Documentation
ExploitDB MCP Server
A Model Context Protocol server that provides access to ExploitDB functionality, developed by Cyreslab.ai. This server enables AI assistants like Claude to query information about security exploits and vulnerabilities, enhancing cybersecurity research and threat intelligence capabilities.
GitHub Repository: https://github.com/Cyreslab-AI/exploitdb-mcp-server
Contact: contact@cyreslab.ai
Features
- Exploit Search: Search for exploits by keywords, CVE IDs, platforms, and more
- Exploit Details: Get comprehensive information about specific exploits, including code
- CVE Lookup: Find all exploits related to specific CVE IDs
- Recent Exploits: Track newly added exploits
- Statistics: Get insights into exploit distribution by platform, type, and year
- Automatic Updates: Keep the database up-to-date with scheduled updates
Installation
Prerequisites
- Node.js (v16 or higher)
- npm (v7 or higher)
Installation Steps
1. Clone the repository:
git clone https://github.com/Cyreslab-AI/exploitdb-mcp-server.git
cd exploitdb-mcp-server2. Install dependencies:
npm install3. Build the project:
npm run build4. Configure the server:
- Create a
.envfile in the root directory based on.env.example - Adjust settings as needed (data directory, update frequency, etc.)
5. Initialize the database:
npm run update-dbNote: The initial database update may take several minutes as it processes ~47,000 exploits from the ExploitDB CSV file. The script handles missing or malformed data gracefully by using fallback values for required fields.
6. Run the server:
node build/index.jsMCP Configuration
To use this server with Claude or other MCP-compatible assistants, add it to your MCP configuration:
{
"mcpServers": {
"mcp-exploitdb-server": {
"command": "node",
"args": ["/path/to/exploitdb-mcp-server/build/index.js"]
}
}
}Available Tools
The ExploitDB MCP server provides 18 comprehensive tools for querying and analyzing exploit data:
Core Search Tools
1. search_exploits - General search with multiple filters
2. get_exploit - Get detailed information about a specific exploit
3. find_by_cve - Find exploits by CVE ID
4. get_recent_exploits - Get recently added exploits
5. get_statistics - Get database statistics
Advanced Search Tools
6. search_by_platform - Search exploits for a specific platform with filters
7. search_by_type - Search by exploit type (webapps, remote, local, dos, hardware)
8. search_by_author - Find all exploits by a specific author
9. search_by_date_range - Find exploits within a date range
10. search_by_tags - Search by generated tags (sql injection, xss, etc.)
Analysis & Intelligence Tools
11. get_platform_statistics - Get detailed statistics for a specific platform
12. get_trending_exploits - Find recently added exploits (configurable time period)
13. compare_exploits - Compare multiple exploits side-by-side
14. get_exploit_timeline - Get chronological timeline of exploits
Utility Tools
15. batch_get_exploits - Retrieve multiple exploits efficiently (up to 50)
16. get_related_exploits - Find related exploits by platform, author, CVE, or tags
17. validate_exploit_id - Check if an exploit ID exists
18. export_search_results - Export search results in JSON or CSV format
Usage Examples
Search Exploits
Use the search_exploits tool to search for exploits in the database:
mcp-exploitdb-server
search_exploits
{
"query": "wordpress plugin",
"platform": "php",
"limit": 5
}Additional search parameters:
type: Filter by exploit type (e.g., webapps, remote, local)cve: Filter by CVE IDauthor: Filter by author namestart_date/end_date: Filter by date range (YYYY-MM-DD)verified: Filter by verified status (true/false)offset: For pagination
Get Exploit Details
Use the get_exploit tool to retrieve detailed information about a specific exploit:
mcp-exploitdb-server
get_exploit
{
"id": 12345,
"include_code": true
}Find Exploits by CVE
Use the find_by_cve tool to find all exploits related to a specific CVE:
mcp-exploitdb-server
