VulneraMCP

Instructions

Implementation Reference

• src/tools/training_extractor.ts:411-426 (handler)

  Handler function that filters and returns CSRF training patterns based on the specified technique or all patterns.
  async ({ technique = 'all' }: any): Promise<ToolResult> => { try { let patterns = CSRF_TRAINING_DATA; if (technique !== 'all') { patterns = patterns.filter((p) => p.sourceId.includes(technique)); } return formatToolResult(true, { patterns, count: patterns.length, techniques: patterns.map((p) => p.contextData.technique), }); } catch (error: any) { return formatToolResult(false, null, error.message); } }
• src/tools/training_extractor.ts:397-409 (schema)

  Input schema and description for the training.get_csrf_patterns tool.
  { description: 'Get all CSRF exploitation patterns from training data', inputSchema: { type: 'object', properties: { technique: { type: 'string', enum: ['basic', 'content-type', 'method', 'token-bypass', 'referrer', 'all'], description: 'Specific CSRF technique', default: 'all', }, }, },
• src/tools/training_extractor.ts:395-427 (registration)

  Registration of the training.get_csrf_patterns tool using server.tool(), including schema and handler.
  server.tool( 'training.get_csrf_patterns', { description: 'Get all CSRF exploitation patterns from training data', inputSchema: { type: 'object', properties: { technique: { type: 'string', enum: ['basic', 'content-type', 'method', 'token-bypass', 'referrer', 'all'], description: 'Specific CSRF technique', default: 'all', }, }, }, }, async ({ technique = 'all' }: any): Promise<ToolResult> => { try { let patterns = CSRF_TRAINING_DATA; if (technique !== 'all') { patterns = patterns.filter((p) => p.sourceId.includes(technique)); } return formatToolResult(true, { patterns, count: patterns.length, techniques: patterns.map((p) => p.contextData.technique), }); } catch (error: any) { return formatToolResult(false, null, error.message); } } );
• src/tools/training_extractor.ts:6-82 (helper)

  Pre-loaded CSRF training data array used by the tool handler to provide patterns.
  const CSRF_TRAINING_DATA = [ { source: 'intigriti', sourceId: 'csrf-basic', vulnerabilityType: 'CSRF', targetPattern: '/api/profile/update', payloadPattern: '<form method="POST"', successPattern: 'email updated|profile updated|success', failurePattern: 'error|invalid|unauthorized', contextData: { technique: 'Basic CSRF', description: 'Simple form-based CSRF attack', example: '<form method="POST" action="https://app.example.com/api/profile/update">', }, score: 7, }, { source: 'intigriti', sourceId: 'csrf-content-type', vulnerabilityType: 'CSRF', targetPattern: '/api/', payloadPattern: 'enctype="text/plain"', successPattern: 'success|updated', failurePattern: 'error|invalid content-type', contextData: { technique: 'Content-Type Bypass', description: 'Bypass JSON-only APIs using text/plain', example: 'enctype="text/plain" with JSON-like payload', }, score: 8, }, { source: 'intigriti', sourceId: 'csrf-method', vulnerabilityType: 'CSRF', targetPattern: '/api/', payloadPattern: 'method="POST"|_method=PUT', successPattern: 'success|updated', failurePattern: 'method not allowed|cors error', contextData: { technique: 'Method-based CSRF', description: 'Change HTTP method to bypass CORS', example: 'Use POST instead of PUT/PATCH', }, score: 7, }, { source: 'intigriti', sourceId: 'csrf-token-bypass', vulnerabilityType: 'CSRF', targetPattern: '/api/', payloadPattern: 'csrf_token=|anti-csrf', successPattern: 'success|updated', failurePattern: 'invalid token|csrf required', contextData: { technique: 'Token Validation Bypass', description: 'Bypass anti-CSRF tokens', methods: ['remove token', 'blank value', 'random value', 'hardcoded valid token'], }, score: 9, }, { source: 'intigriti', sourceId: 'csrf-referrer', vulnerabilityType: 'CSRF', targetPattern: '/api/', payloadPattern: 'no-referrer', successPattern: 'success|updated', failurePattern: 'invalid referrer|referrer required', contextData: { technique: 'Referrer-based Bypass', description: 'Bypass referrer validation', example: '<meta name="referrer" content="no-referrer">', }, score: 8, }, ];