home / mcp / roadrecon mcp server
Provides Azure AD data access and security analysis via MCP for ROADRecon data sources.
Configuration
View docs{
"mcpServers": {
"atomicchonk-roadrecon_mcp_server": {
"command": "python",
"args": [
"roadrecon_mcp_server.py"
],
"env": {
"ROADRECON_URL": "http://localhost:5000 (or your ROADRecon URL)"
}
}
}
}You can run a ROADrecon MCP Server to give AI assistants access to your ROADRecon Azure AD data for security analysis. This server exposes Azure AD resources, offers built-in analysis tools, and provides pre-built prompts to help you perform common security tasks with an MCP client like Claude Desktop.
To use the ROADrecon MCP Server, start the server and connect your MCP client or Claude Desktop. Once connected, you can browse resources such as users, groups, applications, and devices, run security analyses, and invoke pre-built prompts to assess your Azure AD security posture. Use the server to query data sources, run tools to detect risks, and apply prompts that guide you through security tasks like identifying privileged accounts, checking MFA deployment, and reviewing credentials for service principals and applications.
Prerequisites you need before installation:
- Python 3.8+
- A running ROADRecon instance with its web GUI accessible
- An MCP-compatible client (for example Claude Desktop)
Steps to install and run the server:
# Install Python dependencies
pip install -r requirements.txt
# Run the MCP server using the default ROADRecon URL
python roadrecon_mcp_server.py
# To point to a specific ROADRecon instance, set ROADRECON_URL before starting
ROADRECON_URL=http://localhost:8080 python roadrecon_mcp_server.py- The server exposes ROADRecon data through the MCP interface and relies on the ROADRecon URL you provide in the ROADRECON_URL environment variable. If you need to point to a non-default ROADRecon instance, set ROADRECON_URL to that instance URL before starting the server.
- After starting, you can connect Claude Desktop or other MCP clients and begin querying resources such as users, groups, applications, and service principals. You can also execute security analysis tools and use pre-built prompts to perform common security tasks.
1. Open Claude Desktop.
2. Go to Settings → Servers → Add Server.
3. Select "Add from running server". The server should appear in the list; click "Install".
4. If prompted, follow any on-screen instructions to complete the setup. The server will be available for use after installation.
- Analyze the MFA status of users in this Azure AD tenant.
- Find all users with privileged roles.
- Check for applications with secrets or certificates.
- Analyze the overall security posture of this Azure AD environment.
- `roadrecon://stats` – Summary statistics
- `roadrecon://users` – All users
- `roadrecon://users/{id}` – User details
- `roadrecon://groups` – All groups
- `roadrecon://groups/{id}` – Group details
- `roadrecon://applications` – All applications
- `roadrecon://applications/{id}` – Application details
- `roadrecon://serviceprincipals` – All service principals
- `roadrecon://serviceprincipals/{id}` – Service principal details
- `roadrecon://devices` – All devices
- `roadrecon://mfa` – MFA status for all users
- `roadrecon://directoryroles` – All directory roles
- `roadrecon://roledefinitions` – All role definitions
- `roadrecon://approles` – All app role assignments
- `roadrecon://oauth2permissions` – All OAuth2 permission grants
- `roadrecon://tenantdetails` – Tenant details- find_privileged_users() – Find users with high-privilege roles
- analyze_mfa_status() – Analyze MFA deployment across users
- find_applications_with_secrets() – Find applications with secrets/certificates
- analyze_groups() – Analyze group types and membership
- identify_stale_accounts() – Find accounts that haven't logged in or changed password within a specified period
- analyze_pim_implementation() – Assess Privileged Identity Management implementation
- analyze_service_principal_credentials() – Find over-permissioned service principals with long-lived credentials
- analyze_legacy_authentication() – Identify risks from legacy authentication protocols that bypass MFA
- analyze_conditional_access_policies(file_path: str = "") – Analyze conditional access policies from an HTML file. Looks for the file at "C:\Temp\caps.html" by default, or prompts the user to specify a file path if not found.
- analyze_security_posture – Comprehensive security analysis
- analyze_privileged_access – Analysis of privileged access model
- investigate_application_risks – Application security risk assessment
- analyze_identity_security – Identity security configuration analysis
- analyze_stale_accounts – Analysis of inactive user accounts
- analyze_privileged_access_management – PIM implementation assessment
- analyze_service_principal_security – Service principal credential risk analysis
- analyze_legacy_authentication_risks – Legacy authentication protocol risk assessment
- analyze_conditional_access – Analysis of conditional access policies and recommendations
- comprehensive_security_review – Complete security review of the entire environment
MIT
Identify users who hold high-privilege roles within the Azure AD tenant.
Evaluate MFA deployment and coverage across all users.
Detect applications that store secrets or certificates vulnerable to exposure.
Analyze group types, membership, and distribution for risk patterns.
Find accounts that have not logged in or changed credentials within a defined period.
Assess Privileged Identity Management setup and effectiveness.
Find over-permissioned service principals with long-lived credentials.
Identify risks from legacy authentication methods bypassing MFA.
Analyze conditional access policies (from HTML file by default) to identify gaps.