Skip to main content
Glama
telmon95

VulneraMCP

by telmon95
OverviewInspectSchemaRelated ServersScoreDiscussions
TypeScript
Hybrid

training.extract_from_writeup

Extract training patterns from bug bounty writeups to identify vulnerability types and improve security testing methodologies.

Instructions

Extract training patterns from bug bounty writeup text

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
writeupTextYesBug bounty writeup text
vulnerabilityTypeYesType of vulnerability
sourceNoSource of writeupcustom

Implementation Reference

  • src/tools/training_extractor.ts:312-391 (handler)
    The handler extracts patterns (target, payload, success, failure) from the provided writeup text using regex, calculates a severity score based on keywords, saves the data via saveTrainingData, and returns the extracted info and saved ID.
    async (params: any): Promise<ToolResult> => { try { const text = params.writeupText.toLowerCase(); const vulnType = params.vulnerabilityType; // Extract URLs/endpoints const urlPattern = /https?:\/\/[^\s"<>]+/gi; const urls = text.match(urlPattern) || []; const targetPattern = urls[0]?.split('?')[0] || ''; // Extract payloads const payloadPatterns = [ /payload[:\s]+([^\n]+)/gi, /exploit[:\s]+([^\n]+)/gi, /<script[^>]*>([^<]+)<\/script>/gi, /'[^']*'/g, /"[^"]*"/g, ]; let payloadPattern = ''; for (const pattern of payloadPatterns) { const matches = text.match(pattern); if (matches && matches.length > 0) { payloadPattern = matches[0].substring(0, 100); break; } } // Extract success indicators const successPatterns = [ /success|vulnerable|exploited|confirmed|poc|proof of concept/gi, /alert\(|xss|injection|bypass/gi, ]; let successPattern = 'success|vulnerable|exploited'; for (const pattern of successPatterns) { if (pattern.test(text)) { successPattern = pattern.source.replace(/[\\^$.*+?()[\]{}|]/g, ''); break; } } // Extract failure indicators const failurePattern = 'error|blocked|filtered|sanitized'; // Calculate score based on keywords let score = 5; if (text.includes('critical') || text.includes('rce') || text.includes('takeover')) { score = 10; } else if (text.includes('high') || text.includes('sql injection') || text.includes('auth bypass')) { score = 9; } else if (text.includes('xss') || text.includes('csrf')) { score = 7; } const id = await saveTrainingData( params.source || 'custom', `writeup-${Date.now()}`, vulnType, targetPattern, payloadPattern, successPattern, failurePattern, { extractedFrom: 'writeup', originalText: params.writeupText.substring(0, 500) }, score ); return formatToolResult(true, { id, extracted: { targetPattern, payloadPattern, successPattern, failurePattern, score, }, }); } catch (error: any) { return formatToolResult(false, null, error.message); } }
  • src/tools/training_extractor.ts:302-310 (schema)
    Input schema defining parameters: writeupText (required string), vulnerabilityType (required string), source (optional string, default 'custom').
    inputSchema: { type: 'object', properties: { writeupText: { type: 'string', description: 'Bug bounty writeup text' }, vulnerabilityType: { type: 'string', description: 'Type of vulnerability' }, source: { type: 'string', description: 'Source of writeup', default: 'custom' }, }, required: ['writeupText', 'vulnerabilityType'], },
  • src/tools/training_extractor.ts:298-311 (registration)
    Registers the tool 'training.extract_from_writeup' with its description and input schema, linking to the handler function.
    server.tool( 'training.extract_from_writeup', { description: 'Extract training patterns from bug bounty writeup text', inputSchema: { type: 'object', properties: { writeupText: { type: 'string', description: 'Bug bounty writeup text' }, vulnerabilityType: { type: 'string', description: 'Type of vulnerability' }, source: { type: 'string', description: 'Source of writeup', default: 'custom' }, }, required: ['writeupText', 'vulnerabilityType'], }, },
  • src/index.ts:48-48 (registration)
    Top-level call to registerTrainingExtractorTools(server), which includes registration of 'training.extract_from_writeup'.
    registerTrainingExtractorTools(server);

This server cannot be installed

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/telmon95/VulneraMCP'

If you have feedback or need assistance with the MCP directory API, please join our Discord server