BloodHound -AI

BloodHound-MCP provides a natural language interface to analyze BloodHound data through MCP. The server exposes a suite of tools based on BloodHound queries and AD security concepts, enabling you to ask questions in plain English and receive structured insights, attack-path mappings, and security assessments drawn from your BloodHound Neo4j data. Use it to explore domain trust relationships, identify privilege escalation paths, Kerberos-related issues, certificate services vulnerabilities, and other AD security concerns. The integration leverages MCP to route user prompts to BloodHound-derived context, returning actionable results that you can use for defender-focused planning or red team simulations.

Prerequisites:

• BloodHound 4.x+ with data loaded into a Neo4j instance
• Neo4j database accessible by the MCP server
• Python 3.8 or higher
• MCP Client installed or the ability to run MCP-compatible clients

Step-by-step:

1. Clone the repository: git clone https://github.com/your-username/MCP-BloodHound.git cd MCP-BloodHound

2. Install Python dependencies: pip install -r requirements.txt

3. Configure the MCP server (edit or generate the mcp_config according to your environment): // Example snippet is provided in the README and used in the mcp_config field below

4. Run the MCP server (as defined in mcp_config): python <Your_Path>\BloodHound-MCP.py

5. Connect an MCP client to the server and start issuing natural language queries about BloodHound data.

Notes:

• Ensure network connectivity between the MCP server and your Neo4j instance used by BloodHound.
• Replace placeholder environment variables with your actual BloodHound/Neo4j credentials.
• If you modify the script path, update mcp_config accordingly to reflect the correct path.

Tips and considerations:

• Environment variables BLOODHOUND_URI, BLOODHOUND_USERNAME, and BLOODHOUND_PASSWORD are used to connect to Neo4j via BloodHound data. Keep credentials secure and rotate them as needed.
• Ensure the Neo4j user has appropriate read permissions for BloodHound data.
• When crafting queries, start with broad queries like 'Show me attack paths to Domain Admins' and progressively filter results.
• If you encounter connectivity issues, verify network ACLs and that Neo4j accepts connections from the MCP server host.
• The tool supports a variety of AD security topics (Kerberoasting, AS-REP Roasting, NTLM relay, certificate services, domain hygiene, privilege escalation paths, etc.).
• Monitor MCP logs for hints on required prompts or data availability in BloodHound.
• For production deployments, consider securing MCP endpoints and rotating credentials regularly.