Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
No arguments | |||
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| run_query | 執行Cypher查詢並返回結果 Args: query: Cypher查詢字符串 parameters: 查詢參數字典 Returns: 查詢結果列表 |
| users_with_most_local_admin_rights | [WIP] Users with Most Local Admin Rights |
| computers_with_most_sessions | [WIP] Computers with Most Sessions [Required: sessions] |
| users_with_most_sessions | [WIP] Users with Most Sessions [Required: sessions] |
| non_privileged_users_with_dangerous_permissions | List non-privileged user(s) with dangerous permissions to any node type |
| route_non_privileged_users_with_dangerous_permissions | Route non-privileged user(s) with dangerous permissions to any node type |
| users_with_most_cross_domain_sessions | [WIP] Users with most cross-domain sessions [Required: sessions] |
| list_high_value_targets | List high value target(s) |
| list_domains | List domain(s) |
| list_domain_trusts | List domain trust(s) |
| list_enabled_users | List enabled user(s) |
| list_enabled_users_with_email | List enabled user(s) with an email address |
| list_non_managed_service_accounts | List non-managed service account(s) |
| list_enabled_principals_with_unconstrained_delegation | List enabled principal(s) with "Unconstrained Delegation" |
| list_enabled_principals_with_constrained_delegation | List enabled principal(s) with "Constrained Delegation" |
| list_domain_controllers | List domain controller(s) |
| list_domain_computers | List domain computer(s) |
| list_certificate_authority_servers | List Certificate Authority server(s) [Required: Certipy] |
| list_privileges_for_certificate_authority_servers | [WIP] List privileges for Certificate Authority server(s) [Required: Certipy] |
| list_all_certificate_templates | List all Certificate Template(s) [Required: Certipy] |
| find_enabled_certificate_templates | Find enabled Certificate Template(s) [Required: Certipy] |
| list_all_enrollment_rights_for_certificate_templates | [WIP] List all Enrollment Right(s) for Certificate Template(s) |
| list_computers_without_laps | List computer(s) WITHOUT LAPS |
| list_network_shares_ignoring_sysvol | List network share(s), ignoring SYSVOL |
| list_all_groups | List all group(s) |
| list_all_gpos | List all GPO(s) |
| list_all_principals_with_local_admin_permission | List all principal(s) with "Local Admin" permission |
| list_all_principals_with_rdp_permission | List all principal(s) with "RDP" permission |
| list_all_principals_with_sqladmin_permission | List all principal(s) with "SQLAdmin" permission |
| list_all_user_sessions | List all user session(s) [Required: sessions] |
| list_all_users_with_description_field | List all user(s) with description field |
| list_all_enabled_users_with_userpassword_attribute | List all enabled user(s) with "userpassword" attribute |
| list_all_enabled_users_with_password_never_expires | List all enabled user(s) with "password never expires" attribute |
| list_enabled_users_pwd_never_expires_unchanged_1yr | List all enabled user(s) with "password never expires" attribute and not changed in last year |
| list_all_enabled_users_with_no_password_required | List all enabled user(s) with "don't require passwords" attribute |
| list_all_enabled_users_never_logged_in | List all enabled user(s) but never logged in |
| list_all_enabled_users_logged_in_last_90_days | List all enabled user(s) that logged in within the last 90 days |
| list_all_enabled_users_set_password_last_90_days | List all enabled user(s) that set password within the last 90 days |
| list_all_enabled_users_with_foreign_group_membership | List all enabled user(s) with foreign group membership |
| list_all_owned_users | List all owned user(s) |
| list_all_owned_enabled_users | List all owned & enabled user(s) |
| list_all_owned_enabled_users_with_email | List all owned & enabled user(s) with an email address |
| list_own_en_usrs_local_adm_sess | List all owned & enabled user(s) with "Local Admin" permission, and any active sessions and their group membership(s) |
| list_all_owned_enabled_users_with_rdp_and_sessions | List all owned & enabled user(s) with "RDP" permission, and any active sessions and their group membership(s) |
| list_all_owned_enabled_users_with_sqladmin | List all owned & enabled user(s) with "SQLAdmin" permission |
| list_all_owned_computers | List all owned computer(s) |
| route_all_owned_enabled_group_memberships | Route all owned & enabled group membership(s) |
| route_all_owned_enabled_non_privileged_group_memberships | Route all owned & enabled non-privileged group(s) membership |
| route_all_owned_enabled_privileged_group_memberships | Route all owned & enabled privileged group(s) membership |
| route_owned_users_dangerous_rights_to_any | Route all owned & enabled user(s) with Dangerous Rights to any node type |
| route_owned_users_dangerous_rights_to_groups | Route all owned & enabled user(s) with Dangerous Rights to group(s) |
| route_own_en_usrs_dang_rts_usrs | Route all owned & enabled user(s) with Dangerous Rights to user(s) |
| route_own_en_usrs_unconst_del | Route from owned & enabled user(s) to all principals with "Unconstrained Delegation" |
| route_from_owned_enabled_principals_to_high_value_targets | Route from owned & enabled principals to high value target(s) |
| find_owned_users_with_azure_tenancy_access | Owned: [WIP] Find all owned user with privileged access to Azure Tenancy (Required: azurehound) |
