Labsco
mwnickerson logo

BloodHound MCP

113

from mwnickerson

Enables Large Language Models to interact with BloodHound Community Edition data.

🔥🔥🔥🔥✓ VerifiedFreeQuick setup

BloodHound MCP

A Model Context Protocol (MCP) server that connects LLMs to BloodHound Community Edition and BloodHound Enterprise. Ask questions in natural language, get attack path analysis, run Cypher queries, and explore Active Directory, Azure/Entra ID, and OpenGraph environments — all from your AI assistant.

Demo

Watch the demonstration video

How It Works

The server exposes BloodHound CE's REST API and Neo4j graph through a set of 13 composite MCP tools, 10 reference resources, and a system prompt tuned for offensive security analysis.

Composite Tools

Each tool uses an info_type parameter to select what data is returned, keeping the tool surface small and token-efficient:

Tool info_type Options domain_info list, info, users, groups, computers, ous, gpos, dc_syncers, foreign_admins, foreign_group_members, linked_gpos, search user_info info, sessions, memberships, admin_rights, rdp_rights, dcom_rights, ps_remote_rights, sql_admin_rights, constrained_delegation, controllables, controllers group_info info, members, memberships, admin_rights, rdp_rights, dcom_rights, ps_remote_rights, controllers, controllables computer_info info, sessions, local_admins, rdp_rights, dcom_rights, ps_remote_rights, sql_admins, constrained_delegation, controllables, controllers ou_info info, users, groups, computers, gpos gpo_info info, controllers graph_analysis shortest_path, edge_composition, search adcs_info templates, esc_paths cypher_query run, saved_list, saved_get data_quality stats, platform_list, platform_info asset_groups list, members, custom_selectors custom_nodes list, get, create, update, delete, validate_icon, extension_list, extension_upsert, extension_delete, extension_edges file_upload upload, start_job, upload_to_job, end_job

Resources

Reference material the LLM loads on demand — no extra API calls:

Resource URI Contents bloodhound://cypher/reference Cypher syntax, schema, property names, patterns bloodhound://cypher/offensive-queries Battle-tested templates: DCSync, Kerberoasting, GPO abuse, delegation, ADCS, shadow credentials, NTLM relay, and more bloodhound://guides/ad AD node types and relationships quick reference bloodhound://guides/ad-methodology Full AD attack methodology and workflow bloodhound://guides/azure Azure/Entra ID analysis quick reference bloodhound://guides/azure-methodology Full Azure attack chains bloodhound://guides/adcs ADCS ESC1–ESC13 quick reference bloodhound://guides/adcs-methodology Detailed ESC analysis and exploitation bloodhound://opengraph/guide Custom node schema design and best practices bloodhound://opengraph/examples SQL Server and Web App OpenGraph examples

System Prompt

The bloodhound_assistant prompt includes behavioral rules that guide the LLM:

  • Load the offensive query library before writing Cypher for any attack scenario

  • Never draw privilege conclusions without checking group memberships and admincount

  • Respect BloodHound's property naming conventions (hasspn, enabled, admincount — all lowercase)

  • Handle uppercase name storage (DOMAIN [email protected] ) correctly in filters

  • Follow proper DCSync and GPO edge traversal patterns

OpenGraph Support

BloodHound 8.0+ supports custom node types via OpenGraph, letting you model non-AD infrastructure (cloud resources, databases, custom assets) in the same graph as Active Directory.

The custom_nodes tool handles legacy CRUD operations on node type display configurations through /api/v2/custom-nodes. For BloodHound v9.0.0+ instances with OpenGraph extension management enabled, the same composite tool also supports /api/v2/extensions and /api/v2/extensions-edges via extension_list, extension_upsert, extension_delete, and extension_edges.

Use the bloodhound://opengraph/guide and bloodhound://opengraph/examples resources for schema design and Cypher patterns. For structured OpenGraph schemas, upsert the extension schema first, then ingest collection data with file_upload.

Requires BloodHound Enterprise or BloodHound CE 8.0 or later. OpenGraph extension management requires BloodHound 9.0.0+ and the corresponding feature flag to be enabled.

Security Considerations

BloodHound data processed through this tool is transmitted to your LLM provider's servers. Do not use this with production AD data unless you have assessed that risk.

Recommended use cases:

  • Lab environments (GOAD, DetectionLab, custom ranges)

  • Training and certification prep

  • Research and tool development

  • Non-production domain analysis

Best practices:

  • Rotate BloodHound API tokens regularly

  • Use a read-only API token where possible

  • Consider a local LLM bridge for sensitive environments

Testing

Copy & paste — that's it
# Full test suite (307 tests)
uv run pytest

# Specific modules
uv run pytest tests/test_main_mcp_tools.py -v
uv run pytest tests/test_bloodhound_api.py -v

# Integration tests (requires a live BloodHound instance)
BLOODHOUND_INTEGRATION_TESTS=1 uv run pytest tests/test_integration.py -v

Roadmap

  • Direct Neo4j access mode (bypass REST API for complex graph traversal)

  • Enhanced Azure/Entra ID tooling

  • Improved ADCS attack path coverage

  • Additional OpenGraph examples and templates

Contributing

Contributions are welcome. Open an issue to discuss significant changes before submitting a PR.

  • Fork the repo

  • Create a feature branch

  • Add tests for new functionality

  • Run uv run pytest and confirm everything passes

  • Submit a pull request

Acknowledgments

License

GNU General Public License v3.0 — see LICENSE for details.