Share
## https://sploitus.com/exploit?id=A03A5F4B-FAEF-5645-B215-DA2D4B834049
# Vulnerability Research MCP Server

A vulnerability research MCP server designed for penetration testing experts. It integrates multiple vulnerability data sources and provides a unified interface for vulnerability research. ---

## ๐Ÿš€ Features

### Core Tools (6)

| Tool Name | Function | Data Source |
|----------|--------|--------------|
| `search_cve` | Search for CVE vulnerabilities | NVD API |
| `get_cve_details` | Retrieve details about CVEs | NVD API |
| `search_exploit` | Search for PoC/EXPs | Exploit-DB |
| `cvss_calculator` | Calculate CVSS v3.1 score | CVSS standard |
| `cwe_mapping` | Query CWE categories | MITRE CWE |
| `find_nuclei_template` | Find Nuclei templates | Nuclei Templates |

---

## ๐Ÿ“ฆ Installation

### 1. Clone the repository

```bash
cd E:\QClawCache\workspace-agent-c3e0083a\vuln-research-mcp
```

### 2. Install dependencies

```bash
pip install -r requirements.txt
```

### 3. Configure Claude Desktop

Edit `claude_desktop_config.json`:

```json
{
  "mcpServers": {
    "vuln-research": {
      "command": "python",
      "args": [
        "E:\\QClawCache\\workspace-agent-c3e0083a\\vuln-research-mcp\\src\\server.py"
      ]
    }
  }
}
```

---

## ๐Ÿ”ง Usage

### Example 1: Search for Log4j vulnerabilities

```
You: Help me search for Log4j-related CVEs.
Claude: Call the `search_cve` tool.
Parameter: keyword="Apache Log4j")
Result: Returns CVE-2021-44228 and related vulnerabilities.
```

### Example 2: Retrieve details about CVE-2021-44228

```
You: Retrieve details about CVE-2021-44228.
Claude: Call the `get_cve_details` tool.
Result: Returns CVSS 9.8, affected versions, and fix suggestions.
```

### Example 3: Calculate CVSS score

```
You: Calculate the CVSS score for this vulnerability:
- Attack vector: Network
- Attack complexity: Low
- Permission requirement: None
- User interaction: None
- Scope: Unchanged
- Confidentiality: High
- Integrity: High
- Availability: High
Claude: Call the `cvss_calculator` tool.
Result: CVSS 9.8 (Critical).
```

---

## ๐Ÿ› ๏ธ Development Plan

### Current Status (v0.1.0)

- โœ… Basic MCP server framework
- โœ… `search_cve` tool (fully implemented)
- โœ… `get_cve_details` tool (fully implemented)
- โœ… `cvss_calculator` tool (simplified implementation)
- โš ๏ธ `search_exploit` tool (placeholder, requires Exploit-DB API)
- โš ๏ธ `cwe_mapping` tool (simplified implementation, only common CWEs)
- โš ๏ธ `find_nuclei_template` tool (placeholder, requires local repository)

### Next Steps

1. **Integrate Exploit-DB API**
   - Use the official API or local searchsploit
   - Support searching by CVE, keyword, and type

2. **Improve the CWE database**
   - Download the complete list of MITRE CWEs
   - Support retrieving details by CWE-ID

3. **Integrate Nuclei Templates**
   - Automatically clone the nuclei-templates repository
   - Support searching by tag and severity level

4. **Add more data sources**
   - CISA KEV (known exploit directories)
   - GitHub Security Advisories

---

## ๐Ÿ”’ Security Announcements

### ๐Ÿ”’ Security Notes

#### Legal Risks

1. **Forbidden for authorized testing only**
   - This tool can only be used for penetration testing with written authorization.
   - Unauthorized use may violate laws.

2. **Compliance with data usage**
   - The NVD API has rate limits (please comply).
   - Exploit-DB data is used solely for legitimate purposes.

#### Security Development Recommendations

1. **Input validation**
   - All input must undergo strict validation.
   - Prevent attacks like command injection and path traversal.

2. **Audit logs**
   - All tool calls are logged.
   - Log file: `mcp-audit.log`

3. **Permission control**
   - It is recommended to run the tool only in an isolated environment.
   - Do not run it with root/admin privileges.

---

## ๐Ÿ“š Technical Documentation

### API Reference

#### `search_cve`

```python
Parameters:
  - keyword (str, Required): Search keyword
  - product (str, Optional): Product name
  - version (str, Optional): Product version
  - max_results (int, Default: 10) Maximum number of results

Return:
  {
    "total_results": int,
    "vulnerabilities": [
      {
        "cve_id": str,
        "published": str,
        "cvss_score": float,
        "severity": str,
        "description": str
      }
    ]
  }
```

#### `cvss_calculator`

```python
Parameters:
  - attack_vector (enum): NETWORK | ADJACENT_NETWORK | LOCAL | PHYSICAL
  - attack_complexity (enum): LOW | HIGH
  - privileges_required (enum): NONE | LOW | HIGH
  - user_interaction (enum): NONE | REQUIRED
  - scope (enum): UNCHANGED | CHANGED
  - confidentiality (enum): NONE | LOW | HIGH
  - integrity (enum): NONE | LOW | HIGH
  - availability (enum): NONE | LOW | HIGH

Return:
  {
    "base_score": float,
    "severity": str,
    "vector": dict
  }
```

---

## ๐Ÿ› Troubleshooting

### Common Issues

1. **NVD API call failure**
   - Check network connectivity.
   - Ensure no rate limit exceeded.
   - Try using a VPN.

2. **MCP server fails to start**
   - Check Python version (must be 3.10+).
   - Confirm all dependencies are installed.
   - Review log files for detailed errors.

3. **Claude Desktop cannot recognize the tool**
   - Check the configuration file path.
   - Restart Claude Desktop.
   - Check the Developer Tools console.

---

## ๐Ÿ“„ License

MIT License

---

## ๐Ÿ‘ค Author

Penetration Testing Expert Agent

---

## ๐Ÿ”— Related Resources

- [Model Context Protocol Official Documentation](https://modelcontextprotocol.io)
- [NVD API Documentation](https://nvd.nist.gov/developers/vulnerabilities)
- [CVSS v3.1 Specification](https://www.first.org/cvss/v3.1/specification-document)
- [Nuclei Templates](https://github.com/projectdiscovery/nuclei-templates)