GitHub - gnlds/mcp-cve-intelligence-server-lite (original) (raw)
MCP CVE Intelligence Server Lite
A streamlined Model Context Protocol (MCP) Server for cybersecurity intelligence, providing unified access to vulnerability data from multiple authoritative sources including NVD, MITRE, and GitHub Security Advisories. This Lite version focuses on core CVE intelligence capabilities with essential features for security professionals.
🚀 Overview
The MCP CVE Intelligence Server Lite is a streamlined Model Context Protocol (MCP) Server designed for security professionals, penetration testers, and cybersecurity researchers who need essential vulnerability intelligence integrated into their AI workflows. This Lite edition focuses on core features, aggregating data from multiple authoritative sources and delivering actionable security insights through standardized protocols.
Status: Lite edition with core CVE intelligence features and streamlined functionality.
Key Features (Lite Edition)
- 🔍 Multi-Source CVE Intelligence: Unified access to NVD, MITRE CVE Records, and GitHub Security Advisories
- 🎯 Essential Exploit Discovery: Pattern-based detection from Exploit-DB, GitHub PoCs, Metasploit, and PacketStorm
- 🧮 EPSS Risk Scoring: Environmental context-aware vulnerability prioritization with exploit prediction
- 📊 Complete CVSS Support: Full v4/v3/v2 metric analysis with intelligent severity assessment
- 🔧 CPE-Based Discovery: Product-specific vulnerability identification using standardized identifiers
- 📈 Trending Analysis: Real-time vulnerability trending based on severity, exploits, and activity
- 📋 Professional Reports: Generate security reports in multiple formats (Markdown, JSON, summary)
- ⚡ Performance Optimized: Intelligent caching, retry logic, and streamlined processing
- 🛡️ Security-First: Type-safe implementation with comprehensive input validation and sanitization
- 🚦 Rate Limiting: Intelligent request throttling with source-specific limits
- 📊 Health Monitoring: Real-time source availability and performance tracking
🛠️ Installation
Prerequisites
- Node.js: 20.0.0 or higher
- npm: Comes with Node.js
Quick Start
Clone the repository
git clone https://github.com/gnlds/mcp-cve-intelligence-server-lite.git cd mcp-cve-intelligence-server-lite
Install dependencies
npm install
Build the project
npm run build
Start the server
npm start
Docker Deployment
Using Pre-built Image (Recommended)
Pull and run the latest image from Docker Hub
docker run -d
--name mcp-cve-server
-p 13001:3001
-e MCP_TRANSPORT_TYPE=http
-e MCP_HTTP_PORT=3001
-e MCP_HTTP_HOST=0.0.0.0
proug/mcp-cve-intelligence-server-lite:latest
Server will be available at http://localhost:13001
Health check: http://localhost:13001/health
Using Docker Compose
Using the provided Docker setup
chmod +x docker-run.sh ./docker-run.sh up
Server will be available at http://localhost:13001
Health check: http://localhost:13001/health
Building from Source
Build locally if you want to customize
docker build -t mcp-cve-intelligence-server-lite:local . docker run -d -p 13001:3001 mcp-cve-intelligence-server-lite:local
📋 For advanced Docker configuration, customization, and deployment options, see docs/DOCKER.md
MCP Client Setup
To use this server with MCP-compatible clients, install via NPM and configure:
Quick install from NPM
npx @proug/mcp-cve-intelligence-server-lite@latest --help
VS Code Configuration:
{ "servers": { "cve-intelligence": { "type": "stdio", "command": "npx", "args": ["-y", "mcp-cve-intelligence-server-lite@latest"] } } }
📋 For complete MCP client configuration (VS Code, Claude Desktop, etc.), see the Configuration section below.
