VulneraMCP

Instructions

Implementation Reference

• src/tools/training.ts:177-203 (handler)

  The main execution handler for the 'training.match' tool. It uses the PatternMatcher to score the match and fetches similar training data from the database for recommendations.
  async (params: any): Promise<ToolResult> => { try { const match = patternMatcher.matchPattern( params.vulnerabilityType, params.target, params.payload, params.response ); // Also check database for similar patterns const trainingData = await getTrainingData(params.vulnerabilityType, undefined, 50); const similarPatterns = trainingData.filter((pattern: any) => { return ( params.target.includes(pattern.target_pattern) || params.payload.includes(pattern.payload_pattern) ); }); return formatToolResult(true, { match, similarPatterns: similarPatterns.slice(0, 5), recommendation: match.confidence > 0.5 ? 'High confidence match' : 'Low confidence', }); } catch (error: any) { return formatToolResult(false, null, error.message); } }
• src/tools/training.ts:166-175 (schema)

  Input schema defining the parameters for the 'training.match' tool: vulnerabilityType, target, payload, and response.
  inputSchema: { type: 'object', properties: { vulnerabilityType: { type: 'string', description: 'Type of vulnerability to match' }, target: { type: 'string', description: 'Target URL' }, payload: { type: 'string', description: 'Payload used' }, response: { type: 'string', description: 'Response received' }, }, required: ['vulnerabilityType', 'target', 'payload', 'response'], },
• src/tools/training.ts:162-204 (registration)

  Registration of the 'training.match' tool using server.tool, including description, schema, and handler.
  server.tool( 'training.match', { description: 'Match current test against learned patterns', inputSchema: { type: 'object', properties: { vulnerabilityType: { type: 'string', description: 'Type of vulnerability to match' }, target: { type: 'string', description: 'Target URL' }, payload: { type: 'string', description: 'Payload used' }, response: { type: 'string', description: 'Response received' }, }, required: ['vulnerabilityType', 'target', 'payload', 'response'], }, }, async (params: any): Promise<ToolResult> => { try { const match = patternMatcher.matchPattern( params.vulnerabilityType, params.target, params.payload, params.response ); // Also check database for similar patterns const trainingData = await getTrainingData(params.vulnerabilityType, undefined, 50); const similarPatterns = trainingData.filter((pattern: any) => { return ( params.target.includes(pattern.target_pattern) || params.payload.includes(pattern.payload_pattern) ); }); return formatToolResult(true, { match, similarPatterns: similarPatterns.slice(0, 5), recommendation: match.confidence > 0.5 ? 'High confidence match' : 'Low confidence', }); } catch (error: any) { return formatToolResult(false, null, error.message); } } );
• src/tools/training.ts:32-67 (helper)

  Core helper method in PatternMatcher class that performs the actual pattern matching and confidence scoring used by the handler.
  matchPattern(vulnType: string, target: string, payload: string, response: string): { confidence: number; pattern?: any; } { const patterns = this.patterns.get(vulnType) || []; let bestMatch = null; let bestScore = 0; for (const pattern of patterns) { let score = 0; // Simple pattern matching (can be enhanced with regex/ML) if (target.includes(pattern.targetPattern) || pattern.targetPattern.includes(target)) { score += 0.3; } if (payload.includes(pattern.payloadPattern) || pattern.payloadPattern.includes(payload)) { score += 0.3; } if (response.includes(pattern.successPattern)) { score += 0.4; } if (response.includes(pattern.failurePattern)) { score -= 0.2; } if (score > bestScore) { bestScore = score; bestMatch = pattern; } } return { confidence: bestScore, pattern: bestMatch, }; }