Share
## https://sploitus.com/exploit?id=C5683F3F-6CBB-5E02-8D47-5F9FB66235C4
# Poc Hunter

A vulnerability/proof of concept (PoC) search tool based on the GitHub API and NVD, providing MCP service interfaces. ## Features

- Search NVD vulnerabilities by date range
- Search GitHub PoC repositories by CVE ID
- Multi-faceted PoC search (combination of repositories, code, and keywords)

## Configuration

Configure the GitHub Token in [config.py](config.py) (optional):

- `TOKEN_LIST`: A comma-separated list of tokens to avoid GitHub API rate limits

Example:

```
TOKEN_LIST="ghp_xxx,ghp_yyy"
```

If no token is configured, anonymous access will be used (potentially triggering rate limits). ## Starting the Service

The entry point is in [main.py](main.py). After the service starts, the following tools can be called via MCP. ## Tool Interfaces

### 1) search_vulnerabilities

Search for vulnerabilities in NVD within a certain date range. Parameters:
- `kevStartDate`: datetime
- `kevEndDate`: datetime

### 2) search_poc_repositories

Search corresponding PoC repositories via the GitHub API. Parameters:
- `cve_id`: e.g., `CVE-2023-1234`
- `per_page`: Number of results per page (1-100)
- `page`: Page number

Returns:
- `total_count`
- `items`: Simplified repository list (`name`, `url`, `stars`, `description`)

### 3) search_poc_multi

Multi-faceted search for PoCs (combination of repositories, code, and keywords). Parameters:
- `cve_id`: e.g., `CVE-2023-1234`
- `keywords`: List of keywords (optional)
- `languages`: List of languages (optional)
- `per_page`: Number of results per page (1-100)
- `page`: Page number

Returns:
- `repo_results`: Deduplicated repository results
- `code_results`: Code search results (including file paths and repository information)
- `repo_queries`/`code_queries`: Actual query combinations used

## Notes

The GitHub search API has relatively strict rate limits by default. It is recommended to configure a token and use appropriate caching when making frequent calls.