📖 Usage
MCP Tools Available (Lite Edition)
The server provides 7 essential tools for comprehensive CVE intelligence and security analysis:
1. searchCves - Advanced CVE Search & Discovery
Search for vulnerabilities using flexible criteria with intelligent filtering:
{ "keyword": "apache log4j", "severity": "CRITICAL", "hasExploit": true, "dateStart": "2021-01-01", "dateEnd": "2024-12-31", "limit": 50, "source": "nvd" }
Advanced Examples:
// Search for recent RCE vulnerabilities { "keyword": "remote code execution", "severity": "HIGH,CRITICAL", "dateStart": "2024-01-01", "hasExploit": true, "limit": 100 }
// Find Windows privilege escalation issues { "keyword": "windows privilege escalation", "severity": "MEDIUM,HIGH,CRITICAL", "limit": 25 }
2. getCveDetails - Comprehensive CVE Intelligence
Retrieve detailed vulnerability information with exploit analysis:
{ "cveId": "CVE-2021-44228", "includeExploits": true, "includeReferences": true }
Response includes:
- Complete CVSS v4/v3/v2 metrics and scoring
- CWE classifications and weakness analysis
- Affected products with CPE identifiers
- Known exploits from multiple sources
- EPSS risk scores and probability
- Vendor advisories and patches
3. getTrendingCves - Real-Time Vulnerability Intelligence
Discover currently trending vulnerabilities based on activity and severity:
{ "limit": 25, "timeframe": "7d", "minSeverity": "MEDIUM" }
Trending Analysis:
- Recently disclosed high-impact vulnerabilities
- CVEs with increasing exploit activity
- Vulnerabilities gaining security community attention
- Active discussions and proof-of-concepts
4. calculateEpssScores - Environmental Risk Assessment
Calculate context-aware EPSS scores for vulnerability prioritization:
{ "cveIds": ["CVE-2021-44228", "CVE-2022-22965", "CVE-2023-23397"], "environmentContext": { "networkExposure": "internet-facing", "assetCriticality": "critical", "securityControls": ["waf", "ids", "edr"], "patchingCapability": "rapid" } }
Environment Contexts:
networkExposure: "internal", "dmz", "internet-facing"assetCriticality: "low", "medium", "high", "critical"securityControls: Array of deployed security measurespatchingCapability: "limited", "standard", "rapid"
5. generateCveReport - Professional Security Reports
Generate comprehensive vulnerability reports in multiple formats:
{ "cveIds": ["CVE-2021-44228", "CVE-2022-22965"], "format": "markdown", "includeExploits": true, "includeMetrics": true, "includeMitigation": true }
Report Formats:
markdown: Professional markdown reportsjson: Structured data for automationsummary: Executive summary format
Report Sections:
- Executive summary with risk assessment
- Detailed vulnerability analysis
- Exploit availability and complexity
- Recommended mitigation strategies
- CVSS metrics and environmental scoring
6. searchByCpe - Product-Specific Vulnerability Discovery
Find vulnerabilities affecting specific products using CPE identifiers:
{ "cpe": "cpe:2.3:a:apache:log4j::::::::", "severity": "HIGH,CRITICAL", "hasExploit": true, "limit": 50 }
CPE Examples:
// Search for all Apache products { "cpe": "cpe:2.3:a:apache:::::::::*", "severity": "CRITICAL" }
// Windows Server vulnerabilities { "cpe": "cpe:2.3:o:microsoft:windows_server::::::::", "hasExploit": true }
// Specific version targeting { "cpe": "cpe:2.3:a:apache:log4j:2.14.1:::::::*", "includeExploits": true }
7. getSourceHealth - Data Source Monitoring
Monitor the health and availability of CVE data sources:
{ "includeMetrics": true, "includeLastUpdated": true }
Health Metrics:
- Source availability status
- Response times and performance
- Last successful data update
- API rate limit status
- Error rates and reliability
Command Line Interface
The server includes a comprehensive CLI for production deployment and testing:
Quick Start Commands
Quick start with HTTP transport
npm start -- quick-start --port 3001
Start with stdio transport (default MCP)
npm start -- --transport stdio
Start with custom configuration
npm start -- --transport http --port 3001 --log-level debug
Configuration Management
Show current configuration and environment
npm start -- config
Health Monitoring & Testing
Basic health check via HTTP endpoint
curl http://localhost:3001/health
Test via MCP tools
curl -X POST http://localhost:3001/mcp
-H "Content-Type: application/json"
-d '{"method": "tools/call", "params": {"name": "getSourceHealth", "arguments": {}}}'
Docker Integration
Generate Docker commands and deployment info
npm start -- docker --port 3001
Advanced Options
Custom transport and networking
npm start -- --transport http --port 3001 --host 0.0.0.0
Set log level for debugging
npm start -- --transport http --log-level debug
Help and available commands
npm start -- --help
Practical Usage Examples
Scenario 1: Security Assessment Workflow
1. Start the server for assessment
npm start -- quick-start --port 3001
2. Check source health
curl -X POST http://localhost:3001/mcp
-H "Content-Type: application/json"
