Skip to main content
Glama
telmon95

VulneraMCP

by telmon95
OverviewInspectSchemaRelated ServersScoreDiscussions
TypeScript
Hybrid

training.import_all

Import pre-loaded security training data from Intigriti, PortSwigger, and other sources to enhance vulnerability testing capabilities.

Instructions

Import all pre-loaded training data from Intigriti, PortSwigger, and other sources

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
sourcesNoSources to import (csrf, xss, sqli, registration, dorking, all)

Implementation Reference

  • src/tools/training_extractor.ts:242-294 (handler)
    Handler function for 'training.import_all' tool that imports pre-loaded training data from various sources (CSRF, XSS, SQLi, etc.) into the database using saveTrainingData.
    async ({ sources = ['all'] }: any): Promise<ToolResult> => { try { const allData: any[] = []; const importSources = sources.includes('all') ? ['csrf', 'xss', 'sqli', 'registration', 'dorking'] : sources; if (importSources.includes('csrf')) { allData.push(...CSRF_TRAINING_DATA); } if (importSources.includes('xss')) { allData.push(...XSS_TRAINING_DATA); } if (importSources.includes('sqli')) { allData.push(...SQLI_TRAINING_DATA); } if (importSources.includes('registration')) { allData.push(...REGISTRATION_TRAINING_DATA); } if (importSources.includes('dorking')) { allData.push(...GOOGLE_DORKING_PATTERNS); } const imported: number[] = []; for (const data of allData) { try { const id = await saveTrainingData( data.source, data.sourceId, data.vulnerabilityType, data.targetPattern, data.payloadPattern, data.successPattern, data.failurePattern, data.contextData, data.score ); imported.push(id); } catch (error: any) { console.error(`Error importing ${data.sourceId}:`, error.message); } } return formatToolResult(true, { imported: imported.length, total: allData.length, ids: imported, sources: importSources, }); } catch (error: any) { return formatToolResult(false, null, error.message); } }
  • src/tools/training_extractor.ts:228-240 (schema)
    Input schema for the 'training.import_all' tool, allowing specification of sources to import with default 'all'.
    { description: 'Import all pre-loaded training data from Intigriti, PortSwigger, and other sources', inputSchema: { type: 'object', properties: { sources: { type: 'array', items: { type: 'string' }, description: 'Sources to import (csrf, xss, sqli, registration, dorking, all)', default: ['all'], }, }, },
  • src/tools/training_extractor.ts:227-295 (registration)
    Registration of the 'training.import_all' tool within the registerTrainingExtractorTools function.
    'training.import_all', { description: 'Import all pre-loaded training data from Intigriti, PortSwigger, and other sources', inputSchema: { type: 'object', properties: { sources: { type: 'array', items: { type: 'string' }, description: 'Sources to import (csrf, xss, sqli, registration, dorking, all)', default: ['all'], }, }, }, }, async ({ sources = ['all'] }: any): Promise<ToolResult> => { try { const allData: any[] = []; const importSources = sources.includes('all') ? ['csrf', 'xss', 'sqli', 'registration', 'dorking'] : sources; if (importSources.includes('csrf')) { allData.push(...CSRF_TRAINING_DATA); } if (importSources.includes('xss')) { allData.push(...XSS_TRAINING_DATA); } if (importSources.includes('sqli')) { allData.push(...SQLI_TRAINING_DATA); } if (importSources.includes('registration')) { allData.push(...REGISTRATION_TRAINING_DATA); } if (importSources.includes('dorking')) { allData.push(...GOOGLE_DORKING_PATTERNS); } const imported: number[] = []; for (const data of allData) { try { const id = await saveTrainingData( data.source, data.sourceId, data.vulnerabilityType, data.targetPattern, data.payloadPattern, data.successPattern, data.failurePattern, data.contextData, data.score ); imported.push(id); } catch (error: any) { console.error(`Error importing ${data.sourceId}:`, error.message); } } return formatToolResult(true, { imported: imported.length, total: allData.length, ids: imported, sources: importSources, }); } catch (error: any) { return formatToolResult(false, null, error.message); } } );
  • src/tools/training_extractor.ts:6-82 (helper)
    Pre-loaded CSRF training data used by the 'training.import_all' handler.
    const CSRF_TRAINING_DATA = [ { source: 'intigriti', sourceId: 'csrf-basic', vulnerabilityType: 'CSRF', targetPattern: '/api/profile/update', payloadPattern: '<form method="POST"', successPattern: 'email updated|profile updated|success', failurePattern: 'error|invalid|unauthorized', contextData: { technique: 'Basic CSRF', description: 'Simple form-based CSRF attack', example: '<form method="POST" action="https://app.example.com/api/profile/update">', }, score: 7, }, { source: 'intigriti', sourceId: 'csrf-content-type', vulnerabilityType: 'CSRF', targetPattern: '/api/', payloadPattern: 'enctype="text/plain"', successPattern: 'success|updated', failurePattern: 'error|invalid content-type', contextData: { technique: 'Content-Type Bypass', description: 'Bypass JSON-only APIs using text/plain', example: 'enctype="text/plain" with JSON-like payload', }, score: 8, }, { source: 'intigriti', sourceId: 'csrf-method', vulnerabilityType: 'CSRF', targetPattern: '/api/', payloadPattern: 'method="POST"|_method=PUT', successPattern: 'success|updated', failurePattern: 'method not allowed|cors error', contextData: { technique: 'Method-based CSRF', description: 'Change HTTP method to bypass CORS', example: 'Use POST instead of PUT/PATCH', }, score: 7, }, { source: 'intigriti', sourceId: 'csrf-token-bypass', vulnerabilityType: 'CSRF', targetPattern: '/api/', payloadPattern: 'csrf_token=|anti-csrf', successPattern: 'success|updated', failurePattern: 'invalid token|csrf required', contextData: { technique: 'Token Validation Bypass', description: 'Bypass anti-CSRF tokens', methods: ['remove token', 'blank value', 'random value', 'hardcoded valid token'], }, score: 9, }, { source: 'intigriti', sourceId: 'csrf-referrer', vulnerabilityType: 'CSRF', targetPattern: '/api/', payloadPattern: 'no-referrer', successPattern: 'success|updated', failurePattern: 'invalid referrer|referrer required', contextData: { technique: 'Referrer-based Bypass', description: 'Bypass referrer validation', example: '<meta name="referrer" content="no-referrer">', }, score: 8, }, ];

This server cannot be installed

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/telmon95/VulneraMCP'

If you have feedback or need assistance with the MCP directory API, please join our Discord server