Share
## https://sploitus.com/exploit?id=A7534B6A-9CEA-5E15-BDCD-9555B4EDD59F
# shenlong-cve-mcp

The MCP Server from the [Shenlong Vulnerability Database](https://cve.imfht.com). Allow Claude to directly query CVEs, obtain AI analysis context, and write POCs. ## Features

| Tool | Description | Required API Key |
|------|------|:-----------|
| `cve_lookup` | Query details of CVEs: title, CVSS, affected versions, KEV/EPSS | No |
| `get_cve_context` | Complete technical context: AI 10-question analysis + reference link summaries + threat intelligence | No |
| `cve_search` | Search for vulnerabilities in the database by keyword | No |
| `get_ai_poc` | Obtain pre-stored AI POC reports from the database (Full content available for paid plans) | Yes |
| `generate_ai_poc` | Trigger AI POC generation and storage (Pro plan) | Yes |
| `get_quota` | Query API Key quotas | Yes |

## Installation

### Method 1: pip (Recommended)

```bash
pip install git+https://github.com/imfht/shenlong-cve-mcp.git
```

### Method 2: uvx (No installation required; requires publishing to PyPI first)

```bash
uvx shenlong-cve-mcp
```

## Configuration

### Obtain API Key

Log in to the [Shenlong Vulnerability Database](https://cve.imfht.com) โ†’ User Center โ†’ API Keys โ†’ Create (Format: `cveak_xxx`)

Free users can also use `cve_lookup`, `get_cve_context`, and `cve_search` without an API key. ---

### Claude Desktop

Edit `~/Library/Application Support/Claude/claude_desktop_config.json` (macOS)
or `%APPDATA%\Claude\claude_desktop_config.json` (Windows):

```json
{
  "mcpServers": {
    "shenlong-cve": {
      "command": "shenlong-cve-mcp",
      "env": {
        "SHENLONG_API_KEY": "cveak_yourKey"
      }
    }
  }
}
```

### Claude Code

Create `.claude/settings.json` in the project root directory, or edit `~/.claude/settings.json` (global):

```json
{
  "mcpServers": {
    "shenlong-cve": {
      "command": "shenlong-cve-mcp",
      "env": {
        "SHENLONG_API_KEY": "cveak_yourKey"
      }
    }
  }
}
```

---

## Usage Example

After enabling MCP, say to Claude:

```
Help me analyze the attack mechanism of CVE-2021-44228 (Log4Shell), and write a Python PoC.
```

Claude will automatically call:
1. `cve_lookup("CVE-2021-44228")` โ†’ Highly vulnerable with CVSS 9.9, KEV available for exploitation, 95% EPSS
2. `get_cve_context("CVE-2021-44228")` โ†’ AI 10-question analysis + 30 reference link summaries
3. Analyze and write a PoC based on the above data.

Other examples:
- "Search for Apache Struts-related vulnerabilities, identify the most critical ones"
- "What is the supply chain attack mechanism of CVE-2024-3094? Can it be reproduced?"
- "Check how much quota I have left for my API"

## Environment Variables

| Variable | Description | Default Value |
|------|------|--------|
| `SHENLONG_API_KEY` | API Key (`cveak_xxx`) | None (Free features still available) |
| `SHENLONG_API_BASE` | Base API address | `https://cve.imfht.com` |

## Plan Description

| Plan | Free Tools | get_ai_poc | generate_ai_poc |
|------|---------|-----------|----------------|
| Free | โœ… | 300-word preview | โŒ |
| Pro | โœ… | โœ… Full version | โœ… 50 queries per day |
| Pro+ | โœ… | โœ… Full version | โœ… 100 queries per day |
| Enterprise | โœ… | โœ… Full version | โœ… Unlimited |

Upgrade plans: https://cve.imfht.com/pricing

## Disclaimer

This tool is intended only for authorized security research, vulnerability assessment, CTF competitions, and defensive testing. Users must comply with local laws and regulations. Unauthorized attacks are prohibited.