// SCAN REPORT

BloodHound MCP

106 tools. 1 can modify or destroy data without limits.

1 write tool that can modify data. Rate limits recommended.

Last updated:

1 can modify or destroy data
105 read-only
106 tools total

Community server · catalogue entry verified 11/06/2026

How to control BloodHound MCP ↓

TOOL MAP

Read (105) Write / Execute (1) Destructive / Financial (0)

MOST DANGEROUS TOOLS

High Risk
Execute · Critical run_query This is Execute category because it runs arbitrary code (Cypher queries) against a live Active Directory environment whose effects depend entirely on the query arguments provided by an AI agent.

1 of BloodHound MCP's 106 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

HOW TO CONTROL BLOODHOUND MCP

PolicyLayer is an MCP gateway — it sits between your AI agents and BloodHound MCP, and nothing reaches the server without passing your rules. These are the rules we recommend:

Cap read operations
{
  "computers_with_most_sessions": {
    "limits": [
      {
        "counter": "computers_with_most_sessions_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register BloodHound MCP — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON BLOODHOUND →

Free to start. No card required.

ALL 106 BLOODHOUND MCP TOOLS

EXECUTE 1 tools
Execute run_query 執行Cypher查詢並返回結果 Args: query: Cypher查詢字符串 parameters: 查詢參數字典 Returns:
READ 105 tools
Read computers_with_most_sessions [WIP] Computers with Most Sessions [Required: sessions] Read find_all_enabled_as_rep_roastable_users Find all enabled AS-REP roastable user(s) Read find_all_enabled_kerberoastable_users Find all enabled kerberoastable user(s) Read find_all_owned_groups_granting_network_share_access Find all owned groups that grant access to network shares Read find_allshortestpaths_with_dcsync_to_domain Find allshortestpaths with DCSync to domain object Read find_allshortestpaths_with_shadow_credential_permission Find allshortestpaths with Shadow Credential permission to principal(s) Read find_azure_app_owners_with_dangerous_rights Owned: [WIP] Find all Owners of Azure Applications with Owners to Service Principals with Dangerous Rights (Re Read find_enabled_certificate_templates Find enabled Certificate Template(s) [Required: Certipy] Read find_owned_users_with_azure_tenancy_access Owned: [WIP] Find all owned user with privileged access to Azure Tenancy (Required: azurehound) Read find_owned_users_with_group_granted_azure_access Owned: [WIP] Find all owned user where group membership grants privileged access to Azure Tenancy (Required: a Read find_paths_dangerous_rights_to_adminsdholder Find allshortestpaths with dangerous rights to AdminSDHolder object Read list_all_aad_groups_synchronized_with_ad [WIP] List all AAD Group(s) that are synchronized with AD (Required: azurehound) Read list_all_ad_principals_with_edges_to_azure_principals [WIP] List all AD principal(s) with edge(s) to Azure principal(s) (Required: azurehound) Read list_all_authenticated_users_group_memberships list_all_authenticated_users_group_memberships Read list_all_certificate_templates List all Certificate Template(s) [Required: Certipy] Read list_all_cross_domain_user_sessions_and_memberships List all cross-domain user session(s) and user group membership(s) Read list_all_domain_users_group_memberships list_all_domain_users_group_memberships Read list_all_enabled_azure_users List all enabled Azure User(s) (Required: azurehound) Read list_all_enabled_azure_users_group_memberships List all enabled Azure User(s) Azure Group membership(s) (Required: azurehound) Read list_all_enabled_users_logged_in_last_90_days List all enabled user(s) that logged in within the last 90 days Read list_all_enabled_users_never_logged_in List all enabled user(s) but never logged in Read list_all_enabled_users_set_password_last_90_days List all enabled user(s) that set password within the last 90 days Read list_all_enabled_users_with_foreign_group_membership List all enabled user(s) with foreign group membership Read list_all_enabled_users_with_no_password_required list_all_enabled_users_with_no_password_required Read list_all_enabled_users_with_password_never_expires list_all_enabled_users_with_password_never_expires Read list_all_enabled_users_with_userpassword_attribute list_all_enabled_users_with_userpassword_attribute Read list_all_enrollment_rights_for_certificate_templates [WIP] List all Enrollment Right(s) for Certificate Template(s) Read list_all_gpos List all GPO(s) Read list_all_groups List all group(s) Read list_all_owned_computers List