-
securityF
license-
qualityThis server provides an API to query Large Language Models using context from local files, supporting various models and file types for context-aware responses.
Last updated -
1
TypeScript
The BloodHound MCP server enables natural language interaction with Active Directory and Azure Active Directory environments using Large Language Models, allowing for complex queries and analysis without manual Cypher scripting.
Capabilities include:
- Natural Language Queries: Perform AD/AAD queries using conversational commands
- Execute Raw Cypher database queries
- List AD Objects: Query users, computers, groups, domains, trusts, GPOs, network shares, and certificate templates based on various attributes
- Identify Vulnerabilities: Find users vulnerable to AS-REP roasting, Kerberoasting, or with dangerous rights
- Security Analysis: Identify privileged users, dangerous permissions, high-value targets, and vulnerable certificate templates (ESC1-ESC8)
- Attack Path Routing: Map paths between objects based on permissions, sessions, or relationships
- Azure Integration: Analyze Azure environments, list AAD groups synchronized with AD, and find paths to Azure VMs or Global Administrators (requires AzureHound)
- Session Analysis: List and route based on active user sessions (requires sessions data)
Integrates with Neo4j database to store and query BloodHound data about Active Directory and Azure Active Directory environments, enabling natural language queries for security analysis without writing Cypher queries directly.
BloodHound MCP
BloodHound MCP (Model Context Protocol) is an innovative extension of the BloodHound tool, designed to enable Large Language Models (LLMs) to interact with and analyze Active Directory (AD) and Azure Active Directory (AAD) environments through natural language queries. By leveraging the power of LLMs, BloodHound MCP allows users to perform complex queries and retrieve insights from their AD/AAD environments using simple, conversational commands.
Features
- Natural Language Queries: Use conversational language to query your AD/AAD environment without needing to write Cypher queries manually.
- LLM-Powered Analysis: Harness the capabilities of Large Language Models to interpret and execute queries on your behalf.
- Seamless Integration: Works with existing BloodHound data stored in Neo4j, providing a user-friendly interface for complex analysis.
- Customizable: Easily configure the system to work with your specific environment and tools.
Configure the MCP Server
Usage
Configuration
To customize BloodHound MCP, update the configuration file in your MCP-supported tool. Key settings include:
- Neo4j Database Connection:
BLOODHOUND_URI: The URI of your Neo4j database (e.g., bolt://localhost:7687).BLOODHOUND_USERNAME: Your Neo4j username.BLOODHOUND_PASSWORD: Your Neo4j password.
- Server Settings: Adjust the command and args to match your environment and tool requirements.
Contributing
We welcome contributions to BloodHound MCP! To get involved:
- Fork the Repository: Create your own copy on GitHub.
- Create a Branch: Work on your feature or fix in a new branch.
- Submit a Pull Request: Include a clear description of your changes.
Special Thanks
Custom queries from : https://github.com/CompassSecurity/BloodHoundQueries
hybrid server
The server is able to function both locally and remotely, depending on the configuration or use case.
Tools
- tool://route_non_privileged_users_with_dangerous_rights_to_privileged_nodes
- tool://route_user_principals_to_azure_service_principals
- tool://list_all_enabled_users_with_password_never_expires_not_changed_last_year
- tool://list_all_owned_enabled_users_with_rdp_and_sessions
- tool://run_query
- tool://list_all_enabled_users_with_no_password_required
- tool://route_non_privileged_computers_with_dangerous_rights_to_users
- tool://route_all_owned_enabled_users_with_dangerous_rights_to_groups
An extension that allows Large Language Models to interact with and analyze Active Directory environments through natural language queries instead of manual Cypher queries.
Related MCP Servers
- -securityFlicense-qualityFacilitates enhanced interaction with large language models (LLMs) by providing intelligent context management, tool integration, and multi-provider AI model coordination for efficient AI-driven workflows.Last updated -Python
- -securityAlicense-qualityProvides advanced analytical, research, and natural language processing capabilities through a Model Context Protocol server, enabling dataset analysis, decision analysis, and enhanced NLP features like entity recognition and fact extraction.Last updated -2TypeScriptMIT License
- AsecurityAlicenseAqualityA server that enables LLMs like Claude to query AWS DynamoDB databases through natural language requests, supporting table management, data querying, and schema analysis.Last updated -7666JavaScriptMIT License