Understand your Azure attack surface in real time.
TokenMesh integrates Azure with MCP and LLMs to perform live security analysis across identities, roles, and resources. It surfaces privilege risks, misconfigurations, and attack paths directly from your environment—without manual enumeration.
Built for pentesters, red teamers, and defenders, TokenMesh combines cloud data with AI-driven reasoning to deliver fast, actionable security insights.
Model Context Protocol (MCP) is an open standard that allows AI models to interact with external tools and live data sources in a structured and secure way.
Think of MCP as a universal interface between:
- AI models (LLMs)
- External systems (APIs, databases, cloud environments)
Instead of copying data manually into an AI model, MCP enables:
- Direct tool execution
- Real-time data retrieval
- Structured JSON responses
Azure environments are complex and distributed:
- Hundreds of RBAC assignments
- Multiple service principals and identities
- Storage accounts across regions
- Hidden privilege escalation paths
Traditional analysis requires:
- Azure Portal
- CLI / PowerShell
- Graph Explorer
- Manual correlation
TokenMesh h replaces this with a single natural language interface.
Follow these steps to set up TokenMesh locally.
Make sure you have:
- Python 3.10 or higher
- Azure CLI installed
- MCP-compatible client (for MCP mode)
- OpenAI API key (for CLI mode)
git clone https://github.com/<your-username>/TokenMesh.git
cd TokenMesh
python -m venv venv
Activate it:
Windows (PowerShell):
.\venv\Scripts\Activate.ps1
Linux / macOS:
source venv/bin/activate
pip install -r requirements.txt
TokenMesh uses your Azure CLI session.
az login
Verify account:
az account show -o table
If needed, select subscription:
az account set --subscription "<your-subscription-id>"
Run:
python mcp_server.py
If no errors appear, installation is complete.
Press Ctrl + C to stop the server.
To use TokenMesh, your account needs read-only access:
- Reader (Azure Subscription): View resources and RBAC
- Global Reader (Entra ID): View users, groups, and service principals
These roles ensure data visibility while keeping everything strictly read-only.
TokenMesh supports two modes of operation:
- MCP Mode (for AI clients like Claude Desktop)
- CLI Mode (direct terminal interaction using an LLM API)
Use this mode if you want an AI assistant to directly interact with your Azure environment.
Instead of manually searching for the config file, you can access it directly from the Claude Desktop UI:
- Open Claude Desktop
- Go to Settings
- Navigate to the Developer section
- Click on “Edit Config”
This will open the MCP configuration file (claude_desktop_config.json) in your default editor.
Add the following configuration:
{
"mcpServers": {
"TokenMesh": {
"command": "python",
"args": [
""C:\\path\\to\\TokenMesh\\mcp_server.py""
],
"env": {
"AZURE_SUBSCRIPTION_ID": "<your-subscription-id>"
}
}
},
"preferences": {
<<Set Preferences>>
}
}
Replace:
<path>→ full path to your TokenMesh directory<your-subscription-id>→ fromaz account show
If your config already contains other sections, simply add "mcpServers" alongside them.
- Fully close Claude Desktop
- Make sure it is not running in the background (system tray)
- Reopen the application
Once the configuration is correct and the app is restarted:
- Open Claude Desktop
- Go to Settings → Developer
- Look for the MCP Servers section
You should see TokenMesh listed as a configured MCP server
Example queries:
- Find all high-privilege identities
- Detect backdoor service principals
- Show attack paths for this tenant
The AI will:
- Call TokenMesh tools
- Retrieve live Azure data
- Return analyzed results
Use this mode if you prefer working directly from the terminal.
Set your OpenAI API key as an environment variable
Windows (PowerShell):
$env:OPENAI_API_KEY="your-api-key-here"
macOS/Linux (bash/zsh):
export OPENAI_API_KEY="your-api-key-here"
Then Run:
python main.py --subscription-id <your-subscription-id>
You will enter an interactive session:
TokenMesh >>
Type queries like:
Find all Owner role assignments
Run a single command:
python main.py \
--subscription-id <sub-id> \
--openai-key <key> \
--prompt "Detect privilege escalation paths"
| Mode | Best For |
|---|---|
| MCP Mode | Interactive AI-assisted analysis |
| CLI Mode | Automation, scripting, quick checks |
Query Azure directly via MCP-enabled client.
Query:
Run backdoor detection. I want to know every service principal with Owner
access that could be used for persistent unauthorized access after a breach.
Output:
Run security queries from terminal using LLM API.
Query:
Find all Owner role assignments
Output:
Ready-to-use prompts organized by category. Click a category to see all prompts:
| Category | Description |
|---|---|
| Privilege Escalation Hunting | Find Owner/Contributor identities, crown jewel targets, ghost identities, UAA escalation |
| Backdoor & Persistence Detection | SP backdoors, guest user abuse, orphaned credentials, dual-access persistence |
| Storage Attack Surface | Public blob access, weak TLS, HTTP downgrade, network-open accounts |
| Attack Path Analysis | Kill chains, blast radius, shortest path to Owner, defender-disable paths |
| Lateral Movement & Scope Abuse | Cross-scope identities, group escalation, managed identity risk, cross-tenant SPs |
| Category | Description |
|---|---|
| Identity Hygiene & Governance | Disabled accounts with live roles, access reviews, CISO dashboards, stale access |
| Threat Detection & Hardening | Severity-ranked findings, MITRE mapping, least privilege audit, hardening checklists |
| Incident Response | Compromised SP triage, breach blast radius, emergency access review, post-incident cleanup |
| Compliance & Reporting | Audit-ready PDFs, risk scoring, executive summaries, quarterly reviews |
| Category | Description |
|---|---|
| Quick One-Liners | 12 fast copy-paste prompts for common tasks |
This tool is intended for authorized security assessments only.
- Ensure you have proper permission before use
- TokenMesh performs read-only operations
- Unauthorized usage is illegal
- Authors are not responsible for misuse
- AI has been used in the development of this tool
Saksham Agrawal Reach out on LinkedIn: