VulneraMCP

Instructions

Implementation Reference

• src/tools/training.ts:300-328 (handler)

  Handler function that executes the tool logic: extracts payloads from HTB exploit data, saves each to training DB via saveTrainingData, returns import count and IDs.
  try { const exploit = params.exploit; const payloads = exploit.payloads || [exploit.payload || '']; const results: any[] = []; for (const payload of payloads) { const id = await saveTrainingData( 'htb', params.challengeName, params.vulnerabilityType, params.challengeUrl || '', payload, exploit.successPattern || 'flag', exploit.failurePattern || 'error', { exploit, challengeUrl: params.challengeUrl }, exploit.score || 8 ); results.push(id); } return formatToolResult(true, { imported: results.length, ids: results, }); } catch (error: any) { return formatToolResult(false, null, error.message); } } );
• src/tools/training.ts:287-299 (schema)

  Input schema defining parameters for importing HTB training data: challengeName, challengeUrl, vulnerabilityType, and exploit object.
  description: 'Import training data from HackTheBox challenge', inputSchema: { type: 'object', properties: { challengeName: { type: 'string', description: 'Name of the HTB challenge' }, challengeUrl: { type: 'string', description: 'URL of the challenge' }, vulnerabilityType: { type: 'string', description: 'Type of vulnerability' }, exploit: { type: 'object', description: 'Exploit data with payloads and steps' }, }, required: ['challengeName', 'vulnerabilityType', 'exploit'], }, }, async (params: any): Promise<ToolResult> => {
• src/tools/training.ts:285-329 (registration)

  Registration of the 'training.import_htb' tool via server.tool() call within registerTrainingTools, including inline schema and handler.
  'training.import_htb', { description: 'Import training data from HackTheBox challenge', inputSchema: { type: 'object', properties: { challengeName: { type: 'string', description: 'Name of the HTB challenge' }, challengeUrl: { type: 'string', description: 'URL of the challenge' }, vulnerabilityType: { type: 'string', description: 'Type of vulnerability' }, exploit: { type: 'object', description: 'Exploit data with payloads and steps' }, }, required: ['challengeName', 'vulnerabilityType', 'exploit'], }, }, async (params: any): Promise<ToolResult> => { try { const exploit = params.exploit; const payloads = exploit.payloads || [exploit.payload || '']; const results: any[] = []; for (const payload of payloads) { const id = await saveTrainingData( 'htb', params.challengeName, params.vulnerabilityType, params.challengeUrl || '', payload, exploit.successPattern || 'flag', exploit.failurePattern || 'error', { exploit, challengeUrl: params.challengeUrl }, exploit.score || 8 ); results.push(id); } return formatToolResult(true, { imported: results.length, ids: results, }); } catch (error: any) { return formatToolResult(false, null, error.message); } } ); }
• src/integrations/postgres.ts:248-281 (helper)

  Helper function saveTrainingData that performs the actual database insertion of training data into the 'training_data' table.
  export async function saveTrainingData( source: string, sourceId: string, vulnerabilityType: string, targetPattern: string, payloadPattern: string, successPattern: string, failurePattern: string, contextData?: any, score?: number ): Promise<number> { const client = await initPostgres().connect(); try { const result: QueryResult = await client.query( `INSERT INTO training_data (source, source_id, vulnerability_type, target_pattern, payload_pattern, success_pattern, failure_pattern, context_data, score) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9) RETURNING id`, [ source, sourceId, vulnerabilityType, targetPattern, payloadPattern, successPattern, failurePattern, JSON.stringify(contextData || {}), score || 0 ] ); return result.rows[0].id; } finally { client.release(); } }