-d '{"method": "tools/call", "params": {"name": "getSourceHealth", "arguments": {}}}'
3. Search for critical vulnerabilities in your stack
curl -X POST http://localhost:3001/mcp
-H "Content-Type: application/json"
-d '{"method": "tools/call", "params": {"name": "searchByCpe", "arguments": {"cpe": "cpe:2.3:a:apache:::::::::*", "severity": "CRITICAL"}}}'
4. Generate assessment report
curl -X POST http://localhost:3001/mcp
-H "Content-Type: application/json"
-d '{"method": "tools/call", "params": {"name": "generateCveReport", "arguments": {"cveIds": ["CVE-2021-44228"], "format": "markdown", "includeExploits": true}}}'
Scenario 2: Threat Intelligence Research
1. Find trending vulnerabilities
npm start -- --transport http --port 3001
2. Research specific CVE with exploits
curl -X POST http://localhost:3001/mcp
-H "Content-Type: application/json"
-d '{"method": "tools/call", "params": {"name": "getCveDetails", "arguments": {"cveId": "CVE-2024-12345", "includeExploits": true}}}'
3. Calculate environmental risk
curl -X POST http://localhost:3001/mcp
-H "Content-Type: application/json"
-d '{"method": "tools/call", "params": {"name": "calculateEpssScores", "arguments": {"cveIds": ["CVE-2024-12345"], "environmentContext": {"networkExposure": "internet-facing", "assetCriticality": "critical"}}}}'
Scenario 3: Penetration Testing Preparation
Search for exploitable vulnerabilities in target technology
curl -X POST http://localhost:3001/mcp
-H "Content-Type: application/json"
-d '{"method": "tools/call", "params": {"name": "searchCves", "arguments": {"keyword": "windows server 2019", "hasExploit": true, "severity": "HIGH,CRITICAL", "limit": 50}}}'
Find recent RCE vulnerabilities
curl -X POST http://localhost:3001/mcp
-H "Content-Type: application/json"
-d '{"method": "tools/call", "params": {"name": "searchCves", "arguments": {"keyword": "remote code execution", "dateStart": "2024-01-01", "hasExploit": true}}}'
Configuration
Configure the server using environment variables or .env file:
MCP Client Configuration
To use this server with MCP-compatible clients (VS Code, Claude Desktop, etc.), you need to configure the client to connect to this server.
For VS Code:
Create a .vscode/mcp.json file in your workspace:
{ "servers": { "cve-intelligence": { "type": "stdio", "command": "npx", "args": ["-y", "mcp-cve-intelligence-server-lite@latest"] } } }
Or for global configuration, run MCP: Open User Configuration in VS Code and add:
{ "servers": { "cve-intelligence": { "type": "stdio", "command": "npx", "args": ["-y", "mcp-cve-intelligence-server-lite@latest"], "env": { "NVD_API_KEY": "${input:nvd-api-key}", "GITHUB_TOKEN": "${input:github-token}" } } }, "inputs": [ { "type": "promptString", "id": "nvd-api-key", "description": "NVD API Key (optional)", "password": true }, { "type": "promptString", "id": "github-token", "description": "GitHub Personal Access Token (optional)", "password": true } ] }
For Claude Desktop:
Add to your Claude Desktop configuration file (~/Library/Application Support/Claude/config.json on macOS):
{ "mcpServers": { "cve-intelligence": { "command": "npx", "args": ["-y", "mcp-cve-intelligence-server-lite@latest"], "env": { "NVD_API_KEY": "your-optional-nvd-api-key", "GITHUB_TOKEN": "your-optional-github-token" } } } }
For Docker Containers:
You can run the MCP server in a Docker container for enhanced security and isolation:
VS Code Configuration (STDIO Transport):
{ "servers": { "cve-intelligence": { "type": "stdio", "command": "docker", "args": [ "run", "-i", "--rm", "proug/mcp-cve-intelligence-server-lite:latest" ] } } }
VS Code Configuration (HTTP Transport):
{ "servers": { "cve-intelligence": { "url": "http://localhost:3001/mcp" } } }
Claude Desktop Configuration (STDIO Transport):
{ "mcpServers": { "cve-intelligence": { "command": "docker", "args": [ "run", "-i", "--rm", "proug/mcp-cve-intelligence-server-lite:latest" ], "env": { "NVD_API_KEY": "your-optional-nvd-api-key", "GITHUB_TOKEN": "your-optional-github-token" } } } }
Claude Desktop Configuration (HTTP Transport):
{ "mcpServers": { "cve-intelligence": { "command": "docker", "args": [ "run", "-d", "--rm", "-p", "3001:3001", "-e", "MCP_TRANSPORT_TYPE=http", "-e", "MCP_HTTP_PORT=3001", "-e", "MCP_HTTP_HOST=0.0.0.0", "-e", "NVD_API_KEY=your-optional-nvd-api-key", "-e", "GITHUB_TOKEN=your-optional-github-token", "proug/mcp-cve-intelligence-server-lite:latest" ] } } }
Docker Compose (Production Ready):
Use the provided docker-compose.yml for production deployments:
Start with HTTP transport on port 13001
./docker-run.sh up
Server available at: http://localhost:13001
Health check: http://localhost:13001/health/live
Note: When using Docker, the MCP server runs in an isolated container. The Docker image is available from Docker Hub:
Pull the latest image
docker pull proug/mcp-cve-intelligence-server-lite:latest
Or build locally from source:
docker build -t mcp-cve-intelligence-server-lite:local .
