## https://sploitus.com/exploit?id=A7534B6A-9CEA-5E15-BDCD-9555B4EDD59F
# shenlong-cve-mcp
The MCP Server from the [Shenlong Vulnerability Database](https://cve.imfht.com). Allow Claude to directly query CVEs, obtain AI analysis context, and write POCs. ## Features
| Tool | Description | Required API Key |
|------|------|:-----------|
| `cve_lookup` | Query details of CVEs: title, CVSS, affected versions, KEV/EPSS | No |
| `get_cve_context` | Complete technical context: AI 10-question analysis + reference link summaries + threat intelligence | No |
| `cve_search` | Search for vulnerabilities in the database by keyword | No |
| `get_ai_poc` | Obtain pre-stored AI POC reports from the database (Full content available for paid plans) | Yes |
| `generate_ai_poc` | Trigger AI POC generation and storage (Pro plan) | Yes |
| `get_quota` | Query API Key quotas | Yes |
## Installation
### Method 1: pip (Recommended)
```bash
pip install git+https://github.com/imfht/shenlong-cve-mcp.git
```
### Method 2: uvx (No installation required; requires publishing to PyPI first)
```bash
uvx shenlong-cve-mcp
```
## Configuration
### Obtain API Key
Log in to the [Shenlong Vulnerability Database](https://cve.imfht.com) โ User Center โ API Keys โ Create (Format: `cveak_xxx`)
Free users can also use `cve_lookup`, `get_cve_context`, and `cve_search` without an API key. ---
### Claude Desktop
Edit `~/Library/Application Support/Claude/claude_desktop_config.json` (macOS)
or `%APPDATA%\Claude\claude_desktop_config.json` (Windows):
```json
{
"mcpServers": {
"shenlong-cve": {
"command": "shenlong-cve-mcp",
"env": {
"SHENLONG_API_KEY": "cveak_yourKey"
}
}
}
}
```
### Claude Code
Create `.claude/settings.json` in the project root directory, or edit `~/.claude/settings.json` (global):
```json
{
"mcpServers": {
"shenlong-cve": {
"command": "shenlong-cve-mcp",
"env": {
"SHENLONG_API_KEY": "cveak_yourKey"
}
}
}
}
```
---
## Usage Example
After enabling MCP, say to Claude:
```
Help me analyze the attack mechanism of CVE-2021-44228 (Log4Shell), and write a Python PoC.
```
Claude will automatically call:
1. `cve_lookup("CVE-2021-44228")` โ Highly vulnerable with CVSS 9.9, KEV available for exploitation, 95% EPSS
2. `get_cve_context("CVE-2021-44228")` โ AI 10-question analysis + 30 reference link summaries
3. Analyze and write a PoC based on the above data.
Other examples:
- "Search for Apache Struts-related vulnerabilities, identify the most critical ones"
- "What is the supply chain attack mechanism of CVE-2024-3094? Can it be reproduced?"
- "Check how much quota I have left for my API"
## Environment Variables
| Variable | Description | Default Value |
|------|------|--------|
| `SHENLONG_API_KEY` | API Key (`cveak_xxx`) | None (Free features still available) |
| `SHENLONG_API_BASE` | Base API address | `https://cve.imfht.com` |
## Plan Description
| Plan | Free Tools | get_ai_poc | generate_ai_poc |
|------|---------|-----------|----------------|
| Free | โ | 300-word preview | โ |
| Pro | โ | โ Full version | โ 50 queries per day |
| Pro+ | โ | โ Full version | โ 100 queries per day |
| Enterprise | โ | โ Full version | โ Unlimited |
Upgrade plans: https://cve.imfht.com/pricing
## Disclaimer
This tool is intended only for authorized security research, vulnerability assessment, CTF competitions, and defensive testing. Users must comply with local laws and regulations. Unauthorized attacks are prohibited.