Rubeus MCP Server

27 tools. 19 can modify or destroy data without limits.

1 destructive tool with no built-in limits. Policy required.

Last updated:

19 can modify or destroy data
8 read-only
27 tools total

Community server · catalogue entry verified 03/07/2026

How to control Rubeus MCP Server ↓

What Rubeus MCP Server exposes to your agents

Read (8) Write / Execute (18) Destructive / Financial (1)
Critical Risk

The most dangerous Rubeus MCP Server tools

19 of Rubeus MCP Server's 27 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

How to control Rubeus MCP Server

PolicyLayer is an MCP gateway — it sits between your AI agents and Rubeus MCP Server, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations
{
  "rubeus_purge": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "rubeus_kirbi": {
    "limits": [
      {
        "counter": "rubeus_kirbi_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "rubeus_check_environment": {
    "limits": [
      {
        "counter": "rubeus_check_environment_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register Rubeus MCP Server — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON RUBEUS →

Instant setup, no code required.

All 27 Rubeus MCP Server tools

EXECUTE 17 tools
Execute rubeus_asktgs Request Service Tickets (TGS) for specified Service Principal Names (SPNs). Requires a valid TGT (provided as Execute rubeus_asktgt Request a Ticket Granting Ticket (TGT) using user credentials. Supports multiple authentication methods: - Pa Execute rubeus_asrep2kirbi Convert an AS-REP response to kirbi ticket format. Takes a raw AS-REP response and converts it to a usable ki Execute rubeus_asreproast Perform AS-REP Roasting against accounts that don Execute rubeus_changepw Change/reset a user Execute rubeus_createnetonly Create a new process with network credentials (logon type 9). Creates a process that uses different credentia Execute rubeus_diamond Forge a Diamond Ticket (modified legitimate TGT). Requests a legitimate TGT and then modifies it with new PAC Execute rubeus_golden Forge a Golden Ticket (forged TGT with krbtgt hash). Creates a TGT that grants domain-wide access. Requires: Execute rubeus_harvest Continuously monitor for and harvest new TGTs. Runs in a loop, extracting new TGTs as they appear and optiona Execute rubeus_hash Calculate Kerberos password hashes from plaintext. Computes the various Kerberos encryption keys from a passw Execute rubeus_kerberoast Perform Kerberoasting attack to extract service account password hashes. Requests TGS tickets for accounts wi Execute rubeus_ptt Pass-the-ticket: Apply a Kerberos ticket to the current logon session. Imports a ticket (from base64 or .kirb Execute rubeus_renew Renew an existing TGT to extend its validity period. Can optionally auto-renew continuously until the renewab Execute rubeus_s4u Perform S4U (Service for User) constrained/unconstrained delegation abuse. Implements: - S4U2Self: Obtain ser Execute rubeus_silver Forge a Silver Ticket (forged TGS with service account hash). Creates a service ticket for a specific service Execute rubeus_tgssub Substitute the service name in a service ticket. Replaces the SPN in an existing TGS with a different service Execute rubeus_tgtdeleg Extract a usable TGT for the current user without elevation. Uses Kerberos GSS-API to abuse the delegation me

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Questions about Rubeus MCP Server

Can an AI agent delete data through the Rubeus MCP Server MCP server? +

Yes. The Rubeus MCP Server server exposes 1 destructive tools including rubeus_purge. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Rubeus MCP Server? +

The Rubeus MCP Server server has 1 write tools including rubeus_kirbi. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Rubeus MCP Server.

How many tools does the Rubeus MCP Server MCP server expose? +

27 tools across 3 categories: Destructive, Read, Write. 8 are read-only. 19 can modify, create, or delete data.

How do I enforce a policy on Rubeus MCP Server? +

Register the Rubeus MCP Server MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Rubeus MCP Server tool call.

Deterministic rules across all 27 Rubeus MCP Server tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

Instant setup, no code required.

27 Rubeus MCP Server tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.