// SCAN REPORT

BloodHound MCP

75 tools. 2 can modify or destroy data without limits.

1 write tool that can modify data. Rate limits recommended.

Last updated:

2 can modify or destroy data
73 read-only
75 tools total

Community server · catalogue entry verified 10/06/2026

How to control BloodHound MCP ↓

TOOL MAP

What BloodHound MCP exposes to your agents

Read (73) Write / Execute (1) Destructive / Financial (0)

Running more than one server? Check your whole stack →

MOST DANGEROUS TOOLS
High Risk

The most dangerous BloodHound MCP tools

Execute · Critical query_bloodhound The tool likely executes arbitrary Cypher queries against a BloodHound database containing sensitive Active Directory attack path data.

2 of BloodHound MCP's 75 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

POLICY

How to control BloodHound MCP

PolicyLayer is an MCP gateway — it sits between your AI agents and BloodHound MCP, and nothing reaches the server without passing your rules. These are the rules we recommend:

Cap read operations
{
  "find_all_domain_admins": {
    "limits": [
      {
        "counter": "find_all_domain_admins_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register BloodHound MCP — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON BLOODHOUND →

Free to start. No card required.

FULL CATALOGUE

All 75 BloodHound MCP tools

EXECUTE 1 tools
Execute query_bloodhound query_bloodhound
READ 73 tools
Read find_all_domain_admins find_all_domain_admins Read find_all_kerberoastable_users find_all_kerberoastable_users Read find_asreproast_users find_asreproast_users Read find_ca_administrators find_ca_administrators Read find_certificate_enrollment_rights find_certificate_enrollment_rights Read find_computers_in_protected_users find_computers_in_protected_users Read find_computers_no_smb_signing find_computers_no_smb_signing Read find_computers_outbound_ntlm_deny find_computers_outbound_ntlm_deny Read find_computers_webclient_running find_computers_webclient_running Read find_dcs_vulnerable_ntlm_relay find_dcs_vulnerable_ntlm_relay Read find_dcs_weak_certificate_binding find_dcs_weak_certificate_binding Read find_dcsync_privileges find_dcsync_privileges Read find_devices_unsupported_os find_devices_unsupported_os Read find_disabled_azure_tier_zero_principals find_disabled_azure_tier_zero_principals Read find_disabled_tier_zero_principals find_disabled_tier_zero_principals Read find_domain_admin_non_dc_logons find_domain_admin_non_dc_logons Read find_domain_users_high_value_paths find_domain_users_high_value_paths Read find_domain_users_laps_readers find_domain_users_laps_readers Read find_domain_users_local_admins find_domain_users_local_admins Read find_domain_users_privileges find_domain_users_privileges Read find_domain_users_server_rdp find_domain_users_server_rdp Read find_domain_users_workstation_rdp find_domain_users_workstation_rdp Read find_domains_with_machine_quota find_domains_with_machine_quota Read find_enrollment_agent_templates find_enrollment_agent_templates Read find_entra_users_in_domain_admins find_entra_users_in_domain_admins Read find_esc1_vulnerable_templates find_esc1_vulnerable_templates Read find_esc2_vulnerable_templates find_esc2_vulnerable_templates Read find_esc8_vulnerable_cas find_esc8_vulnerable_cas Read find_external_tier_zero_users find_external_tier_zero_users Read find_foreign_group_memberships find_foreign_group_memberships Read find_foreign_tier_zero_principals find_foreign_tier_zero_principals Read find_global_administrators find_global_administrators Read find_high_privileged_role_members find_high_privileged_role_members Read find_inactive_tier_zero_principals find_inactive_tier_zero_principals Read find_kerberoastable_most_admin find_kerberoastable_most_admin Read find_kerberoastable_tier_zero find_kerberoastable_tier_zero Read find_nested_tier_zero_groups find_nested_tier_zero_groups Read find_ntlm_relay_edges find_ntlm_relay_edges Read find_onprem_users_in_entra_groups find_onprem_users_in_entra_groups Read find_onprem_users_owning_entra_objects find_onprem_users_owning_entra_objects Read find_paths_from_azure_apps_to_tier_zero find_paths_from_azure_apps_to_tier_zero Read find_paths_from_domain_users_to_tier_zero find_paths_from_domain_users_to_tier_zero Read find_paths_from_entra_to_tier_zero find_paths_from_entra_to_tier_zero Read find_paths_from_kerberoastable_to_da find_paths_from_kerberoastable_to_da Read find_paths_from_owned_objects find_paths_from_owned_objects Read find_paths_to_azure_subscriptions find_paths_to_azure_subscriptions Read find_paths_to_privileged_roles find_paths_to_privileged_roles Read find_pki_hierarchy find_pki_hierarchy Read find_principals_des_only_kerberos find_principals_des_only_kerberos Read find_principals_reversible_encryption find_principals_reversible_encryption Read find_principals_weak_kerberos_encryption find_principals_weak_kerberos_encryption Read find_public_key_services find_public_key_services Read find_shortest_paths_to_domain_admins find_shortest_paths_to_domain_admins Read find_shortest_paths_to_tier_zero find_shortest_paths_to_tier_zero Read find_shortest_paths_unconstrained_delegation find_shortest_paths_unconstrained_delegation Read find_smartcard_dont_expire_domains find_smartcard_dont_expire_domains Read find_sp_graph_assignments find_sp_graph_assignments Read find_synced_tier_zero_principals find_synced_tier_zero_principals Read find_tier_zero_locations find_tier_zero_locations Read find_tier_zero_non_expiring_passwords find_tier_zero_non_expiring_passwords Read find_tier_zero_without_smartcard find_tier_zero_without_smartcard Read find_two_way_forest_trust_delegation find_two_way_forest_trust_delegation Read find_unsupported_operating_systems find_unsupported_operating_systems Read find_users_password_not_rotated find_users_password_not_rotated Read find_users_with_no_password_required find_users_with_no_password_required Read map_domain_trusts map_domain_trusts Read map_ou_structure map_ou_structure Read onprem_users_direct_azure_roles onprem_users_direct_azure_roles Read onprem_users_direct_entra_roles onprem_users_direct_entra_roles Read onprem_users_group_azure_roles onprem_users_group_azure_roles Read onprem_users_group_entra_roles onprem_users_group_entra_roles Read templates_no_security_ext templates_no_security_ext Read templates_with_user_san templates_with_user_san
OTHER 1 tools
Other sp_app_role_grant sp_app_role_grant
FAQ

Questions about BloodHound MCP

Is the BloodHound MCP server safe to use without restrictions? +

The BloodHound MCP server is primarily read-only with 73 read tools. While it cannot modify data, an agent in a retry loop can make thousands of API calls per minute, exhausting rate limits and running up costs. Rate limiting is still recommended.

How many tools does the BloodHound MCP server expose? +

75 tools across 1 categories: Read. 73 are read-only. 2 can modify, create, or delete data.

How do I enforce a policy on BloodHound MCP? +

Register the BloodHound MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every BloodHound MCP tool call.

Deterministic rules across all 75 BloodHound MCP tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

ENFORCE POLICY ON BLOODHOUND →

Free to start. No card required.

75 BloodHound MCP tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.