all owned computer(s) Read list_all_owned_enabled_users List all owned & enabled user(s) Read list_all_owned_enabled_users_with_email List all owned & enabled user(s) with an email address Read list_all_owned_enabled_users_with_rdp_and_sessions list_all_owned_enabled_users_with_rdp_and_sessions Read list_all_owned_enabled_users_with_sqladmin list_all_owned_enabled_users_with_sqladmin Read list_all_owned_users List all owned user(s) Read list_all_principals_used_for_syncing_ad_and_aad [WIP] List all principal(s) used for syncing AD and AAD Read list_all_principals_with_local_admin_permission list_all_principals_with_local_admin_permission Read list_all_principals_with_rdp_permission list_all_principals_with_rdp_permission Read list_all_principals_with_sqladmin_permission list_all_principals_with_sqladmin_permission Read list_all_tenancy List all Tenancy (Required: azurehound) Read list_all_user_sessions List all user session(s) [Required: sessions] Read list_all_users_with_description_field List all user(s) with description field Read list_certificate_authority_servers List Certificate Authority server(s) [Required: Certipy] Read list_computers_without_laps List computer(s) WITHOUT LAPS Read list_custom_privileged_groups List custom privileged group(s) Read list_domain_computers List domain computer(s) Read list_domain_controllers List domain controller(s) Read list_domain_trusts List domain trust(s) Read list_domains List domain(s) Read list_en_svc_accts_priv_grp_mems List all enabled SVC account(s) with privileged group membership(s) Read list_enabled_non_privileged_users_with_local_admin list_enabled_non_privileged_users_with_local_admin Read list_enabled_non_privileged_users_with_rdp list_enabled_non_privileged_users_with_rdp Read list_enabled_non_privileged_users_with_rdp_and_sessions list_enabled_non_privileged_users_with_rdp_and_sessions Read list_enabled_non_privileged_users_with_sqladmin list_enabled_non_privileged_users_with_sqladmin Read list_enabled_principals_with_constrained_delegation list_enabled_principals_with_constrained_delegation Read list_enabled_principals_with_unconstrained_delegation list_enabled_principals_with_unconstrained_delegation Read list_enabled_users List enabled user(s) Read list_enabled_users_pwd_never_expires_unchanged_1yr list_enabled_users_pwd_never_expires_unchanged_1yr Read list_enabled_users_with_email List enabled user(s) with an email address Read list_esc1_vulnerable_certificate_templates List ESC1 vulnerable Certificate Template(s) [Required: Certipy] Read list_esc2_vulnerable_certificate_templates List ESC2 vulnerable Certificate Template(s) [Required: Certipy] Read list_esc3_vulnerable_certificate_templates List ESC3 vulnerable Certificate Template(s) [Required: Certipy] Read list_esc4_vulnerable_certificate_templates List ESC4 vulnerable Certificate Template(s) [Required: Certipy] Read list_esc6_vulnerable_certificate_templates List ESC6 vulnerable Certificate Template(s) [Required: Certipy] Read list_esc7_vulnerable_certificate_templates List ESC7 vulnerable Certificate Template(s) [Required: Certipy] Read list_esc8_vulnerable_certificate_templates List ESC8 vulnerable Certificate Template(s) [Required: Certipy] Read list_high_value_targets List high value target(s) Read list_network_shares_ignoring_sysvol List network share(s), ignoring SYSVOL Read list_non_managed_service_accounts List non-managed service account(s) Read list_non_priv_users_with_admin_and_sessions list_non_priv_users_with_admin_and_sessions Read list_own_en_usrs_local_adm_sess list_own_en_usrs_local_adm_sess Read list_principals_with_azure_tenancy_access [WIP] List all principal(s) with privileged access to Azure Tenancy (Required: azurehound) Read list_privileged_users_without_protected_users list_privileged_users_without_protected_users Read list_privileges_for_certificate_authority_servers [WIP] List privileges for Certificate Authority server(s) [Required: Certipy] Read non_privileged_users_with_dangerous_permissions List non-privileged user(s) with dangerous permissions to any node type Read route_all_owned_enabled_group_memberships Route all owned & enabled group membership(s) Read route_all_owned_enabled_non_privileged_group_memberships Route all owned & enabled non-privileged group(s) membership Read route_all_owned_enabled_privileged_group_memberships Route all owned & enabled privileged group(s) membership Read route_all_sessions_to_computers Route all sessions to computers (Required: sessions) Read route_all_sessions_to_computers_without_laps