Vulnerability Intelligence MCP Server

🚀 MCP Vulnerability Checker Server

A modular Model Context Protocol (MCP) server offering comprehensive security vulnerability intelligence tools, including CVE lookup, EPSS scoring, CVSS calculation, exploit detection, and Python package vulnerability checking.

🚀 Quick Start

The vulnerability intelligence MCP server is already hosted and ready to use! Simply configure your MCP client to connect to it.

Claude Desktop Configuration

Add this configuration to your Claude Desktop settings file (~/.config/claude/claude_desktop_config.json):

{
  "mcpServers": {
    "vulnerability-intelligence": {
      "command": "npx",
      "args": ["-y", "@modelcontextprotocol/server-fetch"],
      "env": {
        "FETCH_URL": "https://vulnerability-intelligence-mcp-server-edb8b15494e8.herokuapp.com/sse"
      }
    }
  }
}

Cursor IDE Configuration

Add this configuration to your Cursor MCP settings file (~/.cursor/mcp.json):

{
  "mcpServers": {
    "vulnerability-intelligence": {
      "url": "https://vulnerability-intelligence-mcp-server-edb8b15494e8.herokuapp.com/sse"
    }
  }
}

Alternatively, in Cursor IDE:

1. Open Cursor Settings → Features → MCP Servers
2. Click "Add New Server"
3. Select "Server-Sent Events (SSE)" as the type
4. Enter URL: https://vulnerability-intelligence-mcp-server-edb8b15494e8.herokuapp.com/sse
5. Give it a name: vulnerability-intelligence

Test the Connection

Once configured, try these example queries in Claude or Cursor:

• CVE Lookup: "Look up CVE-2021-44228" (Log4Shell vulnerability)
• EPSS Score: "Get EPSS score for CVE-2021-44228"
• Package Check: "Check the 'requests' Python package for vulnerabilities"
• Exploit Check: "Check for exploits for CVE-2021-44228"
• CVSS Calculator: "Calculate CVSS score for vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"

✨ Features

🔍 CVE Vulnerability Lookup (cve_lookup)

• Purpose: Fetches detailed vulnerability information from the National Vulnerability Database (NVD)
• Data Source: NIST National Vulnerability Database API 2.0
• Usage: cve_lookup cve_id="CVE-2021-44228"
• Features:
  • CVSS scores (v2.0, v3.0, v3.1) with severity ratings
  • Comprehensive vulnerability descriptions
  • References, advisories, and remediation links
  • CWE (Common Weakness Enumeration) mappings
  • Publication and modification timeline
  • Affected product configurations

📊 EPSS Score Lookup (get_epss_score)

• Purpose: Get Exploit Prediction Scoring System (EPSS) scores for CVEs
• Data Source: FIRST EPSS API
• Usage: get_epss_score cve_id="CVE-2021-44228"
• Features:
  • Probability of exploitation within 30 days
  • AI-powered risk prioritization
  • Real-time threat intelligence integration
  • Percentile rankings for relative risk assessment

🧮 CVSS Score Calculator (calculate_cvss_score)

• Purpose: Calculate CVSS base scores from vector strings
• Data Source: CVSS v3.0/v3.1 specification
• Usage: calculate_cvss_score vector="CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
• Features:
  • Support for CVSS v3.0 and v3.1
  • Detailed metric breakdown
  • Severity level mapping (Critical, High, Medium, Low)
  • Vector string validation and parsing

🔎 Vulnerability Search (search_vulnerabilities)

• Purpose: Search vulnerability databases with advanced filtering
• Data Source: Multiple vulnerability databases (NVD, CVE)
• Usage: search_vulnerabilities keywords="apache" severity="HIGH" date_range="1y"
• Features:
  • Keyword-based search across vulnerability descriptions
  • Severity filtering (CRITICAL, HIGH, MEDIUM, LOW)
  • Date range filtering (30d, 90d, 1y, 2y, or custom)
  • Advanced query capabilities for threat research

