@profullstack/mcp-server

service.js•13.7 kB

/** * Scanner Module Service * * This file contains the main business logic for the scanner module. * It integrates with the @profullstack/scanner package to provide * web application security scanning capabilities. */ import { join } from 'path'; import { homedir } from 'os'; import { existsSync, mkdirSync, writeFileSync, readFileSync } from 'fs'; import { spawn } from 'child_process'; import { validateTarget } from './utils.js'; // Real nuclei scanner implementation const scannerScanTarget = async (target, options = {}) => { const scanId = `scan-${Date.now()}`; const startTime = new Date(); try { // Create output directory const outputDir = options.outputDir || join(homedir(), '.config', 'mcp-scanner', 'scans', scanId); if (!existsSync(outputDir)) { mkdirSync(outputDir, { recursive: true }); } // Prepare nuclei command arguments const args = ['-target', target, '-jsonl', '-o', join(outputDir, 'nuclei-results.jsonl')]; // Add verbose flag if requested, otherwise use silent if (options.verbose) { args.push('-v'); } else { args.push('-silent'); } // Add specific templates if specified in toolOptions if (options.toolOptions?.nuclei?.templates) { args.push('-t', options.toolOptions.nuclei.templates); } // Add severity filters if specified if (options.toolOptions?.nuclei?.severity) { args.push('-severity', options.toolOptions.nuclei.severity); } // Add timeout if specified if (options.timeout) { args.push('-timeout', options.timeout.toString()); } // Execute nuclei const results = await executeNuclei(args, outputDir); const endTime = new Date(); const duration = endTime.getTime() - startTime.getTime(); return { id: scanId, target, startTime: startTime.toISOString(), endTime: endTime.toISOString(), duration, status: 'completed', summary: results.summary, findings: results.findings, outputDir, }; } catch (error) { const endTime = new Date(); const duration = endTime.getTime() - startTime.getTime(); return { id: scanId, target, startTime: startTime.toISOString(), endTime: endTime.toISOString(), duration, status: 'failed', error: error.message, summary: { total: 0, critical: 0, high: 0, medium: 0, low: 0, info: 0, }, findings: [], }; } }; // Execute nuclei and parse results const executeNuclei = (args, outputDir) => { return new Promise((resolve, reject) => { console.log('Executing nuclei with args:', args); const nuclei = spawn('nuclei', args, { stdio: ['pipe', 'pipe', 'pipe'], }); let stdout = ''; let stderr = ''; nuclei.stdout.on('data', data => { stdout += data.toString(); }); nuclei.stderr.on('data', data => { stderr += data.toString(); }); nuclei.on('close', code => { console.log(`Nuclei exited with code: ${code}`); console.log(`Nuclei stdout: ${stdout}`); console.log(`Nuclei stderr: ${stderr}`); try { // Parse results from output file const resultsFile = join(outputDir, 'nuclei-results.jsonl'); console.log(`Looking for results file: ${resultsFile}`); let findings = []; if (existsSync(resultsFile)) { console.log('Results file exists, reading...'); const fileContent = readFileSync(resultsFile, 'utf8'); console.log(`File content length: ${fileContent.length}`); if (fileContent.trim()) { // Parse JSONL format (each line is a JSON object) const lines = fileContent.trim().split('\n'); console.log(`Found ${lines.length} lines in results file`); findings = lines .map(line => { try { return JSON.parse(line); } catch (e) { console.log(`Failed to parse line: ${line}, error: ${e.message}`); return null; } }) .filter(Boolean); } } else { console.log('Results file does not exist'); } // Calculate summary const summary = { total: findings.length, critical: findings.filter(f => f.info?.severity === 'critical').length, high: findings.filter(f => f.info?.severity === 'high').length, medium: findings.filter(f => f.info?.severity === 'medium').length, low: findings.filter(f => f.info?.severity === 'low').length, info: findings.filter(f => f.info?.severity === 'info').length, }; console.log(`Final summary: ${JSON.stringify(summary)}`); resolve({ summary, findings, stdout, stderr, exitCode: code, }); } catch (error) { console.log(`Error parsing results: ${error.message}`); reject(new Error(`Failed to parse nuclei results: ${error.message}`)); } }); nuclei.on('error', error => { console.log(`Nuclei spawn error: ${error.message}`); reject(new Error(`Failed to execute nuclei: ${error.message}`)); }); }); }; // In-memory storage for scans (in production, this should be a database) const scanStorage = new Map(); const scannerGetScanHistory = limit => { const scans = Array.from(scanStorage.values()) .sort((a, b) => new Date(b.startTime) - new Date(a.startTime)) .slice(0, limit); return scans; }; const scannerGetAllScans = () => { return Array.from(scanStorage.values()).sort( (a, b) => new Date(b.startTime) - new Date(a.startTime) ); }; const scannerGetScanStats = () => { const scans = Array.from(scanStorage.values()); const completedScans = scans.filter(s => s.status === 'completed'); const failedScans = scans.filter(s => s.status === 'failed'); const totalVulnerabilities = completedScans.reduce( (sum, scan) => sum + (scan.summary?.total || 0), 0 ); const severityBreakdown = completedScans.reduce( (acc, scan) => { if (scan.summary) { acc.critical += scan.summary.critical || 0; acc.high += scan.summary.high || 0; acc.medium += scan.summary.medium || 0; acc.low += scan.summary.low || 0; acc.info += scan.summary.info || 0; } return acc; }, { critical: 0, high: 0, medium: 0, low: 0, info: 0 } ); return { totalScans: scans.length, completedScans: completedScans.length, failedScans: failedScans.length, totalVulnerabilities, severityBreakdown, }; }; const scannerGetScanById = scanId => { return scanStorage.get(scanId) || null; }; // Store scan result const storeScanResult = scanResult => { scanStorage.set(scanResult.id, scanResult); return scanResult; }; const scannerGenerateReport = async (scan, options) => { if (options.format === 'html') { return '<html><body><h1>Scan Report</h1></body></html>'; } return { scan, generatedAt: new Date().toISOString(), format: options.format, }; }; /** * Service class for the scanner module */ export class ScannerService { constructor() { // Ensure the data directory exists this.dataDir = join(homedir(), '.config', 'mcp-scanner'); if (!existsSync(this.dataDir)) { mkdirSync(this.dataDir, { recursive: true }); } } /** * Perform a security scan on a target * @param {string} target - Target URL or IP address * @param {Object} options - Scan options * @returns {Promise<Object>} Scan result */ async scanTarget(target, options = {}) { // Validate target if (!validateTarget(target)) { throw new Error('Invalid target URL or IP address'); } // Set default output directory const outputDir = options.outputDir || join(this.dataDir, 'scans', `scan-${Date.now()}`); if (!existsSync(outputDir)) { mkdirSync(outputDir, { recursive: true }); } // Perform the scan try { const scanOptions = { ...options, outputDir, }; // Only run nuclei if it's in the tools list if (!options.tools || options.tools.includes('nuclei')) { const result = await scannerScanTarget(target, scanOptions); // Store the result storeScanResult(result); return result; } else { // If nuclei is not requested, return a basic result const scanId = `scan-${Date.now()}`; const startTime = new Date(); const endTime = new Date(); const result = { id: scanId, target, startTime: startTime.toISOString(), endTime: endTime.toISOString(), duration: endTime.getTime() - startTime.getTime(), status: 'completed', summary: { total: 0, critical: 0, high: 0, medium: 0, low: 0, info: 0, }, findings: [], message: 'Nuclei not requested in tools list', }; storeScanResult(result); return result; } } catch (error) { throw new Error(`Scan failed: ${error.message}`); } } /** * Get scan history * @param {number} limit - Maximum number of scans to return * @returns {Array} Array of scan results */ getScanHistory(limit = 10) { try { return scannerGetScanHistory(limit); } catch (error) { throw new