ROADrecon MCP Server

ROADrecon MCP Server

Expose ROADRecon Azure AD data to AI assistants for advanced security analysis.

View on GitHub
47
Stars
8
Forks
47
Watchers
1
Issues
ROADrecon MCP Server implements the Model Context Protocol to provide seamless access to Azure AD data from ROADRecon instances for AI assistants like Claude. It enables secure retrieval and analysis of directory data, offers pre-built security analysis tools, and supplies prompt templates for common security tasks. The server facilitates structured data access and tool execution, streamlining organizational security reviews.

Key Features

Direct connection to ROADRecon Azure AD data
Model Context Protocol (MCP) server implementation
Extensive set of AI-accessible resources (users, groups, apps, etc.)
Pre-built security analysis tools and functions
Prompt templates for common security investigations
Support for custom ROADRecon instance URLs
Integration with AI clients like Claude Desktop
Retrieve and analyze MFA status and privileged roles
Analyze legacy authentication and conditional access policies
Facilitates fast onboarding for security analysis workflows

Use Cases

Security analysis of Azure AD tenants by AI assistants
Identifying users with privileged or risky roles
Auditing MFA deployment and legacy authentication risks
Investigating stale accounts and inactive resources
Reviewing service principal credentials and permissions
Evaluating application security risks from secrets or certificates
Analyzing conditional access and PIM implementations
Comprehensive posture assessment of Microsoft cloud environments
Generating structured reports for directory security
Empowering AI-driven security operations with up-to-date Azure AD context

README

ROADrecon MCP Server

This MCP (Model Context Protocol) server provides AI assistants like Claude with access to your ROADRecon Azure AD data for security analysis.

The amazing ROADtools suite by dirkjanm can be found here: ROADRecon

Features

  • Resources: Access Azure AD data from your ROADRecon instance
  • Tools: Run security analysis on the data
  • Prompts: Pre-built analysis templates for common security tasks

Prerequisites

  • Python 3.8+
  • A running ROADRecon instance with the web GUI accessible
  • MCP-compatible client (Claude Desktop, etc.)

Installation

  1. Clone this repository
  2. Install dependencies: 
    pip install -r requirements.txt

Usage

Running the server

  1. Make sure your ROADRecon GUI is running (default: http://localhost:5000)

  2. Run the MCP server:

    python roadrecon_mcp_server.py

  3. To specify a different ROADRecon URL:

    ROADRECON_URL=http://localhost:8080 python roadrecon_mcp_server.py

Connecting with Claude Desktop

  1. Open Claude Desktop
  2. Go to Settings → Servers → Add Server
  3. Select "Add from running server"
  4. The server should appear in the list - click "Install"

More details on this step can be found here: https://modelcontextprotocol.io/quickstart/server

Using in Claude

Once connected, Claude can:

  • Access Azure AD data via resources (e.g., roadrecon://users)
  • Run security analysis with tools (e.g., find_privileged_users)
  • Use pre-built prompts for common security tasks

Example Queries

  • "Analyze the MFA status of users in this Azure AD tenant"
  • "Find all users with privileged roles"
  • "Check for applications with secrets or certificates"
  • "Analyze the overall security posture of this Azure AD environment"

https://github.com/user-attachments/assets/806e9ccd-d80e-4058-be4f-9d37095f1fd6

Resources Available

  • roadrecon://stats - Summary statistics
  • roadrecon://users - All users
  • roadrecon://users/{id} - User details
  • roadrecon://groups - All groups
  • roadrecon://groups/{id} - Group details
  • roadrecon://applications - All applications
  • roadrecon://applications/{id} - Application details
  • roadrecon://serviceprincipals - All service principals
  • roadrecon://serviceprincipals/{id} - Service principal details
  • roadrecon://devices - All devices
  • roadrecon://mfa - MFA status for all users
  • roadrecon://directoryroles - All directory roles
  • roadrecon://roledefinitions - All role definitions
  • roadrecon://approles - All app role assignments
  • roadrecon://oauth2permissions - All OAuth2 permission grants
  • roadrecon://tenantdetails - Tenant details

Tools Available

  • find_privileged_users() - Find users with high-privilege roles
  • analyze_mfa_status() - Analyze MFA deployment across users
  • find_applications_with_secrets() - Find applications with secrets/certificates
  • analyze_groups() - Analyze group types and membership
  • identify_stale_accounts() - Find accounts that haven't logged in or changed password within a specified period
  • analyze_pim_implementation() - Assess Privileged Identity Management implementation
  • analyze_service_principal_credentials() - Find over-permissioned service principals with long-lived credentials
  • analyze_legacy_authentication() - Identify risks from legacy authentication protocols that bypass MFA
  • analyze_conditional_access_policies(file_path: str = "") - Analyze conditional access policies from an HTML file. Looks for the file at "C:\Temp\caps.html" by default, or prompts the user to specify a file path if not found.