For Custom Implementations:
Start the server in stdio mode and connect via standard input/output:
Start server in stdio mode (default)
npx mcp-cve-intelligence-server-lite
Or start in HTTP mode
npx mcp-cve-intelligence-server-lite --transport http --port 3001
Basic Configuration
Core server settings
export MCP_HTTP_PORT="3001" export MCP_TRANSPORT="http" # or "stdio" export LOG_LEVEL="info" # debug, info, warn, error export NODE_ENV="production" # development, production, test
API Authentication (Enhanced Functionality)
NVD API (NIST) - Higher rate limits
export NVD_API_KEY="your-nvd-api-key"
GitHub API - Higher rate limits for security advisories
export GITHUB_TOKEN="your-github-personal-access-token"
MITRE CVE Program - Requires CVE Program membership
export MITRE_API_KEY="your-mitre-api-key" export MITRE_API_ORG="your-organization-name" export MITRE_API_USER="your-username"
Security Note: API keys and tokens are only accepted via environment variables for security reasons. They cannot be provided via CLI arguments.
Advanced Configuration
Rate limiting and performance
export CVE_CACHE_TTL="1800" # Cache TTL in seconds export CVE_CACHE_MAX_SIZE="1000" # Maximum cache entries export CVE_REQUEST_TIMEOUT="30000" # Request timeout in ms export CVE_RETRY_ATTEMPTS="3" # Retry attempts for failed requests
Security settings
export CVE_CORS_ORIGIN="*" # CORS allowed origins export CVE_API_KEY_REQUIRED="false" # Require API key for access export CVE_RATE_LIMIT="100" # Requests per window export CVE_RATE_WINDOW="3600" # Rate limit window in seconds
Logging and monitoring
export LOG_FILE_PATH="/app/logs" # Log file directory export LOG_MAX_FILES="30" # Maximum log files to keep export LOG_MAX_SIZE="100mb" # Maximum log file size export METRICS_ENABLED="true" # Enable performance metrics
Environment File Example
Create a .env file in your project root:
.env file for MCP CVE Intelligence Server Lite
NODE_ENV=development MCP_HTTP_PORT=3001 LOG_LEVEL=debug
API Keys (optional but recommended)
NVD_API_KEY=your-nvd-api-key-here GITHUB_TOKEN=ghp_your-github-token-here
Performance tuning
CVE_CACHE_TTL=3600 CVE_REQUEST_TIMEOUT=30000 CVE_RETRY_ATTEMPTS=3
Security
CVE_CORS_ORIGIN=http://localhost:3000,https://yourdomain.com CVE_RATE_LIMIT=200 CVE_RATE_WINDOW=3600
Docker Environment Configuration
docker-compose.yml environment section
environment:
- NODE_ENV=production
- MCP_HTTP_PORT=3001
- LOG_LEVEL=info
- NVD_API_KEY=${NVD_API_KEY}
- GITHUB_TOKEN=${GITHUB_TOKEN}
- CVE_CACHE_TTL=1800
- CVE_RATE_LIMIT=100
Authentication Details
| Source | Authentication | Required For | Setup |
|---|---|---|---|
| NVD | Optional API key | Higher rate limits | NVD_API_KEY |
| GitHub | Optional token | Higher rate limits | GITHUB_TOKEN |
| MITRE | CVE Program membership | Search functionality | MITRE_API_KEY, MITRE_API_ORG, MITRE_API_USER |
Note: MITRE search requires CVE Program membership with Secretariat role. Individual CVE lookups work without authentication. 📋 For Docker-specific configuration and deployment options, see docs/DOCKER.md
🏗️ Architecture (Lite Edition)
Core Components
- CVE Service: Central intelligence engine for vulnerability analysis
- Source Manager: Manages multiple CVE data sources with failover
- Transport Manager: Handles both STDIO and HTTP transport protocols
- Health Service: Monitors data source availability and performance
- Exploit Intelligence: Pattern-based exploit discovery and classification
Data Sources (Lite Configuration)
| Source | Purpose | Features | Authentication |
|---|---|---|---|
| NVD (NIST) | Primary CVE database | CVSS metrics, CPE matching, essential search | Optional (API key) |
| MITRE | Authoritative CVE records | Official assignments, CWE mappings, CVE JSON 5.1 | CVE Program membership |
