Early bird registration for SO-CON 2026 is now open!  Register Now
Back to Resource Center
Open-source Tools

BloodHound MCP

BloodHound MCP, or BloodHound Model Context Protocol Server, is a Model Context Protocol (MCP) server that enables Large Language Models to interact with BloodHound Community Edition data through Claude Desktop. This tool allows security professionals to query and analyze Active Directory attack paths using natural language.

It offers the following:

Core Capabilities

  • Domain Analysis: Query domain information, users, groups, computers, and organizational structure
  • User Intelligence: Analyze user privileges, group memberships, sessions, and administrative rights
  • Group Analysis: Examine group memberships, controllers, and privilege relationships
  • Computer Assessment: Investigate computer privileges, sessions, and administrative access
  • Organizational Units: Explore OU structure and contained objects
  • Group Policy Objects: Analyze GPO assignments and controllers
  • Certificate Services: Investigate ADCS infrastructure and certificate templates
  • Custom Cypher Queries: Execute advanced Neo4j queries for complex analysis
  • Graph Search: Find shortest paths between security principals

Advanced Features

  • Natural language querying of BloodHound data
  • Attack path visualization and analysis
  • Privilege escalation identification
  • Cross-domain relationship analysis
  • Kerberoasting target identification
  • Administrative relationship mapping
Download on GitHub
BloodHound MCP

Explore other tools

BloodHound Community Edition

Manage Identity Attack Paths across your hybrid environment and remove the adversary’s favorite target.

BloodHound Community Edition

Read more

Nemesis 2.0

Nemesis 2.0 functions as an "offensive VirusTotal," automatically processing files collected during security assessments through an extensive pipeline of specialized analyzers.

Nemesis 2.0

Read more

Ghostwriter

Ghostwriter is a Django web app for red teams to track projects, clients, assets, reports, and evidence.

Ghostwriter

Read more

Mythic

Mythic is an open-source Command and Control (C2) framework designed around a microservice architecture.

Mythic

Read more

Join the conversation

Learn from others and share your story on the BloodHoundGang Slack Community

Connect with us

You might also be interested in

Cover of the State of APM report
White Papers

The State of Attack Path Management

Our inaugural report highlights why Identity Security is increasingly complex, and why it's difficult to execute without Attack Path Management. We're shifting the conversation from static checklists to the dynamic attack graph.

Read more

White Papers

Maturity Model

The rise of identity-based attacks has exposed a blind spot in the security stack; none of the core tools were designed to map or control how privilege chains together. Attackers aren’t slipping through gaps in detection; they’re bypassing controls entirely by chaining together legitimate access into attack paths that lead directly to critical assets.

Read more

White Papers

The CISO’s Guide to Modern Identity Security

A strategic framework for security leaders navigating the shift from reactive incident response to proactive attack path management

Read more