ExploitDB MCP Server

# ExploitDB MCP Server A Model Context Protocol server that provides access to ExploitDB functionality, developed by [Cyreslab.ai](https://cyreslab.ai). This server enables AI assistants like Claude to query information about security exploits and vulnerabilities, enhancing cybersecurity research and threat intelligence capabilities. **GitHub Repository**: [https://github.com/Cyreslab-AI/exploitdb-mcp-server](https://github.com/Cyreslab-AI/exploitdb-mcp-server) **Contact**: [contact@cyreslab.ai](mailto:contact@cyreslab.ai) ## Features - **Exploit Search**: Search for exploits by keywords, CVE IDs, platforms, and more - **Exploit Details**: Get comprehensive information about specific exploits, including code - **CVE Lookup**: Find all exploits related to specific CVE IDs - **Recent Exploits**: Track newly added exploits - **Statistics**: Get insights into exploit distribution by platform, type, and year - **Automatic Updates**: Keep the database up-to-date with scheduled updates ## Installation ### Prerequisites - Node.js (v16 or higher) - npm (v7 or higher) ### Installation Steps 1. Clone the repository: ```bash git clone https://github.com/Cyreslab-AI/exploitdb-mcp-server.git cd exploitdb-mcp-server ``` 2. Install dependencies: ```bash npm install ``` 3. Build the project: ```bash npm run build ``` 4. Configure the server: - Create a `.env` file in the root directory based on `.env.example` - Adjust settings as needed (data directory, update frequency, etc.) 5. Initialize the database: ```bash npm run update-db ``` 6. Run the server: ```bash node build/index.js ``` ### MCP Configuration To use this server with Claude or other MCP-compatible assistants, add it to your MCP configuration: ```json { "mcpServers": { "mcp-exploitdb-server": { "command": "node", "args": ["/path/to/exploitdb-mcp-server/build/index.js"] } } } ``` ## Usage ### Search Exploits Use the `search_exploits` tool to search for exploits in the database: ``` <use_mcp_tool> <server_name>mcp-exploitdb-server</server_name> <tool_name>search_exploits</tool_name> <arguments> { "query": "wordpress plugin", "platform": "php", "limit": 5 } </arguments> </use_mcp_tool> ``` Additional search parameters: - `type`: Filter by exploit type (e.g., webapps, remote, local) - `cve`: Filter by CVE ID - `author`: Filter by author name - `start_date`/`end_date`: Filter by date range (YYYY-MM-DD) - `verified`: Filter by verified status (true/false) - `offset`: For pagination ### Get Exploit Details Use the `get_exploit` tool to retrieve detailed information about a specific exploit: ``` <use_mcp_tool> <server_name>mcp-exploitdb-server</server_name> <tool_name>get_exploit</tool_name> <arguments> { "id": 12345, "include_code": true } </arguments> </use_mcp_tool> ``` ### Find Exploits by CVE Use the `find_by_cve` tool to find all exploits related to a specific CVE: ``` <use_mcp_tool> <server_name>mcp-exploitdb-server</server_name> <tool_name>find_by_cve</tool_name> <arguments> { "cve": "CVE-2021-44228", "limit": 10 } </arguments> </use_mcp_tool> ``` ### Get Recent Exploits Use the `get_recent_exploits` tool to retrieve recently added exploits: ``` <use_mcp_tool> <server_name>mcp-exploitdb-server</server_name> <tool_name>get_recent_exploits</tool_name> <arguments> { "limit": 10 } </arguments> </use_mcp_tool> ``` ### Get Statistics Use the `get_statistics` tool to get insights about the exploits in the database: ``` <use_mcp_tool> <server_name>mcp-exploitdb-server</server_name> <tool_name>get_statistics</tool_name> <arguments> {} </arguments> </use_mcp_tool> ``` ## Configuration Options The server can be configured using environment variables or a `.env` file: | Variable | Description | Default | | ------------------ | --------------------------------------------- | ----------------------------------------------------------------------------- | | `CLONE_REPOSITORY` | Whether to clone the ExploitDB repository | `false` | | `REPOSITORY_URL` | URL of the ExploitDB repository | `https://gitlab.com/exploit-database/exploitdb.git` | | `CSV_URL` | URL of the ExploitDB CSV file | `https://gitlab.com/exploit-database/exploitdb/-/raw/main/files_exploits.csv` | | `DATA_DIR` | Directory to store data | `./data` | | `DB_PATH` | Path to the SQLite database | `./data/exploitdb.sqlite` | | `UPDATE_INTERVAL` | Update frequency in hours (0 to disable) | `24` | | `MAX_RESULTS` | Maximum number of results to return per query | `10` | ## Data Sources This server uses data from the [Exploit Database](https://www.exploit-db.com/), maintained by [Offensive Security](https://www.offensive-security.com/). The data is either downloaded directly from the CSV file or cloned from the [ExploitDB GitLab repository](https://gitlab.com/exploit-database/exploitdb). ## License This project is licensed under the MIT License - see the LICENSE file for details. ## Acknowledgements - [Offensive Security](https://www.offensive-security.com/) for maintaining the Exploit Database - [Model Context Protocol](https://github.com/anthropics/model-context-protocol) for enabling AI assistants to access external tools ## Contributing Contributions are welcome! Please feel free to submit a Pull Request. Have feature suggestions or found a bug? Please open an issue on our [GitHub repository](https://github.com/Cyreslab-AI/exploitdb-mcp-server) or contact us directly at [contact@cyreslab.ai](mailto:contact@cyreslab.ai).