Share
## https://sploitus.com/exploit?id=A03A5F4B-FAEF-5645-B215-DA2D4B834049
# Vulnerability Research MCP Server
A vulnerability research MCP server designed for penetration testing experts. It integrates multiple vulnerability data sources and provides a unified interface for vulnerability research. ---
## ๐ Features
### Core Tools (6)
| Tool Name | Function | Data Source |
|----------|--------|--------------|
| `search_cve` | Search for CVE vulnerabilities | NVD API |
| `get_cve_details` | Retrieve details about CVEs | NVD API |
| `search_exploit` | Search for PoC/EXPs | Exploit-DB |
| `cvss_calculator` | Calculate CVSS v3.1 score | CVSS standard |
| `cwe_mapping` | Query CWE categories | MITRE CWE |
| `find_nuclei_template` | Find Nuclei templates | Nuclei Templates |
---
## ๐ฆ Installation
### 1. Clone the repository
```bash
cd E:\QClawCache\workspace-agent-c3e0083a\vuln-research-mcp
```
### 2. Install dependencies
```bash
pip install -r requirements.txt
```
### 3. Configure Claude Desktop
Edit `claude_desktop_config.json`:
```json
{
"mcpServers": {
"vuln-research": {
"command": "python",
"args": [
"E:\\QClawCache\\workspace-agent-c3e0083a\\vuln-research-mcp\\src\\server.py"
]
}
}
}
```
---
## ๐ง Usage
### Example 1: Search for Log4j vulnerabilities
```
You: Help me search for Log4j-related CVEs.
Claude: Call the `search_cve` tool.
Parameter: keyword="Apache Log4j")
Result: Returns CVE-2021-44228 and related vulnerabilities.
```
### Example 2: Retrieve details about CVE-2021-44228
```
You: Retrieve details about CVE-2021-44228.
Claude: Call the `get_cve_details` tool.
Result: Returns CVSS 9.8, affected versions, and fix suggestions.
```
### Example 3: Calculate CVSS score
```
You: Calculate the CVSS score for this vulnerability:
- Attack vector: Network
- Attack complexity: Low
- Permission requirement: None
- User interaction: None
- Scope: Unchanged
- Confidentiality: High
- Integrity: High
- Availability: High
Claude: Call the `cvss_calculator` tool.
Result: CVSS 9.8 (Critical).
```
---
## ๐ ๏ธ Development Plan
### Current Status (v0.1.0)
- โ
Basic MCP server framework
- โ
`search_cve` tool (fully implemented)
- โ
`get_cve_details` tool (fully implemented)
- โ
`cvss_calculator` tool (simplified implementation)
- โ ๏ธ `search_exploit` tool (placeholder, requires Exploit-DB API)
- โ ๏ธ `cwe_mapping` tool (simplified implementation, only common CWEs)
- โ ๏ธ `find_nuclei_template` tool (placeholder, requires local repository)
### Next Steps
1. **Integrate Exploit-DB API**
- Use the official API or local searchsploit
- Support searching by CVE, keyword, and type
2. **Improve the CWE database**
- Download the complete list of MITRE CWEs
- Support retrieving details by CWE-ID
3. **Integrate Nuclei Templates**
- Automatically clone the nuclei-templates repository
- Support searching by tag and severity level
4. **Add more data sources**
- CISA KEV (known exploit directories)
- GitHub Security Advisories
---
## ๐ Security Announcements
### ๐ Security Notes
#### Legal Risks
1. **Forbidden for authorized testing only**
- This tool can only be used for penetration testing with written authorization.
- Unauthorized use may violate laws.
2. **Compliance with data usage**
- The NVD API has rate limits (please comply).
- Exploit-DB data is used solely for legitimate purposes.
#### Security Development Recommendations
1. **Input validation**
- All input must undergo strict validation.
- Prevent attacks like command injection and path traversal.
2. **Audit logs**
- All tool calls are logged.
- Log file: `mcp-audit.log`
3. **Permission control**
- It is recommended to run the tool only in an isolated environment.
- Do not run it with root/admin privileges.
---
## ๐ Technical Documentation
### API Reference
#### `search_cve`
```python
Parameters:
- keyword (str, Required): Search keyword
- product (str, Optional): Product name
- version (str, Optional): Product version
- max_results (int, Default: 10) Maximum number of results
Return:
{
"total_results": int,
"vulnerabilities": [
{
"cve_id": str,
"published": str,
"cvss_score": float,
"severity": str,
"description": str
}
]
}
```
#### `cvss_calculator`
```python
Parameters:
- attack_vector (enum): NETWORK | ADJACENT_NETWORK | LOCAL | PHYSICAL
- attack_complexity (enum): LOW | HIGH
- privileges_required (enum): NONE | LOW | HIGH
- user_interaction (enum): NONE | REQUIRED
- scope (enum): UNCHANGED | CHANGED
- confidentiality (enum): NONE | LOW | HIGH
- integrity (enum): NONE | LOW | HIGH
- availability (enum): NONE | LOW | HIGH
Return:
{
"base_score": float,
"severity": str,
"vector": dict
}
```
---
## ๐ Troubleshooting
### Common Issues
1. **NVD API call failure**
- Check network connectivity.
- Ensure no rate limit exceeded.
- Try using a VPN.
2. **MCP server fails to start**
- Check Python version (must be 3.10+).
- Confirm all dependencies are installed.
- Review log files for detailed errors.
3. **Claude Desktop cannot recognize the tool**
- Check the configuration file path.
- Restart Claude Desktop.
- Check the Developer Tools console.
---
## ๐ License
MIT License
---
## ๐ค Author
Penetration Testing Expert Agent
---
## ๐ Related Resources
- [Model Context Protocol Official Documentation](https://modelcontextprotocol.io)
- [NVD API Documentation](https://nvd.nist.gov/developers/vulnerabilities)
- [CVSS v3.1 Specification](https://www.first.org/cvss/v3.1/specification-document)
- [Nuclei Templates](https://github.com/projectdiscovery/nuclei-templates)