Share
## https://sploitus.com/exploit?id=D5F1A1B7-4703-52E6-8849-7A637342F1F9
# mcp-exploitdb-query
MCP server to query ExploitDB.
This server exposes 4 MCP tools:
- `search_exploits` โ keyword/filtered search
- `search_by_cve` โ locate exploits by CVE
- `latest_exploits` โ newest published entries
- `get_exploit_by_id` โ fetch one exploit by EDB-ID
## Requirements
- Node.js 20+
## Installation
1. Install dependencies:
- `npm install`
2. Build:
- `npm run build`
## Development
- Run in dev mode: `npm run dev`
- Open MCP Inspector target: `npm run inspector`
- Type-check: `npm run typecheck`
- Run tests: `npm test`
## Configuration
Configuration is read from `.env` (or environment variables):
- `EXPLOITDB_CSV_URL` โ CSV index source
- `EXPLOITDB_DETAILS_BASE_URL` โ base URL for exploit details pages
- `EXPLOITDB_CACHE_TTL_MS` โ in-memory cache TTL in milliseconds
Defaults are provided in `.env.example`.
## MCP client configuration example
For local usage after build:
```json
{
"mcpServers": {
"exploitdb": {
"command": "node",
"args": ["/absolute/path/to/mcp-exploitdb-query/dist/index.js"],
"env": {
"EXPLOITDB_CSV_URL": "https://gitlab.com/exploit-database/exploitdb/-/raw/main/files_exploits.csv",
"EXPLOITDB_DETAILS_BASE_URL": "https://www.exploit-db.com/exploits",
"EXPLOITDB_CACHE_TTL_MS": "900000"
}
}
}
}
```
## Tool inputs
### `search_exploits`
Optional input fields:
- `query: string`
- `platform: string`
- `type: string`
- `verified: boolean`
- `cve: string`
- `limit: number` (1-100)
- `offset: number` (>= 0)
### `search_by_cve`
- `cve: string` (required)
- `limit: number` (1-100)
- `offset: number` (>= 0)
### `latest_exploits`
- `limit: number` (1-100)
### `get_exploit_by_id`
- `id: number` (required)
- `includePageDetails: boolean` (optional, default `false`)
## Notes
- Data source strategy is hybrid: CSV index first, details-page fetch on demand.
- Search quality depends on available metadata in the upstream ExploitDB dataset.