🎯 Exploit Availability Check (get_exploit_availability)

• Purpose: Check for public exploits and proof-of-concepts (PoCs)
• Data Source: ExploitDB, Metasploit, GitHub, security advisories
• Usage: get_exploit_availability cve_id="CVE-2021-44228"
• Features:
  • Multi-source exploit detection
  • Active exploitation indicators
  • PoC code availability assessment
  • Threat intelligence aggregation

⏰ Vulnerability Timeline (get_vulnerability_timeline)

• Purpose: Get comprehensive timeline and patch status information
• Data Source: NVD, vendor advisories, security bulletins
• Usage: get_vulnerability_timeline cve_id="CVE-2021-44228"
• Features:
  • Publication and disclosure timeline
  • Patch availability status
  • Vendor advisory tracking
  • Remediation guidance timeline

🎯 VEX Status Check (get_vex_status)

• Purpose: Check Vulnerability Exploitability eXchange (VEX) status for specific products
• Data Source: Vendor VEX statements and product security advisories
• Usage: get_vex_status cve_id="CVE-2021-44228" product="Apache HTTP Server"
• Features:
  • Product-specific impact assessment
  • Vendor-provided exploitability statements
  • False positive filtering
  • Supply chain impact analysis

📦 Python Package Vulnerability Check (package_vulnerability_check)

• Purpose: Checks Python packages for known security vulnerabilities
• Data Source: OSV (Open Source Vulnerabilities) Database + PyPI
• Usage: package_vulnerability_check package_name="requests" version="2.25.1"
• Features:
  • Comprehensive vulnerability scanning for PyPI packages
  • Version-specific or all-versions checking
  • Detailed vulnerability reports with severity scores
  • Affected version ranges and fix information
  • Integration with CVE, GHSA, and PYSEC databases
  • Package metadata from PyPI

🔧 Technical Details

🏗️ Modular Architecture

The server is built with a clean, modular architecture:

mcp_simple_tool/
├── server.py                    # Main MCP server orchestration
└── tools/                       # Individual tool modules
    ├── cve_lookup.py            # CVE vulnerability lookup
    ├── epss_lookup.py           # EPSS score lookup
    ├── cvss_calculator.py       # CVSS score calculator
    ├── vulnerability_search.py  # Advanced vulnerability search
    ├── exploit_availability.py  # Exploit and PoC detection
    ├── vulnerability_timeline.py # Timeline and patch status
    ├── vex_status.py            # VEX status checking
    └── package_vulnerability.py # Python package security check

tests/                           # Comprehensive test suite
├── run_tests.py                 # Automated test runner
└── test_*.py                    # Individual tool tests

🔧 Alternative Setup Methods

Docker Setup (Recommended for Local Development)

1. Initial setup:

# Clone the repository
git clone https://github.com/firetix/vulnerability-intelligence-mcp-server
cd vulnerability-intelligence-mcp-server

# Create environment file
cp .env.example .env

2. Build and run using Docker Compose:

# Build and start the server
docker compose up --build -d

# View logs
docker compose logs -f

# Check server status
docker compose ps

# Stop the server
docker compose down

3. The server will be available at: http://localhost:8000/sse
4. Connect to Cursor IDE:
   • Open Cursor Settings → Features
   • Add new MCP server
   • Type: Select "sse"
   • URL: Enter http://localhost:8000/sse

Local Development Setup

1. Install the uv package manager:

# Install uv on macOS
brew install uv
# Or install via pip (any OS)
pip install uv

2. Install dependencies and run:

# Install the package with development dependencies
uv pip install -e ".[dev]"

# Using stdio transport (default)
uv run mcp-simple-tool

# Using SSE transport on custom port
uv run mcp-simple-tool --transport sse --port 8000

# Run the comprehensive test suite
python tests/run_tests.py

3. For Cursor IDE integration (stdio mode):
   • Copy the absolute path to cursor-run-mcp-server.sh
   • Open Cursor Settings → Features → MCP Servers
   • Add new server with "stdio" type and the script path

