MCP 服务器

BloodHound MCP

一个扩展程序，允许大型语言模型通过自然语言查询与 Active Directory 环境交互并进行分析，而无需手动编写 Cypher 查询。

Tools

tool://list_network_shares_ignoring_sysvol

List network share(s), ignoring SYSVOL

tool://list_all_groups

List all group(s)

tool://list_all_gpos

List all GPO(s)

tool://list_all_aad_groups_synchronized_with_ad

[WIP] List all AAD Group(s) that are synchronized with AD (Required: azurehound)

tool://list_all_enabled_azure_users_group_memberships

List all enabled Azure User(s) Azure Group membership(s) (Required: azurehound)

tool://list_all_principals_used_for_syncing_ad_and_aad

[WIP] List all principal(s) used for syncing AD and AAD

tool://list_all_enabled_azure_users

List all enabled Azure User(s) (Required: azurehound)

tool://list_privileges_for_certificate_authority_servers

[WIP] List privileges for Certificate Authority server(s) [Required: Certipy]

tool://list_all_certificate_templates

List all Certificate Template(s) [Required: Certipy]

tool://find_enabled_certificate_templates

Find enabled Certificate Template(s) [Required: Certipy]

tool://list_all_enrollment_rights_for_certificate_templates

[WIP] List all Enrollment Right(s) for Certificate Template(s)

tool://run_query

執行Cypher查詢並返回結果 Args: query: Cypher查詢字符串 parameters: 查詢參數字典 Returns: 查詢結果列表

tool://users_with_most_local_admin_rights

[WIP] Users with Most Local Admin Rights

tool://computers_with_most_sessions

[WIP] Computers with Most Sessions [Required: sessions]

tool://users_with_most_sessions

[WIP] Users with Most Sessions [Required: sessions]

tool://non_privileged_users_with_dangerous_permissions

List non-privileged user(s) with dangerous permissions to any node type

tool://route_non_privileged_users_with_dangerous_permissions

Route non-privileged user(s) with dangerous permissions to any node type

tool://users_with_most_cross_domain_sessions

[WIP] Users with most cross-domain sessions [Required: sessions]

tool://list_high_value_targets

List high value target(s)

tool://list_domains

List domain(s)

tool://list_domain_trusts

List domain trust(s)

tool://list_enabled_users

List enabled user(s)

tool://list_enabled_users_with_email

List enabled user(s) with an email address

tool://list_non_managed_service_accounts

List non-managed service account(s)

tool://list_enabled_principals_with_unconstrained_delegation

List enabled principal(s) with "Unconstrained Delegation"

tool://list_enabled_principals_with_constrained_delegation

List enabled principal(s) with "Constrained Delegation"

tool://list_domain_controllers

List domain controller(s)

tool://list_domain_computers

List domain computer(s)

tool://list_certificate_authority_servers

List Certificate Authority server(s) [Required: Certipy]

tool://list_computers_without_laps

List computer(s) WITHOUT LAPS

tool://list_all_principals_with_local_admin_permission

List all principal(s) with "Local Admin" permission

tool://list_all_principals_with_rdp_permission

List all principal(s) with "RDP" permission

tool://list_all_principals_with_sqladmin_permission

List all principal(s) with "SQLAdmin" permission

tool://list_all_user_sessions

List all user session(s) [Required: sessions]

tool://list_all_users_with_description_field

List all user(s) with description field

tool://list_all_enabled_users_with_userpassword_attribute

List all enabled user(s) with "userpassword" attribute

tool://list_all_enabled_users_with_password_never_expires

List all enabled user(s) with "password never expires" attribute

tool://list_all_enabled_users_with_password_never_expires_not_changed_last_year

List all enabled user(s) with "password never expires" attribute and not changed in last year

tool://list_all_enabled_users_with_no_password_required

List all enabled user(s) with "don't require passwords" attribute

tool://list_all_enabled_users_never_logged_in

List all enabled user(s) but never logged in

tool://list_all_enabled_users_logged_in_last_90_days

List all enabled user(s) that logged in within the last 90 days

tool://list_all_enabled_users_set_password_last_90_days

List all enabled user(s) that set password within the last 90 days

tool://list_all_enabled_users_with_foreign_group_membership

List all enabled user(s) with foreign group membership

tool://list_all_owned_users

List all owned user(s)

tool://list_all_owned_enabled_users

List all owned & enabled user(s)

tool://list_all_owned_enabled_users_with_email

List all owned & enabled user(s) with an email address

tool://list_all_owned_enabled_users_with_local_admin_and_sessions

List all owned & enabled user(s) with "Local Admin" permission, and any active sessions and their group membership(s)

tool://list_all_owned_enabled_users_with_rdp_and_sessions

List all owned & enabled user(s) with "RDP" permission, and any active sessions and their group membership(s)

tool://list_all_owned_enabled_users_with_sqladmin

List all owned & enabled user(s) with "SQLAdmin" permission

tool://list_all_owned_computers

List all owned computer(s)

tool://route_all_owned_enabled_group_memberships

Route all owned & enabled group membership(s)

