ExploitDB MCP Server

# ExploitDB MCP Server A Model Context Protocol server that provides access to ExploitDB functionality, developed by [Cyreslab.ai](https://cyreslab.ai). This server enables AI assistants like Claude to query information about security exploits and vulnerabilities, enhancing cybersecurity research and threat intelligence capabilities. **GitHub Repository**: [https://github.com/Cyreslab-AI/exploitdb-mcp-server](https://github.com/Cyreslab-AI/exploitdb-mcp-server) **Contact**: [contact@cyreslab.ai](mailto:contact@cyreslab.ai) ## Features - **Exploit Search**: Search for exploits by keywords, CVE IDs, platforms, and more - **Exploit Details**: Get comprehensive information about specific exploits, including code - **CVE Lookup**: Find all exploits related to specific CVE IDs - **Recent Exploits**: Track newly added exploits - **Statistics**: Get insights into exploit distribution by platform, type, and year - **Automatic Updates**: Keep the database up-to-date with scheduled updates ## Installation ### Prerequisites - Node.js (v16 or higher) - npm (v7 or higher) ### Installation Steps 1. Clone the repository: ```bash git clone https://github.com/Cyreslab-AI/exploitdb-mcp-server.git cd exploitdb-mcp-server ``` 2. Install dependencies: ```bash npm install ``` 3. Build the project: ```bash npm run build ``` 4. Configure the server: - Create a `.env` file in the root directory based on `.env.example` - Adjust settings as needed (data directory, update frequency, etc.) 5. Initialize the database: ```bash npm run update-db ``` **Note**: The initial database update may take several minutes as it processes ~47,000 exploits from the ExploitDB CSV file. The script handles missing or malformed data gracefully by using fallback values for required fields. 6. Run the server: ```bash node build/index.js ``` ### MCP Configuration To use this server with Claude or other MCP-compatible assistants, add it to your MCP configuration: ```json { "mcpServers": { "mcp-exploitdb-server": { "command": "node", "args": ["/path/to/exploitdb-mcp-server/build/index.js"] } } } ``` ## Available Tools The ExploitDB MCP server provides 18 comprehensive tools for querying and analyzing exploit data: ### Core Search Tools 1. **search_exploits** - General search with multiple filters 2. **get_exploit** - Get detailed information about a specific exploit 3. **find_by_cve** - Find exploits by CVE ID 4. **get_recent_exploits** - Get recently added exploits 5. **get_statistics** - Get database statistics ### Advanced Search Tools 6. **search_by_platform** - Search exploits for a specific platform with filters 7. **search_by_type** - Search by exploit type (webapps, remote, local, dos, hardware) 8. **search_by_author** - Find all exploits by a specific author 9. **search_by_date_range** - Find exploits within a date range 10. **search_by_tags** - Search by generated tags (sql injection, xss, etc.) ### Analysis & Intelligence Tools 11. **get_platform_statistics** - Get detailed statistics for a specific platform 12. **get_trending_exploits** - Find recently added exploits (configurable time period) 13. **compare_exploits** - Compare multiple exploits side-by-side 14. **get_exploit_timeline** - Get chronological timeline of exploits ### Utility Tools 15. **batch_get_exploits** - Retrieve multiple exploits efficiently (up to 50) 16. **get_related_exploits** - Find related exploits by platform, author, CVE, or tags 17. **validate_exploit_id** - Check if an exploit ID exists 18. **export_search_results** - Export search results in JSON or CSV format ## Usage Examples ### Search Exploits Use the `search_exploits` tool to search for exploits in the database: ``` <use_mcp_tool> <server_name>mcp-exploitdb-server</server_name> <tool_name>search_exploits</tool_name> <arguments> { "query": "wordpress plugin", "platform": "php", "limit": 5 } </arguments> </use_mcp_tool> ``` Additional search parameters: - `type`: Filter by exploit type (e.g., webapps, remote, local) - `cve`: Filter by CVE ID - `author`: Filter by author name - `start_date`/`end_date`: Filter by date range (YYYY-MM-DD) - `verified`: Filter by verified status (true/false) - `offset`: For pagination ### Get Exploit Details Use the `get_exploit` tool to retrieve detailed information about a specific exploit: ``` <use_mcp_tool> <server_name>mcp-exploitdb-server</server_name> <tool_name>get_exploit</tool_name> <arguments> { "id": 12345, "include_code": true } </arguments> </use_mcp_tool> ``` ### Find Exploits by CVE Use the `find_by_cve` tool to find all exploits related to a specific CVE: ``` <use_mcp_tool> <server_name>mcp-exploitdb-server</server_name> <tool_name>find_by_cve</tool_name> <arguments> { "cve": "CVE-2021-44228", "limit": 10 } </arguments> </use_mcp_tool> ``` ### Get Recent Exploits Use the `get_recent_exploits` tool to retrieve recently added exploits: ``` <use_mcp_tool> <server_name>mcp-exploitdb-server</server_name> <tool_name>get_recent_exploits</tool_name> <arguments> { "limit": 10 } </arguments> </use_mcp_tool> ``` ### Get Statistics Use the `get_statistics` tool to get insights about the exploits in the database: ``` <use_mcp_tool> <server_name>mcp-exploitdb-server</server_name> <tool_name>get_statistics</tool_name> <arguments> {} </arguments> </use_mcp_tool> ``` ### Search