| find_owned_users_with_group_granted_azure_access | Owned: [WIP] Find all owned user where group membership grants privileged access to Azure Tenancy (Required: azurehound) |
| find_azure_app_owners_with_dangerous_rights | Owned: [WIP] Find all Owners of Azure Applications with Owners to Service Principals with Dangerous Rights (Required: azurehound) |
| find_all_owned_groups_granting_network_share_access | Find all owned groups that grant access to network shares |
| route_all_sessions_to_computers_without_laps | Route all sessions to computers WITHOUT LAPS (Required: sessions) |
| route_all_sessions_to_computers | Route all sessions to computers (Required: sessions) |
| list_enabled_non_privileged_users_with_local_admin | List enabled non-privileged user(s) with "Local Admin" permission |
| list_non_priv_users_with_admin_and_sessions | List enabled non-privileged user(s) with "Local Admin" permission, and any active sessions and their group membership(s) |
| list_enabled_non_privileged_users_with_rdp | List enabled non-privileged user(s) with "RDP" permission |
| list_enabled_non_privileged_users_with_rdp_and_sessions | List enabled non-privileged user(s) with "RDP" permission, and any active sessions and their group membership(s) |
| list_enabled_non_privileged_users_with_sqladmin | List enabled non-privileged user(s) with "SQLAdmin" permission |
| list_all_domain_users_group_memberships | List all "Domain Users" group membership(s) |
| list_all_authenticated_users_group_memberships | List all "Authenticated Users" group membership(s) |
| find_all_enabled_as_rep_roastable_users | Find all enabled AS-REP roastable user(s) |
| find_all_enabled_kerberoastable_users | Find all enabled kerberoastable user(s) |
| route_non_privileged_users_with_dangerous_rights_to_users | Route non-privileged user(s) with dangerous rights to user(s) [HIGH RAM] |
| route_non_priv_usrs_dang_rts_grps | Route non-privileged user(s) with dangerous rights to group(s) [HIGH RAM] |
| route_non_priv_users_dangerous_rights_to_comps | Route non-privileged user(s) with dangerous rights to computer(s) [HIGH RAM] |
| route_non_privileged_users_with_dangerous_rights_to_gpos | Route non-privileged user(s) with dangerous rights to GPO(s) [HIGH RAM] |
| route_non_priv_users_dangerous_rights_to_priv_nodes | Route non-privileged user(s) with dangerous rights to privileged node(s) [HIGH RAM] |
| route_non_priv_comps_dangerous_rights_to_users | Route non-privileged computer(s) with dangerous rights to user(s) [HIGH RAM] |
| route_non_priv_comps_dangerous_rights_to_groups | Route non-privileged computer(s) with dangerous rights to group(s) [HIGH RAM] |
| route_non_priv_comps_dangerous_rights_to_comps | Route non-privileged computer(s) with dangerous rights to computer(s) [HIGH RAM] |
| route_non_priv_comps_dangerous_rights_to_gpos | Route non-privileged computer(s) with dangerous rights to GPO(s) [HIGH RAM] |
| route_non_priv_comps_dangerous_rights_to_priv_nodes | Route non-privileged computer(s) with dangerous rights to privileged node(s) [HIGH RAM] |
| list_esc1_vulnerable_certificate_templates | List ESC1 vulnerable Certificate Template(s) [Required: Certipy] |
| list_esc2_vulnerable_certificate_templates | List ESC2 vulnerable Certificate Template(s) [Required: Certipy] |
| list_esc3_vulnerable_certificate_templates | List ESC3 vulnerable Certificate Template(s) [Required: Certipy] |
| list_esc4_vulnerable_certificate_templates | List ESC4 vulnerable Certificate Template(s) [Required: Certipy] |
| list_esc6_vulnerable_certificate_templates | List ESC6 vulnerable Certificate Template(s) [Required: Certipy] |
| list_esc7_vulnerable_certificate_templates | List ESC7 vulnerable Certificate Template(s) [Required: Certipy] |
| list_esc8_vulnerable_certificate_templates | List ESC8 vulnerable Certificate Template(s) [Required: Certipy] |
| list_all_cross_domain_user_sessions_and_memberships | List all cross-domain user session(s) and user group membership(s) |
| list_privileged_users_without_protected_users | List privileged user(s) without "Protected Users" group membership |
| list_custom_privileged_groups | List custom privileged group(s) |
| list_en_svc_accts_priv_grp_mems | List all enabled SVC account(s) with privileged group membership(s) |
| route_priv_users_sessions_to_non_priv_comps | Route all privileged user(s) with sessions to non-privileged computer(s) [Required: sessions] |
| find_paths_dangerous_rights_to_adminsdholder | Find allshortestpaths with dangerous rights to AdminSDHolder object |
| find_allshortestpaths_with_dcsync_to_domain | Find allshortestpaths with DCSync to domain object |
| find_allshortestpaths_with_shadow_credential_permission | Find allshortestpaths with Shadow Credential permission to principal(s) |
| list_all_tenancy | List all Tenancy (Required: azurehound) |
| list_all_aad_groups_synchronized_with_ad | [WIP] List all AAD Group(s) that are synchronized with AD (Required: azurehound) |
| list_all_principals_used_for_syncing_ad_and_aad | [WIP] List all principal(s) used for syncing AD and AAD |
| list_all_enabled_azure_users | List all enabled Azure User(s) (Required: azurehound) |
| list_all_enabled_azure_users_group_memberships | List all enabled Azure User(s) Azure Group membership(s) (Required: azurehound) |
| list_all_ad_principals_with_edges_to_azure_principals | [WIP] List all AD principal(s) with edge(s) to Azure principal(s) (Required: azurehound) |
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
| prompt |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
No resources | |