find_by_cve
{
"cve": "CVE-2021-44228",
"limit": 10
}Get Recent Exploits
Use the get_recent_exploits tool to retrieve recently added exploits:
mcp-exploitdb-server
get_recent_exploits
{
"limit": 10
}Get Statistics
Use the get_statistics tool to get insights about the exploits in the database:
mcp-exploitdb-server
get_statistics
{}Search by Platform
Search exploits for a specific platform with advanced filters:
mcp-exploitdb-server
search_by_platform
{
"platform": "php",
"type": "webapps",
"verified": true,
"limit": 10
}Search by Author
Find all exploits by a specific author:
mcp-exploitdb-server
search_by_author
{
"author": "Offensive Security",
"limit": 10
}Search by Date Range
Find exploits within a specific date range:
mcp-exploitdb-server
search_by_date_range
{
"start_date": "2024-01-01",
"end_date": "2024-12-31",
"platform": "windows",
"limit": 20
}Search by Tags
Search exploits by generated tags:
mcp-exploitdb-server
search_by_tags
{
"tags": ["sql injection", "rce"],
"match_all": false,
"limit": 10
}Get Trending Exploits
Find recently added exploits:
mcp-exploitdb-server
get_trending_exploits
{
"days": 30,
"limit": 10
}Compare Exploits
Compare multiple exploits side-by-side:
mcp-exploitdb-server
compare_exploits
{
"ids": [12345, 12346, 12347]
}Get Related Exploits
Find exploits related to a specific exploit:
mcp-exploitdb-server
get_related_exploits
{
"id": 12345,
"relation_type": "platform",
"limit": 10
}Batch Get Exploits
Retrieve multiple exploits efficiently:
mcp-exploitdb-server
batch_get_exploits
{
"ids": [12345, 12346, 12347, 12348],
"include_code": false
}Export Search Results
Export search results in CSV or JSON format:
mcp-exploitdb-server
export_search_results
{
"query": "wordpress",
"format": "csv",
"platform": "php",
"limit": 100
}Configuration Options
The server can be configured using environment variables or a .env file:
| Variable | Description | Default |
|---|---|---|
CLONE_REPOSITORY | Whether to clone the ExploitDB repository | false |
REPOSITORY_URL | URL of the ExploitDB repository | https://gitlab.com/exploit-database/exploitdb.git |
CSV_URL | URL of the ExploitDB CSV file | https://gitlab.com/exploit-database/exploitdb/-/raw/main/files_exploits.csv |
DATA_DIR | Directory to store data | ./data |
DB_PATH | Path to the SQLite database | ./data/exploitdb.sqlite |
UPDATE_INTERVAL | Update frequency in hours (0 to disable) | 24 |
MAX_RESULTS | Maximum number of results to return per query | 10 |
Data Sources
This server uses data from the Exploit Database, maintained by Offensive Security. The data is either downloaded directly from the CSV file or cloned from the ExploitDB GitLab repository.
Data Processing
The server automatically handles various data quality issues:
- Date handling: Uses
date_publishedfrom the CSV, with fallbacks todate_added,date_updated, or a default date if all are missing - Missing fields: Provides sensible defaults for required fields (author, type, platform) when data is incomplete
- CVE extraction: Automatically extracts CVE identifiers from exploit descriptions
- Tag generation: Generates relevant tags based on exploit descriptions for improved searchability
The database typically contains:
- 46,000+ exploits spanning from 1988 to present
- 33,000+ verified exploits
- Coverage across 60+ platforms (PHP, Windows, Linux, etc.)
- 27,000+ web application exploits
- Comprehensive metadata including authors, dates, platforms, and CVE references
License
This project is licensed under the MIT License - see the LICENSE file for details.
Acknowledgements
- Offensive Security for maintaining the Exploit Database
- Model Context Protocol for enabling AI assistants to access external tools
Contributing
Contributions are welcome! Please feel free to submit a Pull Request.
Have feature suggestions or found a bug? Please open an issue on our GitHub repository or contact us directly at contact@cyreslab.ai.
Similar MCP
Based on tags & features
Trending MCP
Most active this week