Route all sessions to computers WITHOUT LAPS (Required: sessions) Read route_azure_users_with_dangerous_rights_to_users [WIP] Route from Azure User principal(s) that have dangerous rights to Azure User and User principal(s) (Requi Read route_from_owned_enabled_principals_to_high_value_targets Route from owned & enabled principals to high value target(s) Read route_non_priv_comps_dangerous_rights_to_comps Route non-privileged computer(s) with dangerous rights to computer(s) [HIGH RAM] Read route_non_priv_comps_dangerous_rights_to_gpos Route non-privileged computer(s) with dangerous rights to GPO(s) [HIGH RAM] Read route_non_priv_comps_dangerous_rights_to_groups Route non-privileged computer(s) with dangerous rights to group(s) [HIGH RAM] Read route_non_priv_comps_dangerous_rights_to_priv_nodes Route non-privileged computer(s) with dangerous rights to privileged node(s) [HIGH RAM] Read route_non_priv_comps_dangerous_rights_to_users Route non-privileged computer(s) with dangerous rights to user(s) [HIGH RAM] Read route_non_priv_users_dangerous_rights_to_comps Route non-privileged user(s) with dangerous rights to computer(s) [HIGH RAM] Read route_non_priv_users_dangerous_rights_to_priv_nodes Route non-privileged user(s) with dangerous rights to privileged node(s) [HIGH RAM] Read route_non_priv_usrs_dang_rts_grps Route non-privileged user(s) with dangerous rights to group(s) [HIGH RAM] Read route_non_privileged_users_with_dangerous_permissions Route non-privileged user(s) with dangerous permissions to any node type Read route_non_privileged_users_with_dangerous_rights_to_gpos Route non-privileged user(s) with dangerous rights to GPO(s) [HIGH RAM] Read route_non_privileged_users_with_dangerous_rights_to_users Route non-privileged user(s) with dangerous rights to user(s) [HIGH RAM] Read route_own_en_usrs_dang_rts_usrs Route all owned & enabled user(s) with Dangerous Rights to user(s) Read route_own_en_usrs_unconst_del route_own_en_usrs_unconst_del Read route_owned_users_dangerous_rights_to_any Route all owned & enabled user(s) with Dangerous Rights to any node type Read route_owned_users_dangerous_rights_to_groups Route all owned & enabled user(s) with Dangerous Rights to group(s) Read route_principals_to_azure_apps_and_sps [WIP] Route all principal(s) that have control permissions to Azure Application(s) running as Azure Service Pr Read route_principals_to_azure_vm [WIP] Route from principal(s) to Azure VM (Required: azurehound) Read route_principals_to_global_administrators [WIP] Route from principal(s) to principal(s) with Global Administrator permissions (Required: azurehound) Read route_priv_users_sessions_to_non_priv_comps Route all privileged user(s) with sessions to non-privileged computer(s) [Required: sessions] Read route_user_principals_to_azure_service_principals [WIP] Route all user principal(s) that have control permissions to Azure Service Principals (AzSP), and route Read users_with_most_cross_domain_sessions [WIP] Users with most cross-domain sessions [Required: sessions] Read users_with_most_local_admin_rights [WIP] Users with Most Local Admin Rights Read users_with_most_sessions [WIP] Users with Most Sessions [Required: sessions]

RELATED SERVERS

Other MCP servers with similar tools — same risk classification, starter policies for each.

BNB Chain MCP 1240 tools
automation
Binance MCP Server 734 tools
automation
Nodebench 724 tools
automation
GoHighLevel MCP Server 566 tools
automation
UnClick 451 tools
automation
NowAIKit — ServiceNow AI Toolkit 446 tools
automation
Mcp Windows 441 tools
automation
0nmcp 407 tools
automation

FAQ

Is the BloodHound MCP server safe to use without restrictions? +

The BloodHound MCP server is primarily read-only with 105 read tools. While it cannot modify data, an agent in a retry loop can make thousands of API calls per minute, exhausting rate limits and running up costs. Rate limiting is still recommended.

How many tools does the BloodHound MCP server expose? +

106 tools across 2 categories: Execute, Read. 105 are read-only. 1 can modify, create, or delete data.

How do I enforce a policy on BloodHound MCP? +

Register the BloodHound MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every BloodHound MCP tool call.

Deterministic rules across all 106 BloodHound MCP tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

ENFORCE POLICY ON BLOODHOUND →

Free to start. No card required.

106 BloodHound MCP tools catalogued and risk-classified — across an index of 42,500+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.