BloodHound-MCP-AI integrates BloodHound, an Active Directory attack path analysis tool, with AI via the Model Context Protocol (MCP). This allows security professionals to query complex AD security data and attack paths using natural language, making advanced analysis more accessible.

How It Works

This project leverages BloodHound's graph database (Neo4j) to store Active Directory relationships. It acts as an MCP Server, enabling AI models to interact with this data. Users can pose natural language queries, which are translated into actionable insights about AD security, privilege escalation, and attack vectors, bypassing the need for manual Cypher queries.

Quick Start & Requirements

• Install: git clone the repository, pip install -r requirements.txt.
• Prerequisites: BloodHound 4.x+ with collected AD data, Neo4j database with loaded BloodHound data, Python 3.8+.
• Configuration: Set environment variables for BLOODHOUND_URI, BLOODHOUND_USERNAME, and BLOODHOUND_PASSWORD in the MCP server configuration.
• Documentation: [Not explicitly linked, but usage examples are provided.]

Highlighted Details

• First-ever BloodHound AI integration via MCP.
• Supports natural language queries for over 75 analysis categories, including privilege escalation, Kerberos issues, and NTLM relay attacks.
• Enables generation of detailed security reports.
• Community-driven integration, not an official Anthropic product.

Maintenance & Community

• Community support via a Telegram channel: root_sec.

Licensing & Compatibility

• Licensed under the MIT License.
• Compatible with commercial use and closed-source linking due to permissive licensing.

Limitations & Caveats

The project requires specific versions of BloodHound and Python, and relies on correctly configured Neo4j and MCP client setups. The README does not provide explicit links to official documentation or demos.