| GitHub Security | Modern vulnerability advisories | GHSA identifiers, ecosystem-specific data | Optional (token) |
Exploit Sources (Lite Pattern Detection)
- Exploit-DB: Verified exploits with detailed documentation and proof-of-concepts
- GitHub PoCs: Cutting-edge research and proof-of-concept repositories
- Metasploit Framework: Professional penetration testing modules and exploits
- PacketStorm Security: Curated security exploits and security advisories
🔧 Development
Quick Development Setup
Clone and setup
git clone https://github.com/gnlds/mcp-cve-intelligence-server-lite.git cd mcp-cve-intelligence-server-lite npm install
Build and run
npm run build npm start
📋 For detailed development workflow, debugging, testing procedures, and contribution guidelines, see CONTRIBUTING.md
📊 Performance Features (Lite Edition)
- Essential Caching: Smart caching reduces API calls and improves response times
- Streamlined Processing: Optimized source queries for faster results
- Retry Logic: Exponential backoff with circuit breaker for reliable API communication
- Request Optimization: Prevents duplicate API calls within time windows
- Performance Monitoring: Built-in timing, metrics collection, and health checks
- Connection Management: Efficient HTTP connection handling
- Rate Limiting: Source-specific throttling respecting API limits and quotas
🔒 Security Considerations
- Input Validation: Comprehensive Zod schema validation for all inputs
- Sanitization: Multi-layer input sanitization preventing injection attacks
- Rate Limiting: Request throttling with client identification and blocking
- Error Handling: Secure error messages without sensitive data exposure
- Type Safety: Strict TypeScript implementation preventing runtime errors
- API Key Management: Secure environment variable handling with validation
- Transport Security: HTTPS enforcement and secure headers
- Session Management: Secure session handling for HTTP transport
🌟 Use Cases (Lite Edition)
For Security Professionals
- Vulnerability Assessment: Essential CVE research and analysis
- Threat Intelligence: Real-time vulnerability trending and prioritization
- Penetration Testing: Exploit discovery and pattern analysis
- Compliance Reporting: Professional vulnerability reports
For AI/LLM Integration
- Context-Aware Security: Provide vulnerability context to AI models
- Automated Research: Enable AI-driven security research workflows
- Intelligent Prioritization: AI-assisted vulnerability triage
- Report Generation: Automated security documentation
🤝 Contributing
We welcome contributions! Please see our Contributing Guide for details on:
- Setting up the development environment
- Code style guidelines
- Submitting pull requests
- Reporting bugs and feature requests
🛡️ Security
This project follows security best practices:
- Responsible Disclosure: See our Security Policy for reporting vulnerabilities
- Secure Development: All releases go through automated security scanning and approval processes
- Access Control: Repository access is restricted to verified maintainers
- Audit Trail: All production deployments are tracked and require approval
For security concerns, please see our Security Policy.
📄 License
This project is licensed under the MIT License - see the LICENSE file for details.
🙋♂️ Support
- GitHub Issues: Report bugs or request features
- GitHub Discussions: Community discussions and questions
- Documentation: Check the inline code documentation for API details
🏆 Credits
- NIST NVD: Primary vulnerability database
- MITRE Corporation: CVE numbering authority
- GitHub Security: Modern security advisory platform
- Model Context Protocol: AI integration framework
Built with ❤️ for the cybersecurity community
MCP CVE Intelligence Server Lite - Essential CVE intelligence for security professionals