by Platform Search exploits for a specific platform with advanced filters: ``` <use_mcp_tool> <server_name>mcp-exploitdb-server</server_name> <tool_name>search_by_platform</tool_name> <arguments> { "platform": "php", "type": "webapps", "verified": true, "limit": 10 } </arguments> </use_mcp_tool> ``` ### Search by Author Find all exploits by a specific author: ``` <use_mcp_tool> <server_name>mcp-exploitdb-server</server_name> <tool_name>search_by_author</tool_name> <arguments> { "author": "Offensive Security", "limit": 10 } </arguments> </use_mcp_tool> ``` ### Search by Date Range Find exploits within a specific date range: ``` <use_mcp_tool> <server_name>mcp-exploitdb-server</server_name> <tool_name>search_by_date_range</tool_name> <arguments> { "start_date": "2024-01-01", "end_date": "2024-12-31", "platform": "windows", "limit": 20 } </arguments> </use_mcp_tool> ``` ### Search by Tags Search exploits by generated tags: ``` <use_mcp_tool> <server_name>mcp-exploitdb-server</server_name> <tool_name>search_by_tags</tool_name> <arguments> { "tags": ["sql injection", "rce"], "match_all": false, "limit": 10 } </arguments> </use_mcp_tool> ``` ### Get Trending Exploits Find recently added exploits: ``` <use_mcp_tool> <server_name>mcp-exploitdb-server</server_name> <tool_name>get_trending_exploits</tool_name> <arguments> { "days": 30, "limit": 10 } </arguments> </use_mcp_tool> ``` ### Compare Exploits Compare multiple exploits side-by-side: ``` <use_mcp_tool> <server_name>mcp-exploitdb-server</server_name> <tool_name>compare_exploits</tool_name> <arguments> { "ids": [12345, 12346, 12347] } </arguments> </use_mcp_tool> ``` ### Get Related Exploits Find exploits related to a specific exploit: ``` <use_mcp_tool> <server_name>mcp-exploitdb-server</server_name> <tool_name>get_related_exploits</tool_name> <arguments> { "id": 12345, "relation_type": "platform", "limit": 10 } </arguments> </use_mcp_tool> ``` ### Batch Get Exploits Retrieve multiple exploits efficiently: ``` <use_mcp_tool> <server_name>mcp-exploitdb-server</server_name> <tool_name>batch_get_exploits</tool_name> <arguments> { "ids": [12345, 12346, 12347, 12348], "include_code": false } </arguments> </use_mcp_tool> ``` ### Export Search Results Export search results in CSV or JSON format: ``` <use_mcp_tool> <server_name>mcp-exploitdb-server</server_name> <tool_name>export_search_results</tool_name> <arguments> { "query": "wordpress", "format": "csv", "platform": "php", "limit": 100 } </arguments> </use_mcp_tool> ``` ## Configuration Options The server can be configured using environment variables or a `.env` file: | Variable | Description | Default | | ------------------ | --------------------------------------------- | ----------------------------------------------------------------------------- | | `CLONE_REPOSITORY` | Whether to clone the ExploitDB repository | `false` | | `REPOSITORY_URL` | URL of the ExploitDB repository | `https://gitlab.com/exploit-database/exploitdb.git` | | `CSV_URL` | URL of the ExploitDB CSV file | `https://gitlab.com/exploit-database/exploitdb/-/raw/main/files_exploits.csv` | | `DATA_DIR` | Directory to store data | `./data` | | `DB_PATH` | Path to the SQLite database | `./data/exploitdb.sqlite` | | `UPDATE_INTERVAL` | Update frequency in hours (0 to disable) | `24` | | `MAX_RESULTS` | Maximum number of results to return per query | `10` | ## Data Sources This server uses data from the [Exploit Database](https://www.exploit-db.com/), maintained by [Offensive Security](https://www.offensive-security.com/). The data is either downloaded directly from the CSV file or cloned from the [ExploitDB GitLab repository](https://gitlab.com/exploit-database/exploitdb). ### Data Processing The server automatically handles various data quality issues: - **Date handling**: Uses `date_published` from the CSV, with fallbacks to `date_added`, `date_updated`, or a default date if all are missing - **Missing fields**: Provides sensible defaults for required fields (author, type, platform) when data is incomplete - **CVE extraction**: Automatically extracts CVE identifiers from exploit descriptions - **Tag generation**: Generates relevant tags based on exploit descriptions for improved searchability The database typically contains: - **46,000+** exploits spanning from 1988 to present - **33,000+** verified exploits - Coverage across **60+** platforms (PHP, Windows, Linux, etc.) - **27,000+** web application exploits - Comprehensive metadata including authors, dates, platforms, and CVE references ## License This project is licensed under the MIT License - see the LICENSE file for details. ## Acknowledgements - [Offensive Security](https://www.offensive-security.com/) for maintaining the Exploit Database - [Model Context Protocol](https://github.com/anthropics/model-context-protocol) for enabling AI assistants to access external tools ## Contributing Contributions are welcome! Please feel free to submit a Pull Request. Have feature suggestions or found a bug? Please open an issue on our [GitHub repository](https://github.com/Cyreslab-AI/exploitdb-mcp-server) or contact us directly at [contact@cyreslab.ai](mailto:contact@cyreslab.ai).