Skip to main content
Glama
YoussefSahnoun

PentestMCP

by YoussefSahnoun
OverviewSchemaRelated ServersScoreDiscussions
Python
Local

bruteforce_rid_users

Enumerate Active Directory users by brute-forcing RID values to identify accounts for security assessments and penetration testing.

Instructions

Bruteforce rid to enumerate users

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
ipsYes

Implementation Reference

  • src/pentestmcp/server.py:224-227 (handler)
    Handler function for the 'bruteforce_rid_users' tool, decorated with @mcp.tool for registration. It executes netexec smb with --rid-brute on the provided IP list to enumerate users via RID brute force.
    @mcp.tool(name="bruteforce_rid_users",description="Bruteforce rid to enumerate users")
def bruteforce_rid_users(ips:List[str]):
    return run_command(["netexec","smb"]+ips+["--rid-brute"])
  • src/pentestmcp/server.py:224-224 (registration)
    Registration of the tool via @mcp.tool decorator specifying the name and description.
    @mcp.tool(name="bruteforce_rid_users",description="Bruteforce rid to enumerate users")
  • src/pentestmcp/server.py:28-86 (helper)
    Helper function run_command used by bruteforce_rid_users to execute the netexec command.
    def run_command(command: List[str], timeout: int = 150,communicate:bool=False) -> Dict[str, Union[str, int, bool]]:
    try:
        logger.info(f"communicate :{communicate}")
        logger.info(f"Running command: {' '.join(command)}")
        if communicate:
            # Use Popen for interactive communication
            process = subprocess.Popen(
                command,
                stdout=subprocess.PIPE,
                stderr=subprocess.PIPE,
                stdin=subprocess.PIPE,
                text=True
            )
            stdout, stderr = process.communicate(input="y\n", timeout=timeout)
            returncode = process.returncode
        else:
            # Use run for non-interactive commands
            result = subprocess.run(
                command,
                stdout=subprocess.PIPE,
                stderr=subprocess.PIPE,
                text=True,
                check=True,
                timeout=timeout
            )
            stdout = result.stdout
            stderr = result.stderr
            returncode = result.returncode

        logger.info(f"Command completed with return code {returncode}")
        return {
            "success": True,
            "stdout": stdout,
            "stderr": stderr,
            "returncode": returncode
        }
        
    except subprocess.CalledProcessError as e:
        logger.error(f"Command failed with return code {e.returncode}: {e.stderr}")
        return {
            "success": False,
            "stdout": e.stdout,
            "stderr": e.stderr,
            "returncode": e.returncode,
            "error": f"Command failed with return code {e.returncode}"
        }
    except subprocess.TimeoutExpired as e:
        logger.error(f"Command timed out after {timeout} seconds")
        return {
            "success": False,
            "error": f"Command timed out after {timeout} seconds"
        }
    except Exception as e:
        logger.error(f"Error running command: {str(e)}")
        return {
            "success": False,
            "error": str(e)
        }
Install Server

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/YoussefSahnoun/PentestMCP'

If you have feedback or need assistance with the MCP directory API, please join our Discord server