tool://route_all_owned_enabled_non_privileged_group_memberships

Route all owned & enabled non-privileged group(s) membership

tool://route_all_owned_enabled_privileged_group_memberships

Route all owned & enabled privileged group(s) membership

tool://route_all_owned_enabled_users_with_dangerous_rights_to_any_node

Route all owned & enabled user(s) with Dangerous Rights to any node type

tool://route_all_owned_enabled_users_with_dangerous_rights_to_groups

Route all owned & enabled user(s) with Dangerous Rights to group(s)

tool://route_all_owned_enabled_users_with_dangerous_rights_to_users

Route all owned & enabled user(s) with Dangerous Rights to user(s)

tool://route_from_owned_enabled_users_to_unconstrained_delegation

Route from owned & enabled user(s) to all principals with "Unconstrained Delegation"

tool://route_from_owned_enabled_principals_to_high_value_targets

Route from owned & enabled principals to high value target(s)

tool://find_all_owned_users_with_privileged_access_to_azure_tenancy

Owned: [WIP] Find all owned user with privileged access to Azure Tenancy (Required: azurehound)

tool://find_all_owned_users_where_group_grants_azure_privileged_access

Owned: [WIP] Find all owned user where group membership grants privileged access to Azure Tenancy (Required: azurehound)

tool://find_all_owners_of_azure_applications_with_dangerous_rights

Owned: [WIP] Find all Owners of Azure Applications with Owners to Service Principals with Dangerous Rights (Required: azurehound)

tool://find_all_owned_groups_granting_network_share_access

Find all owned groups that grant access to network shares

tool://route_all_sessions_to_computers_without_laps

Route all sessions to computers WITHOUT LAPS (Required: sessions)

tool://route_all_sessions_to_computers

Route all sessions to computers (Required: sessions)

tool://list_enabled_non_privileged_users_with_local_admin

List enabled non-privileged user(s) with "Local Admin" permission

tool://list_enabled_non_privileged_users_with_local_admin_and_sessions

List enabled non-privileged user(s) with "Local Admin" permission, and any active sessions and their group membership(s)

tool://list_enabled_non_privileged_users_with_rdp

List enabled non-privileged user(s) with "RDP" permission

tool://list_enabled_non_privileged_users_with_rdp_and_sessions

List enabled non-privileged user(s) with "RDP" permission, and any active sessions and their group membership(s)

tool://list_enabled_non_privileged_users_with_sqladmin

List enabled non-privileged user(s) with "SQLAdmin" permission

tool://list_all_domain_users_group_memberships

List all "Domain Users" group membership(s)

tool://list_all_authenticated_users_group_memberships

List all "Authenticated Users" group membership(s)

tool://find_all_enabled_as_rep_roastable_users

Find all enabled AS-REP roastable user(s)

tool://find_all_enabled_kerberoastable_users

Find all enabled kerberoastable user(s)

tool://route_non_privileged_users_with_dangerous_rights_to_users

Route non-privileged user(s) with dangerous rights to user(s) [HIGH RAM]

tool://route_non_privileged_users_with_dangerous_rights_to_groups

Route non-privileged user(s) with dangerous rights to group(s) [HIGH RAM]

tool://route_non_privileged_users_with_dangerous_rights_to_computers

Route non-privileged user(s) with dangerous rights to computer(s) [HIGH RAM]

tool://route_non_privileged_users_with_dangerous_rights_to_gpos

Route non-privileged user(s) with dangerous rights to GPO(s) [HIGH RAM]

tool://route_non_privileged_users_with_dangerous_rights_to_privileged_nodes

Route non-privileged user(s) with dangerous rights to privileged node(s) [HIGH RAM]

tool://route_non_privileged_computers_with_dangerous_rights_to_users

Route non-privileged computer(s) with dangerous rights to user(s) [HIGH RAM]

tool://route_non_privileged_computers_with_dangerous_rights_to_groups

Route non-privileged computer(s) with dangerous rights to group(s) [HIGH RAM]

tool://route_non_privileged_computers_with_dangerous_rights_to_computers

Route non-privileged computer(s) with dangerous rights to computer(s) [HIGH RAM]

tool://route_non_privileged_computers_with_dangerous_rights_to_gpos

Route non-privileged computer(s) with dangerous rights to GPO(s) [HIGH RAM]

tool://route_non_privileged_computers_with_dangerous_rights_to_privileged_nodes

Route non-privileged computer(s) with dangerous rights to privileged node(s) [HIGH RAM]

tool://list_esc1_vulnerable_certificate_templates

List ESC1 vulnerable Certificate Template(s) [Required: Certipy]

tool://list_esc2_vulnerable_certificate_templates

List ESC2 vulnerable Certificate Template(s) [Required: Certipy]

tool://list_esc3_vulnerable_certificate_templates

List ESC3 vulnerable Certificate Template(s) [Required: Certipy]

tool://list_esc4_vulnerable_certificate_templates

List ESC4 vulnerable Certificate Template(s) [Required: Certipy]

