BloodHound MCP Server

MCPOpen Source64.5

by MorDavid • Analytics & Monitoring

An MCP server that enables natural-language queries against BloodHound/Neo4j Active Directory data to discover attack paths and generate security reports.

Example Use Cases

1
Query BloodHound/Neo4j Active Directory data using natural language to find attack paths and privilege escalation vectors.
2
Generate comprehensive AD security reports and identify specific vulnerabilities such as Kerberoasting, AS-REP Roasting, NTLM relay opportunities, and certificate service weaknesses.
3
Integrate BloodHound analysis into automated security workflows via MCP for programmatic queries, triage, and remediation guidance.

Description

BloodHound-MCP is a community-built integration that exposes BloodHound data via the Model Context Protocol (MCP), allowing users to query Neo4j-stored Active Directory relationships with plain English. It bundles over 75 specialized tools (based on BloodHound Cypher queries) to detect privilege escalation paths, Kerberos and certificate-service issues, NTLM relay vectors, delegation abuse, and more. The integration helps security professionals automate analysis, produce readable reports, and assess AD hygiene more efficiently. Prerequisites include BloodHound 4.x+, a Neo4j database with BloodHound data, Python 3.8+, and an MCP client.

Quick Actions

View on GitHub

Security

Scanned 3 month(s) ago

Risk Level

MINIMAL

Read-only data retrieval, no side effects

Trust Score

D36/100

4/17 checks passed

Scores are informational only and provided “as is” without warranty. AgentHotspot assumes no liability for actions taken based on these ratings.

Quick Stats

Service TypeMCP

Pricing ModelFree

Capabilities0 Tools / 0 Prompts / 0 Resources

OwnerMorDavid

CategoryAnalytics & Monitoring

DependenciesStandalone