - see the LICENSE file for details. ## 🙏 Acknowledgments - The BloodHound team for creating an amazing Active Directory security tool - The security community for continuously advancing AD security practices [](https://mseep.ai/app/09d13f50-8965-4ebf-b4bf-d6bb98e8f092) --- *Note: This is not an official Anthropic product. BloodHound-MCP is a community-driven integration between BloodHound and MCP.*