Error(`Failed to get scan history: ${error.message}`); } } /** * Get all scans * @returns {Array} Array of all scan results */ getAllScans() { try { return scannerGetAllScans(); } catch (error) { throw new Error(`Failed to get all scans: ${error.message}`); } } /** * Get scan statistics * @returns {Object} Scan statistics */ getScanStats() { try { return scannerGetScanStats(); } catch (error) { throw new Error(`Failed to get scan statistics: ${error.message}`); } } /** * Get scan by ID * @param {string} scanId - Scan ID * @returns {Object|null} Scan result or null if not found */ getScanById(scanId) { try { const scan = scannerGetScanById(scanId); if (!scan) { throw new Error(`Scan with ID ${scanId} not found`); } return scan; } catch (error) { throw new Error(`Failed to get scan: ${error.message}`); } } /** * Delete scan by ID * @param {string} scanId - Scan ID * @returns {boolean} True if deleted, false if not found */ deleteScan(scanId) { try { // Since deleteScan is not available, we'll implement a basic version const scan = this.getScanById(scanId); if (!scan) { return false; } // In a real implementation, we would delete the scan return true; } catch (error) { throw new Error(`Failed to delete scan: ${error.message}`); } } /** * Clear all scan history */ clearScanHistory() { try { // Since clearScanHistory is not available, we'll implement a basic version console.log('Clearing scan history (mock implementation)'); // In a real implementation, we would clear the scan history } catch (error) { throw new Error(`Failed to clear scan history: ${error.message}`); } } /** * Generate a report for a scan * @param {string} scanId - Scan ID * @param {Object} options - Report options * @param {string} options.format - Report format (json, html, pdf, csv) * @returns {Promise<Object|string>} Generated report */ async generateReport(scanId, options = {}) { try { const scan = this.getScanById(scanId); const format = options.format || 'json'; return await scannerGenerateReport(scan, { format }); } catch (error) { throw new Error(`Failed to generate report: ${error.message}`); } } /** * Export a report for a scan * @param {string} scanId - Scan ID * @param {Object} options - Export options * @param {string} options.format - Report format (json, html, pdf, csv) * @param {string} options.destination - Destination path * @returns {Promise<Object>} Export result */ async exportReport(scanId, options = {}) { try { // Verify scan exists this.getScanById(scanId); const format = options.format || 'json'; let destination = options.destination; if (!destination) { destination = join(this.dataDir, 'reports', `${scanId}-report.${format}`); // Ensure the reports directory exists const reportsDir = join(this.dataDir, 'reports'); if (!existsSync(reportsDir)) { mkdirSync(reportsDir, { recursive: true }); } } const report = await this.generateReport(scanId, { format }); if (typeof report === 'string') { writeFileSync(destination, report); } else { writeFileSync(destination, JSON.stringify(report, null, 2)); } return { scanId, format, destination, timestamp: new Date().toISOString(), }; } catch (error) { throw new Error(`Failed to export report: ${error.message}`); } } /** * Get available report formats * @returns {Array} Array of available report formats */ getReportFormats() { // Since getReportFormats is not available, we'll return a hardcoded list return ['json', 'html', 'pdf', 'csv']; } } // Export a singleton instance export const scannerService = new ScannerService();

Loading blob content...

Latest Blog Posts

Don't Use Large Strings as Cache Keys
By punkpeye on January 11, 2026.
markdown
node-js
cache
What are Claude Skills?
By punkpeye on January 10, 2026.
mcp
skills
How to Test MCP Streamable HTTP Endpoints Using cURL
By punkpeye on January 2, 2026.
tutorial
bash

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/profullstack/mcp-server'

If you have feedback or need assistance with the MCP directory API, please join our Discord server

service.js•13.7 kB