High-risk tools in PentestMCP
4 of the 26 tools in PentestMCP are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
command_executionExecuteexecute powershell commands if we have pwned the user, possible to use ntlm or password for authentication
-
KerberoastExecuteThe goal of Kerberoasting is to harvest TGS tickets for services that run on behalf of user accounts in the AD, not computer accounts. Thus, part of these TGS tickets is encrypt...
-
run_blooodhound_queryExecuteRun a bloodhound cypher query of your choice (use this to collect information about the network and potentially identify attack vectors)
-
run_nmap_scanExecuterun an nmap scan on an ip or ip range (use the right nmap flags based on the first response)
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.