vulscan-mcp
Provides optional reporting integration for sending scan findings as alerts or tickets to the Datto RMM platform.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@vulscan-mcpshow recent PII findings for Acme Corp"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
vulscan-mcp
A client-deployable vulnerability & PII scanning platform with a central MCP server — a Telivy-style tool for MSPs. A lightweight agent is deployed to client endpoints (or run via RMM), runs a suite of scanners, and reports findings back as structured reports. A central MCP server exposes the fleet's findings to Claude so an analyst can review risk in natural language.
Inspired by RobertoDure/mcp-vulnerability-scanner,
extended into an agent-based, multi-scanner, multi-client platform.
⚠️ Authorized use only. Deploy and scan only against systems you are contractually authorized to assess. Reports reference the locations of sensitive data and store redacted previews only — never raw PII — but should still be treated as confidential.
What it does
Scanner | Status | What it finds |
| ✅ working | PII in local files (SSNs, credit cards, emails, phones, DOB, …) |
| ✅ working | Outdated/vulnerable software (offline CVE ruleset), firewall/disk-encryption posture, OS end-of-life |
| ✅ working | Open ports, exposed/risky services, version-matched CVEs, and optional nmap |
| ✅ working | PII in SharePoint/OneDrive document libraries via Microsoft Graph |
All four scanners run end-to-end. The two PII scanners currently read text-like files directly; Office/PDF extraction is a shared, documented extension point.
Related MCP server: CVE MCP Server
Architecture
vulscan/
├── common/ Shared models (Finding, ScanReport), config, PII engine
├── scanners/ Scanning engines (one file each, common Scanner interface)
├── agent/ Deployable client agent (CLI + report delivery)
├── server/ Central MCP server + report store
└── reporting/ JSON / HTML / PDF report generationThe agent and server share the common models, so a report produced on an
endpoint deserializes cleanly on the server and renders identically everywhere.
See docs/mcp.md for the MCP server and deploy/README.md
for packaging/deployment.
Quick start
# Install (base agent, no optional extras needed for local_pii)
pip install -e .
# See available scanners and whether each can run here
vulscan-agent list
# Run a local PII scan and write JSON + HTML reports
vulscan-agent scan local_pii --path ./some/dir --client-name "Acme Corp"
# Reports land in ./scan-output/ by defaultAdd optional capabilities as needed:
pip install -e '.[docs]' # PDF/DOCX/XLSX text extraction for PII scanning
pip install -e '.[m365]' # SharePoint/OneDrive scanning
# network_vuln needs only the `nmap` binary on the host (no Python package)
pip install -e '.[pdf]' # PDF reports
pip install -e '.[server]' # the central MCP server
pip install -e '.[all,dev]' # everything + test/lint toolingThe central server (two processes)
pip install -e '.[server]'
# 1) Receive agent uploads over HTTP (agents POST reports here):
VULSCAN_DATA_DIR=/var/lib/vulscan VULSCAN_API_KEY=secret vulscan-ingest
# 2) Answer analyst queries over MCP (point Claude Desktop at this):
VULSCAN_DATA_DIR=/var/lib/vulscan vulscan-serverAgents upload by setting --client-id, VULSCAN_SERVER_URL, and VULSCAN_API_KEY;
reports are also always written locally. See docs/mcp.md.
Enriching the CVE ruleset from NVD (optional)
vulscan-update-vulndb -p openssl -p openssh -p "google chrome" -o vulndb-cache.json
VULSCAN_VULNDB=vulndb-cache.json vulscan-agent scan system_vuln # uses the cacheConfiguration
Copy config.example.toml to config.toml, or use VULSCAN_* environment
variables (env wins over file). Secrets should come from env vars / RMM site
variables, never the committed file. Key settings:
agent.client_id/client_name— which client this deployment is foragent.server_url/api_key— where to upload reports (optional)agent.local_pii_paths— default paths for the local PII scanneragent.network_targets— default hosts/CIDRs for the network scanneragent.m365.*— Microsoft Graph credentials for SharePoint scanningserver.*— ingest host/port, API key, and optional Autotask PSA ticketing
Development
pip install -e '.[all,dev]'
pytest # run the test suite
ruff check . # lintRoadmap
Implement
system_vuln(software inventory + offline CVE ruleset + posture checks)Implement
network_vuln(nmap XML → exposed services + CVE findings)Implement
sharepoint_pii(Graph enumeration + PII engine)Enrich the CVE ruleset from the NVD feed (
vulscan-update-vulndb)PDF/DOCX/XLSX text extraction for the PII scanners (
docsextra)HTTP ingest endpoint (
/api/reports) on the server (vulscan-ingest)Autotask PSA ticket reporting (central-server ingest hook)
Additional reporting integrations (Datto RMM alerts, Outlook email digests)
Presidio-backed PII detection behind the existing engine interface
Legacy Office (.doc/.xls/.ppt) extraction; historical scan-to-scan diffing
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/am3cramirez/vulscan-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server