- Home
- MCP servers
- ROADrecon
ROADrecon
- python
48
GitHub Stars
python
Language
6 months ago
First Indexed
2 months ago
Catalog Refreshed
Documentation & install
Readme and setup notes from the catalogue, plus a client-ready config you can copy for your MCP host.
Installation
Add the following to your MCP client configuration file.
Configuration
View docs{
"mcpServers": {
"atomicchonk-roadrecon_mcp_server": {
"command": "python",
"args": [
"roadrecon_mcp_server.py"
],
"env": {
"ROADRECON_URL": "http://localhost:5000 (or your ROADRecon URL)"
}
}
}
}You can run a ROADrecon MCP Server to give AI assistants access to your ROADRecon Azure AD data for security analysis. This server exposes Azure AD resources, offers built-in analysis tools, and provides pre-built prompts to help you perform common security tasks with an MCP client like Claude Desktop.
How to use
To use the ROADrecon MCP Server, start the server and connect your MCP client or Claude Desktop. Once connected, you can browse resources such as users, groups, applications, and devices, run security analyses, and invoke pre-built prompts to assess your Azure AD security posture. Use the server to query data sources, run tools to detect risks, and apply prompts that guide you through security tasks like identifying privileged accounts, checking MFA deployment, and reviewing credentials for service principals and applications.
How to install
Prerequisites you need before installation:
-
Python 3.8+
-
A running ROADRecon instance with its web GUI accessible
-
An MCP-compatible client (for example Claude Desktop)
Steps to install and run the server:
# Install Python dependencies
pip install -r requirements.txt
# Run the MCP server using the default ROADRecon URL
python roadrecon_mcp_server.py
# To point to a specific ROADRecon instance, set ROADRECON_URL before starting
ROADRECON_URL=http://localhost:8080 python roadrecon_mcp_server.py
Configuration and usage notes
-
The server exposes ROADRecon data through the MCP interface and relies on the ROADRecon URL you provide in the ROADRECON_URL environment variable. If you need to point to a non-default ROADRecon instance, set ROADRECON_URL to that instance URL before starting the server.
-
After starting, you can connect Claude Desktop or other MCP clients and begin querying resources such as users, groups, applications, and service principals. You can also execute security analysis tools and use pre-built prompts to perform common security tasks.
Connecting with Claude Desktop
-
Open Claude Desktop.
-
Go to Settings → Servers → Add Server.
-
Select "Add from running server". The server should appear in the list; click "Install".
-
If prompted, follow any on-screen instructions to complete the setup. The server will be available for use after installation.
Example queries and data access
-
Analyze the MFA status of users in this Azure AD tenant.
-
Find all users with privileged roles.
-
Check for applications with secrets or certificates.
-
Analyze the overall security posture of this Azure AD environment.
Resources Available
- `roadrecon://stats` – Summary statistics
- `roadrecon://users` – All users
- `roadrecon://users/{id}` – User details
- `roadrecon://groups` – All groups
- `roadrecon://groups/{id}` – Group details
- `roadrecon://applications` – All applications
- `roadrecon://applications/{id}` – Application details
- `roadrecon://serviceprincipals` – All service principals
- `roadrecon://serviceprincipals/{id}` – Service principal details
- `roadrecon://devices` – All devices
- `roadrecon://mfa` – MFA status for all users
- `roadrecon://directoryroles` – All directory roles
- `roadrecon://roledefinitions` – All role definitions
- `roadrecon://approles` – All app role assignments
- `roadrecon://oauth2permissions` – All OAuth2 permission grants
- `roadrecon://tenantdetails` – Tenant details
Tools available
find_privileged_users()– Find users with high-privilege rolesanalyze_mfa_status()– Analyze MFA deployment across usersfind_applications_with_secrets()– Find applications with secrets/certificatesanalyze_groups()– Analyze group types and membershipidentify_stale_accounts()– Find accounts that haven't logged in or changed password within a specified periodanalyze_pim_implementation()– Assess Privileged Identity Management implementationanalyze_service_principal_credentials()– Find over-permissioned service principals with long-lived credentialsanalyze_legacy_authentication()– Identify risks from legacy authentication protocols that bypass MFAanalyze_conditional_access_policies(file_path: str = "")– Analyze conditional access policies from an HTML file. Looks for the file at "C:\Temp\caps.html" by default, or prompts the user to specify a file path if not found.
Prompts available
analyze_security_posture– Comprehensive security analysisanalyze_privileged_access– Analysis of privileged access modelinvestigate_application_risks– Application security risk assessmentanalyze_identity_security– Identity security configuration analysisanalyze_stale_accounts– Analysis of inactive user accountsanalyze_privileged_access_management– PIM implementation assessmentanalyze_service_principal_security– Service principal credential risk analysisanalyze_legacy_authentication_risks– Legacy authentication protocol risk assessmentanalyze_conditional_access– Analysis of conditional access policies and recommendationscomprehensive_security_review– Complete security review of the entire environment
License
MIT
Available tools
find_privileged_users
Identify users who hold high-privilege roles within the Azure AD tenant.
analyze_mfa_status
Evaluate MFA deployment and coverage across all users.
find_applications_with_secrets
Detect applications that store secrets or certificates vulnerable to exposure.
analyze_groups
Analyze group types, membership, and distribution for risk patterns.
identify_stale_accounts
Find accounts that have not logged in or changed credentials within a defined period.
analyze_pim_implementation
Assess Privileged Identity Management setup and effectiveness.
analyze_service_principal_credentials
Find over-permissioned service principals with long-lived credentials.
analyze_legacy_authentication
Identify risks from legacy authentication methods bypassing MFA.
analyze_conditional_access_policies
Analyze conditional access policies (from HTML file by default) to identify gaps.