https://github.com/mordavid/bloodhound-mcp-ai

BloodHound-MCP-AI is integration that connects BloodHound with AI through Model Context Protocol, allowing security professionals to analyze Active Directory attack paths using natural language instead of complex Cypher queries.
https://github.com/mordavid/bloodhound-mcp-ai

ai bloodhound bloodhoundad cypher-query-language mcp mcp-server

Last synced: 7 months ago
JSON representation

BloodHound-MCP-AI is integration that connects BloodHound with AI through Model Context Protocol, allowing security professionals to analyze Active Directory attack paths using natural language instead of complex Cypher queries.

• Host: GitHub
• URL: https://github.com/mordavid/bloodhound-mcp-ai
• Owner: MorDavid
• Created: 2025-04-04T08:14:28.000Z (8 months ago)
• Default Branch: main
• Last Pushed: 2025-04-05T22:46:32.000Z (8 months ago)
• Last Synced: 2025-04-10T22:48:38.033Z (7 months ago)
• Topics: ai, bloodhound, bloodhoundad, cypher-query-language, mcp, mcp-server
• Language: Python
• Homepage: https://www.MORDAVID.com
• Size: 682 KB
• Stars: 48
• Watchers: 1
• Forks: 5
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • Funding: .github/FUNDING.yml

Awesome Lists containing this project

• awesome-mcp-servers - **BloodHound-MCP-AI** - BloodHound-MCP-AI is integration that connects BloodHound with AI through Model Context Protocol, allowing security professionals to analyze Active Directory attack paths using natural language instead of complex Cypher queries. `python` `ai` `bloodhound` `bloodhoundad` `cypher-query-language` `pip install git+https://github.com/mordavid/bloodhound-mcp-ai` (🤖 AI/ML)

README

          
# BloodHound-MCP

![BloodHound-MCP](/images/BloodHound-MCP-Banner.png)

## Model Context Protocol (MCP) Server for BloodHound

BloodHound-MCP is a powerful integration that brings the capabilities of Model Context Procotol (MCP) Server to BloodHound, the industry-standard tool for Active Directory security analysis. This integration allows you to analyze BloodHound data using natural language, making complex Active Directory attack path analysis accessible to everyone.

> 🥇 **First-Ever BloodHound AI Integration!**  

> This is the first integration that connects BloodHound with AI through MCP, [originally announced here](https://www.linkedin.com/posts/mor-david-cyber_bloodhound-ai-cybersec-activity-7310921541213470721-N390).

## 🔍 What is BloodHound-MCP?

BloodHound-MCP combines the power of:

- **BloodHound**: Industry-standard tool for visualizing and analyzing Active Directory attack paths

- **Model Context Protocol (MCP)**: An open protocol for creating custom AI tools, compatible with various AI models

- **Neo4j**: Graph database used by BloodHound to store AD relationship data

With over 75 specialized tools based on the original BloodHound CE Cypher queries, BloodHound-MCP allows security professionals to:

- Query BloodHound data using natural language

- Discover complex attack paths in Active Directory environments

- Assess Active Directory security posture more efficiently

- Generate detailed security reports for stakeholders

## 📱 Community

Join our Telegram channel for updates, tips, and discussion:

- **Telegram**: [root_sec](https://t.me/root_sec)

## ✨ Features

- **Natural Language Interface**: Query BloodHound data using plain English

- **Comprehensive Analysis Categories**:

  - Domain structure mapping

  - Privilege escalation paths

  - Kerberos security issues (Kerberoasting, AS-REP Roasting)

  - Certificate services vulnerabilities

  - Active Directory hygiene assessment

  - NTLM relay attack vectors

  - Delegation abuse opportunities

  - And much more!

## 📋 Prerequisites

- BloodHound 4.x+ with data collected from an Active Directory environment

- Neo4j database with BloodHound data loaded

- Python 3.8 or higher

- MCP Client

## 🔧 Installation

1. Clone this repository:

   ```bash

   git clone https://github.com/your-username/MCP-BloodHound.git

   cd MCP-BloodHound

   ```

2. Install dependencies:

   ```bash

   pip install -r requirements.txt

   ```

3. Configure the MCP Server

    ```bash

    "mcpServers": {

        "BloodHound-MCP": {

            "command": "python",

            "args": [

                "\\BloodHound-MCP.py"

            ],

            "env": {

                "BLOODHOUND_URI": "bolt://localhost:7687",

                "BLOODHOUND_USERNAME": "neo4j",

                "BLOODHOUND_PASSWORD": "bloodhoundcommunityedition"

            }

        }

    }

   ```

## 🚀 Usage

Example queries you can ask through the MCP:

- "Show me all paths from kerberoastable users to Domain Admins"

- "Find computers where Domain Users have local admin rights"

- "Identify Domain Controllers vulnerable to NTLM relay attacks"

- "Map all Active Directory certificate services vulnerabilities"

- "Generate a comprehensive security report for my domain"

- "Find inactive privileged accounts"

- "Show me attack paths to high-value targets"

## 🔐 Security Considerations

This tool is designed for legitimate security assessment purposes. Always:

- Obtain proper authorization before analyzing any Active Directory environment

- Handle BloodHound data as sensitive information

- Follow responsible disclosure practices for any vulnerabilities discovered

## 📜 License

This project is licensed under the MIT License - see the LICENSE file for details.

## 🙏 Acknowledgments

- The BloodHound team for creating an amazing Active Directory security tool

- The security community for continuously advancing AD security practices

---

*Note: This is not an official Anthropic product. BloodHound-MCP is a community-driven integration between BloodHound and MCP.*