🧪 Testing the Tools

Run the comprehensive test suite:

# Run all tests
python tests/run_tests.py

# Run individual tool tests
python tests/test_cve_lookup.py
python tests/test_package_vulnerability.py  
python tests/test_modular_server.py

Example Test Outputs

CVE Lookup Test:

🔍 **CVE Vulnerability Report: CVE-2021-44228**

📅 **Timeline:**
   • Published: 2021-12-10T10:15:09.143
   • Last Modified: 2023-11-07T04:10:58.217

⚠️ **CVSS Scores:**
   • CVSS 3.1: 10.0 (CRITICAL)

Package Vulnerability Test:

🚨 **Python Package Security Report: requests**

⚠️ **Found 11 known vulnerabilities**

📦 **Package Information:**
   • Latest Version: 2.32.3
   • Summary: Python HTTP for Humans.

🌍 Environment Variables

Available environment variables (can be set in .env):

• MCP_SERVER_PORT (default: 8000) - Port to run the server on
• MCP_SERVER_HOST (default: 0.0.0.0) - Host to bind the server to
• DEBUG (default: false) - Enable debug mode
• MCP_USER_AGENT - Custom User-Agent for HTTP requests

🚀 Deploy Your Own Instance

If you want to deploy your own instance of the vulnerability intelligence server, you can use Heroku for quick deployment:

1. Click "Deploy to Heroku" button
2. After deployment, your instance will be available at:
   • https://<your-app-name>.herokuapp.com/sse
3. Configure your MCP client to use your deployed instance:
   • For Claude Desktop: Update the FETCH_URL in your configuration
   • For Cursor IDE: Update the URL in your MCP settings
4. Test your deployment with the same example queries:
   • CVE Lookup: "Look up CVE-2021-44228"
   • EPSS Score: "Get EPSS score for CVE-2021-44228"
   • Package Check: "Check the 'requests' Python package for vulnerabilities"
   • Exploit Check: "Check for exploits for CVE-2021-44228"

📊 Data Sources & APIs

• CVE Data: NIST National Vulnerability Database (NVD API 2.0)
• EPSS Scores: FIRST EPSS API (Exploit Prediction Scoring System)
• CVSS Calculations: CVSS v3.0/v3.1 specification compliance
• Vulnerability Search: Multiple CVE and vulnerability databases
• Exploit Intelligence: ExploitDB, Metasploit, GitHub security advisories
• Package Vulnerabilities: OSV (Open Source Vulnerabilities)
• Package Metadata: PyPI (Python Package Index)
• VEX Data: Vendor VEX statements and product security advisories

🤝 Security Use Cases

This MCP server is designed for security engineers, developers, and teams who need:

• Vulnerability Research & Intelligence: Quick CVE lookups with comprehensive details, CVSS and EPSS scoring for accurate risk assessment, advanced vulnerability search across multiple databases, exploit availability and threat intelligence gathering, timeline analysis for understanding vulnerability lifecycle.
• Risk Assessment & Prioritization: EPSS-based exploitation probability scoring, CVSS vector calculation and validation, VEX status checking for product-specific impact, multi-factor risk analysis combining multiple data sources.
• Dependency Management: Python package security auditing, version-specific vulnerability checking, supply chain security assessment, open source component risk evaluation.
• Security Operations & Incident Response: Rapid vulnerability triage and classification, exploit availability assessment for threat modeling, security advisory research and correlation, timeline-based patch management planning.

🔄 Extending the Server

The modular architecture makes it easy to add new security tools:

1. Create a new module in mcp_simple_tool/tools/
2. Export the function in tools/__init__.py
3. Register the tool in server.py
4. Add tests in tests/ See README_MODULAR.md for detailed extension guide.

📄 License

MIT License - see LICENSE file for details.