Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@MCP Exploit-DB Serversearch for exploits related to Apache Struts 2.0.0"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
MCP Exploit-DB Server
An MCP (Model Context Protocol) server that provides access to the Exploit-DB database using the searchsploit command-line tool. This allows AI assistants like Claude to search for and retrieve exploit information directly.
Prerequisites
Python 3.10 or higher
searchsploitcommand-line tool (from exploitdb package)
Installing searchsploit
On Kali Linux / Debian-based systems:
sudo apt update
sudo apt install exploitdbOn macOS with Homebrew:
brew install exploitdbInstallation on Claude Code and Desktop
Clone or download the repository:
claude mcp add --transport stdio exploitdb -- venv/bin/python exploit_db/server.pyAfter updating the configuration claude_desktop_config.json, restart Claude Desktop (see sample file in the repo).
{
"mcpServers": {
"exploitdb": {
"command": "/ABSOLUTE/PATH/TO/PARENT/FOLDER/venv/bin/python",
"args": ["-m", "exploit_db.server"]
}
}
}Available Tools
1. search_exploits
Search for exploits using keywords.
Parameters:
terms(required): Array of search terms (e.g.,["afd", "windows", "local"])case_sensitive(optional): Perform case-sensitive search (default: false)exact(optional): Exact match on exploit title (default: false)strict(optional): Strict version matching (default: false)title_only(optional): Search only in titles, not paths (default: false)exclude(optional): Exclude terms from results (use | to separate)json_output(optional): Return JSON format (default: false)show_urls(optional): Show web URLs instead of local paths (default: false)
Example:
Search for Windows local privilege escalation exploits related to afd.sys2. search_cve
Search for exploits by CVE identifier.
Parameters:
cve(required): CVE identifier (e.g., "2021-44228" or "CVE-2021-44228")json_output(optional): Return JSON format (default: false)
Example:
Find exploits for CVE-2021-442283. get_exploit_path
Get the full local filesystem path to an exploit.
Parameters:
edb_id(required): Exploit-DB ID (e.g., "39446")
Example:
Get the path for exploit 394464. get_exploit_content
Retrieve and display the full content of an exploit.
Parameters:
edb_id(required): Exploit-DB ID (e.g., "39446")
Example:
Show me the content of exploit 394465. mirror_exploit
Copy an exploit file to a specified directory.
Parameters:
edb_id(required): Exploit-DB IDdestination(optional): Destination directory (default: current directory)
Example:
Copy exploit 39446 to /tmp6. update_exploitdb
Update the local Exploit-DB database.
Example:
Update the exploit databaseUsage Examples
Once configured, you can ask Claude questions like:
"Search for Apache Struts 2.0.0 exploits"
"Find exploits for CVE-2021-44228"
"Show me Windows kernel privilege escalation exploits"
"Get the content of exploit 39446"
"Search for Linux kernel 3.2 exploits excluding PoC and DoS"
"Find remote code execution exploits for PHP"
Credits
Exploit-DB: https://www.exploit-db.com/
searchsploit: Part of the exploitdb package
MCP Protocol: https://modelcontextprotocol.io/
This server cannot be installed
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.