VulneraMCP

Instructions

Implementation Reference

• src/tools/training.ts:177-203 (handler)

  Handler function that performs pattern matching on target, payload, and response against trained patterns, supplements with database lookup for similar patterns, and returns match confidence and recommendations.
  async (params: any): Promise<ToolResult> => { try { const match = patternMatcher.matchPattern( params.vulnerabilityType, params.target, params.payload, params.response ); // Also check database for similar patterns const trainingData = await getTrainingData(params.vulnerabilityType, undefined, 50); const similarPatterns = trainingData.filter((pattern: any) => { return ( params.target.includes(pattern.target_pattern) || params.payload.includes(pattern.payload_pattern) ); }); return formatToolResult(true, { match, similarPatterns: similarPatterns.slice(0, 5), recommendation: match.confidence > 0.5 ? 'High confidence match' : 'Low confidence', }); } catch (error: any) { return formatToolResult(false, null, error.message); } }
• src/tools/training.ts:166-175 (schema)

  Input schema defining parameters for the training.match tool: vulnerabilityType, target, payload, and response.
  inputSchema: { type: 'object', properties: { vulnerabilityType: { type: 'string', description: 'Type of vulnerability to match' }, target: { type: 'string', description: 'Target URL' }, payload: { type: 'string', description: 'Payload used' }, response: { type: 'string', description: 'Response received' }, }, required: ['vulnerabilityType', 'target', 'payload', 'response'], },
• src/tools/training.ts:162-204 (registration)

  Registration of the 'training.match' tool using server.tool, including description, input schema, and handler function.
  server.tool( 'training.match', { description: 'Match current test against learned patterns', inputSchema: { type: 'object', properties: { vulnerabilityType: { type: 'string', description: 'Type of vulnerability to match' }, target: { type: 'string', description: 'Target URL' }, payload: { type: 'string', description: 'Payload used' }, response: { type: 'string', description: 'Response received' }, }, required: ['vulnerabilityType', 'target', 'payload', 'response'], }, }, async (params: any): Promise<ToolResult> => { try { const match = patternMatcher.matchPattern( params.vulnerabilityType, params.target, params.payload, params.response ); // Also check database for similar patterns const trainingData = await getTrainingData(params.vulnerabilityType, undefined, 50); const similarPatterns = trainingData.filter((pattern: any) => { return ( params.target.includes(pattern.target_pattern) || params.payload.includes(pattern.payload_pattern) ); }); return formatToolResult(true, { match, similarPatterns: similarPatterns.slice(0, 5), recommendation: match.confidence > 0.5 ? 'High confidence match' : 'Low confidence', }); } catch (error: any) { return formatToolResult(false, null, error.message); } } );
• src/tools/training.ts:32-67 (helper)

  The PatternMatcher.matchPattern method, which implements the core logic for scoring and finding the best matching pattern from learned training data.
  matchPattern(vulnType: string, target: string, payload: string, response: string): { confidence: number; pattern?: any; } { const patterns = this.patterns.get(vulnType) || []; let bestMatch = null; let bestScore = 0; for (const pattern of patterns) { let score = 0; // Simple pattern matching (can be enhanced with regex/ML) if (target.includes(pattern.targetPattern) || pattern.targetPattern.includes(target)) { score += 0.3; } if (payload.includes(pattern.payloadPattern) || pattern.payloadPattern.includes(payload)) { score += 0.3; } if (response.includes(pattern.successPattern)) { score += 0.4; } if (response.includes(pattern.failurePattern)) { score -= 0.2; } if (score > bestScore) { bestScore = score; bestMatch = pattern; } } return { confidence: bestScore, pattern: bestMatch, }; }