How to add BloodHound-MCP-AI to Windsurf
Analyze BloodHound Active Directory attack paths with natural language via 75+ Cypher-backed MCP tools. Paste the config into ~/.codeium/windsurf/mcp_config.json and restart Windsurf.
Last updated June 14, 2026 · 363★ · stdio · no auth
Windsurf config for BloodHound-MCP-AI
git clone https://github.com/MorDavid/BloodHound-MCP-AI.git && pip install -r requirements.txt{
"mcpServers": {
"bloodhound-mcp-ai": {
"command": "python",
"args": [
"<Your_Path>\\BloodHound-MCP.py"
],
"env": {
"BLOODHOUND_URI": "bolt://localhost:7687",
"BLOODHOUND_USERNAME": "neo4j",
"BLOODHOUND_PASSWORD": "bloodhoundcommunityedition"
}
}
}
}Setup steps
- 1Open Windsurf → Cascade → the hammer/MCP icon → Configure (or edit ~/.codeium/windsurf/mcp_config.json).
- 2Paste the BloodHound-MCP-AI config below.
- 3Fill in placeholder secrets, then save.
- 4Click Refresh in the MCP panel.
- 5BloodHound-MCP-AI's tools become available to Cascade.
Before you start
- BloodHound 4.x+ with data collected from an Active Directory environment
- Neo4j database with BloodHound data loaded
- Python 3.8 or higher
- An MCP client (e.g. Claude Desktop, Cursor)
What BloodHound-MCP-AI can do in Windsurf
Domain structure mappingQuery and map the structure of Active Directory domains, users, groups, computers, and their relationships.
Privilege escalation pathsDiscover attack paths to high-value targets such as Domain Admins, including where Domain Users have local admin rights.
Kerberos security analysisIdentify Kerberos issues including Kerberoastable users and AS-REP Roasting candidates and their paths to privileged accounts.
Certificate services (ADCS) analysisMap Active Directory Certificate Services vulnerabilities and abuse opportunities.
Active Directory hygiene assessmentAssess AD hygiene, e.g. finding inactive privileged accounts and other posture weaknesses.
NTLM relay attack analysisIdentify domain controllers and other targets vulnerable to NTLM relay attacks.
Delegation abuse analysisDiscover delegation abuse opportunities (e.g. unconstrained/constrained/resource-based delegation).
Security report generationGenerate comprehensive natural-language security reports about a domain for stakeholders.
Security
Connects to a Neo4j database holding BloodHound Active Directory data; configured with Neo4j credentials passed via env (BLOODHOUND_URI, BLOODHOUND_USERNAME, BLOODHOUND_PASSWORD). This is an offensive-security analysis tool: only run it against environments you are explicitly authorized to assess, treat BloodHound data as sensitive, and follow responsible-disclosure practices for any vulnerabilities found.
BloodHound-MCP-AI + Windsurf FAQ
Where is the Windsurf config file?
Windsurf reads MCP servers from ~/.codeium/windsurf/mcp_config.json. Paste the BloodHound-MCP-AI config there under the "mcpServers" key and restart the client.
Is BloodHound-MCP-AI safe to use with Windsurf?
Connects to a Neo4j database holding BloodHound Active Directory data; configured with Neo4j credentials passed via env (BLOODHOUND_URI, BLOODHOUND_USERNAME, BLOODHOUND_PASSWORD). This is an offensive-security analysis tool: only run it against environments you are explicitly authorized to assess, treat BloodHound data as sensitive, and follow responsible-disclosure practices for any vulnerabilities found.
What does this server connect to?
It connects to the Neo4j graph database that BloodHound uses to store Active Directory relationship data, over the Bolt protocol. You provide the URI, username, and password via environment variables.
Does it need an API key?
No. Authentication is to your local Neo4j/BloodHound database via Neo4j credentials (env vars), not an external API key.
How many tools does it provide?
Over 75 specialized tools based on the original BloodHound CE Cypher queries, spanning domain mapping, privilege escalation, Kerberos, certificate services, AD hygiene, NTLM relay, and delegation abuse.