Prompts Available

  • analyze_security_posture - Comprehensive security analysis
  • analyze_privileged_access - Analysis of privileged access model
  • investigate_application_risks - Application security risk assessment
  • analyze_identity_security - Identity security configuration analysis
  • analyze_stale_accounts - Analysis of inactive user accounts
  • analyze_privileged_access_management - PIM implementation assessment
  • analyze_service_principal_security - Service principal credential risk analysis
  • analyze_legacy_authentication_risks - Legacy authentication protocol risk assessment
  • analyze_conditional_access - Analysis of conditional access policies and recommendations
  • comprehensive_security_review - Complete security review of the entire environment

License

MIT

Star History

Star History Chart

Repository Owner

atomicchonk

Repository Details

Language Python
Default Branch main
Size 46 KB
Contributors 1
License MIT License
MCP Verified Nov 12, 2025

Programming Languages

Python
100%

Join Our Newsletter

Stay updated with the latest AI tools, news, and offers by subscribing to our weekly newsletter.

We respect your privacy. Unsubscribe at any time.

Related MCPs

Discover similar Model Context Protocol servers

  • Azure DevOps MCP Server

    Azure DevOps MCP Server

    Standardized AI access to Azure DevOps via Model Context Protocol.

    Implements the Model Context Protocol (MCP) to enable AI assistants to securely and efficiently interact with Azure DevOps resources. Provides a standardized bridge for managing projects, work items, repositories, pull requests, and pipelines through natural language interfaces. Supports modular authentication and a feature-based architecture for scalability and integration. Facilitates seamless integration with AI tools such as Claude Desktop and Cursor AI.

    • 306
    • MCP
    • Tiberriver256/mcp-server-azure-devops
  • RAD Security MCP Server

    RAD Security MCP Server

    AI-powered security insights for Kubernetes and cloud environments via the Model Context Protocol.

    RAD Security MCP Server is an implementation of the Model Context Protocol designed to deliver AI-powered security insights and operations for Kubernetes and cloud platforms. It serves as an MCP server for RAD Security, providing a range of toolkits for container, cluster, identity, audit, and threat management. The server is easily configurable via environment variables, allowing for flexible toolkit activation and authentication options. Multiple deployment options are supported, including Node.js, Docker, and integration with development environments like Cursor IDE and Claude Desktop.

    • 5
    • MCP
    • rad-security/mcp-server
  • Azure MCP Server

    Azure MCP Server

    Connect AI agents with Azure services through Model Context Protocol.

    Azure MCP Server provides a seamless interface between AI agents and Azure services by implementing the Model Context Protocol (MCP) specification. It enables integration with tools like GitHub Copilot for Azure and supports a wide range of Azure resource management tasks directly via conversational AI interfaces. Designed for extensibility and compatibility, it offers enhanced contextual capabilities for agents working with Azure environments.

    • 1,178
    • MCP
    • Azure/azure-mcp
  • Make MCP Server (legacy)

    Make MCP Server (legacy)

    Enable AI assistants to utilize Make automation workflows as callable tools.

    Make MCP Server (legacy) provides a Model Context Protocol (MCP) server that connects AI assistants with Make scenarios configured for on-demand execution. It parses and exposes scenario parameters, allowing AI systems to invoke automation workflows and receive structured JSON outputs. The server supports secure integration through API keys and facilitates seamless communication between AI and Make's automation platform.

    • 142
    • MCP
    • integromat/make-mcp-server
  • mcp-recon

    mcp-recon

    Conversational reconnaissance interface and MCP server for HTTP and ASN analysis.

    mcp-recon acts as a conversational interface and Model Context Protocol (MCP) server, enabling seamless web domain and ASN reconnaissance through natural language prompts. It integrates powerful tooling like httpx and asnmap to conduct lightweight or full HTTP analysis and ASN lookups, exposing these capabilities to any MCP-compatible AI assistant. With predefined prompts and Docker-based deployment, it streamlines infrastructure analysis via AI interfaces such as Claude Desktop.

    • 22
    • MCP
    • nickpending/mcp-recon
  • MCP Server for TheHive

    MCP Server for TheHive

    Connect AI-powered automation tools to TheHive incident response platform via MCP.

    MCP Server for TheHive enables AI models and automation clients to interact with TheHive incident response platform using the Model Context Protocol. It provides tools to retrieve and analyze security alerts, manage cases, and automate incident response operations. The server facilitates seamless integration by exposing these functionalities over the standardized MCP protocol through stdio communication. It offers both pre-compiled binaries and a source build option with flexible configuration for connecting to TheHive instances.

    • 11
    • MCP
    • gbrigandi/mcp-server-thehive
    • View all Alternatives

    Didn't find tool you were looking for?

    Be as detailed as possible for better results