BloodHound MCP for Claude Desktop enables large language models to interact with BloodHound Community Edition data through a structured API layer. It exposes BloodHound CE REST endpoints and provides capabilities such as domain analysis, user and group insights, computer assessments, OU exploration, GPO analysis, ADCS evaluation, graph search, and shortest-path queries. The MCP tool set includes natural language querying, with built-in documentation and examples to guide LLMs in constructing valid API requests and interpreting paginated responses. To use it, configure Claude Desktop to load the bloodhound_mcp server, authenticate with BloodHound using API tokens, and start a conversation. When you see the MCP tools hammer icon, you can ask questions like “Show me all Domain Admins” or “What computers can I RDP to from this user?” The MCP will translate these requests into structured API calls and return formatted results that the LLM can reason over.

Key capabilities to leverage:

• Domain, user, group, computer, OU, and GPO analysis via BloodHound CE REST API
• Graph search, shortest path analysis, and edge/relationship reasoning
• OpenGraph-style operations for newer BloodHound features (where supported)
• Rich, typed responses with metadata and pagination
• Built-in contextual help and example queries to guide your prompts

Prerequisites:

• Python 3.11+ installed on your system
• uv (Python package manager) installed or available in PATH
• BloodHound Community Edition instance accessible over the network
• BloodHound API tokens (Token ID and Token Key) created in BloodHound CE

Installation steps:

1. Clone the repository and navigate to the project directory git clone <repository-url> cd bloodhound-mcp

2. Install Python dependencies (via uv in this setup) uv sync

3. Prepare environment variables Create a .env file at the project root or export variables in your shell: BLOODHOUNDS_DOMAIN=your-bloodhound-instance.domain.com BLOODHOUND_TOKEN_ID=your-token-id BLOODHOUND_TOKEN_KEY=your-token-key

   Optional

   BLOODHOUND_PORT=8080 BLOODHOUND_SCHEME=http

4. Configure Claude Desktop to load the MCP server

   • In Claude Desktop, go to Settings > Developer Tools
   • Add the server entry as shown in the README configuration example, pointing to your local path where the MCP is installed. Example: { "mcpServers": { "bloodhound_mcp": { "command": "uv", "args": ["--directory", "/path/to/your/bloodhound-mcp", "run", "main.py"] } } }

5. Start Claude Desktop and restart to apply the MCP configuration.

6. Ensure BloodHound CE is reachable and the API token credentials are valid before querying.

Tips and known considerations:

• Ensure your BloodHound CE instance is reachable from the MCP host, and that the API tokens have the necessary read permissions.
• The MCP relies on BloodHound's REST endpoints; if BloodHound updates break endpoints, you may need to adjust the adapter layer accordingly.
• Keep API credentials secure; rotate tokens periodically and avoid embedding secrets in prompts.
• If you enable optional BLOODHOUND_PORT and BLOODHOUND_SCHEME, ensure those match your BloodHound configuration (default is https on port 443).
• OpenGraph capabilities require BloodHound 8.0+; verify version compatibility if you plan to use those features.