tool://list_esc6_vulnerable_certificate_templates

List ESC6 vulnerable Certificate Template(s) [Required: Certipy]

tool://list_esc7_vulnerable_certificate_templates

List ESC7 vulnerable Certificate Template(s) [Required: Certipy]

tool://list_esc8_vulnerable_certificate_templates

List ESC8 vulnerable Certificate Template(s) [Required: Certipy]

tool://list_all_cross_domain_user_sessions_and_memberships

List all cross-domain user session(s) and user group membership(s)

tool://list_privileged_users_without_protected_users

List privileged user(s) without "Protected Users" group membership

tool://list_custom_privileged_groups

List custom privileged group(s)

tool://list_enabled_svc_accounts_with_privileged_group_memberships

List all enabled SVC account(s) with privileged group membership(s)

tool://route_privileged_users_with_sessions_to_non_privileged_computers

Route all privileged user(s) with sessions to non-privileged computer(s) [Required: sessions]

tool://find_allshortestpaths_with_dangerous_rights_to_adminsdholder

Find allshortestpaths with dangerous rights to AdminSDHolder object

tool://find_allshortestpaths_with_dcsync_to_domain

Find allshortestpaths with DCSync to domain object

tool://find_allshortestpaths_with_shadow_credential_permission

Find allshortestpaths with Shadow Credential permission to principal(s)

tool://list_all_tenancy

List all Tenancy (Required: azurehound)

tool://list_all_ad_principals_with_edges_to_azure_principals

[WIP] List all AD principal(s) with edge(s) to Azure principal(s) (Required: azurehound)

tool://list_all_principals_with_privileged_access_to_azure_tenancy

[WIP] List all principal(s) with privileged access to Azure Tenancy (Required: azurehound)

tool://route_principals_to_azure_applications_and_service_principals

[WIP] Route all principal(s) that have control permissions to Azure Application(s) running as Azure Service Principals (AzSP), and route from privileged ASP to Azure Tenancy (Required: azurehound)

tool://route_user_principals_to_azure_service_principals

[WIP] Route all user principal(s) that have control permissions to Azure Service Principals (AzSP), and route from AzSP to principal(s) (Required: azurehound)

tool://route_azure_users_with_dangerous_rights_to_users

[WIP] Route from Azure User principal(s) that have dangerous rights to Azure User and User principal(s) (Required: azurehound)

tool://route_principals_to_azure_vm

[WIP] Route from principal(s) to Azure VM (Required: azurehound)

tool://route_principals_to_global_administrators

[WIP] Route from principal(s) to principal(s) with Global Administrator permissions (Required: azurehound)

README

BloodHound MCP

BloodHound MCP（模型上下文协议）是 BloodHound 工具的一项创新扩展，旨在使大型语言模型 (LLM) 能够通过自然语言查询与 Active Directory (AD) 和 Azure Active Directory (AAD) 环境进行交互和分析。通过利用 LLM 的强大功能，BloodHound MCP 允许用户执行复杂的查询，并使用简单的对话式命令从其 AD/AAD 环境中检索见解。

特性

自然语言查询：使用对话式语言查询您的 AD/AAD 环境，而无需手动编写 Cypher 查询。
LLM 驱动的分析：利用大型语言模型的功能来解释和执行代表您执行的查询。
无缝集成：与存储在 Neo4j 中的现有 BloodHound 数据配合使用，为复杂分析提供用户友好的界面。
可定制：轻松配置系统以适应您的特定环境和工具。

配置 MCP 服务器

{
  "mcpServers": {
    "BloodHound": {
      "name": "BloodHound",
      "isActive": true,
      "command": "uv",
      "args": [
        "run",
        "--with",
        "mcp[cli],neo4j",
        "mcp",
        "run",
        "<PATH_TO_THE_PROJECT>server.py"
      ],
      "env": {
        "BLOODHOUND_URI": "bolt://localhost:7687",
        "BLOODHOUND_USERNAME": "neo4j",
        "BLOODHOUND_PASSWORD": "bloodhound"
      }
    }
  }
}

用法

配置

要自定义 BloodHound MCP，请更新 MCP 支持工具中的配置文件。主要设置包括：

Neo4j 数据库连接：
- BLOODHOUND_URI：您的 Neo4j 数据库的 URI（例如，bolt://localhost:7687）。
- BLOODHOUND_USERNAME：您的 Neo4j 用户名。
- BLOODHOUND_PASSWORD：您的 Neo4j 密码。
服务器设置：调整命令和 args 以匹配您的环境和工具要求。

贡献

我们欢迎对 BloodHound MCP 的贡献！要参与：

Fork 存储库：在 GitHub 上创建您自己的副本。
创建一个分支：在新分支中处理您的功能或修复。
提交 Pull Request：包含对您所做更改的清晰描述。

特别感谢

自定义查询来自：https://github.com/CompassSecurity/BloodHoundQueries

BloodHound MCP

Tools

README

BloodHound MCP

特性

配置 MCP 服务器

用法

配置

贡献

特别感谢

推荐服务器