- Home
- MCP servers
- ExploitDB
ExploitDB
- javascript
18
GitHub Stars
javascript
Language
6 months ago
First Indexed
2 months ago
Catalog Refreshed
Documentation & install
Readme and setup notes from the catalogue, plus a client-ready config you can copy for your MCP host.
Installation
Add the following to your MCP client configuration file.
Configuration
View docs{
"mcpServers": {
"cyreslab-ai-exploitdb-mcp-server": {
"command": "node",
"args": [
"/path/to/exploitdb-mcp-server/build/index.js"
],
"env": {
"CSV_URL": "https://gitlab.com/exploit-database/exploitdb/-/raw/main/files_exploits.csv",
"DB_PATH": "./data/exploitdb.sqlite",
"DATA_DIR": "./data",
"MAX_RESULTS": "10",
"REPOSITORY_URL": "https://gitlab.com/exploit-database/exploitdb.git",
"UPDATE_INTERVAL": "24",
"CLONE_REPOSITORY": "false"
}
}
}
}You can query ExploitDB data through a dedicated MCP Server that exposes a set of tools for searching exploits, retrieving details, and analyzing vulnerability data. This MCP Server connects you to the Exploit Database corpus, enabling rapid, AI-assisted research and threat intelligence workflows without leaving your client environment.
How to use
To use this MCP Server with a client that supports the MCP protocol, connect to the provided local or remote endpoint and call the available tools to perform searches, fetch exploit details, or generate insights from the Exploit Database. You can search by keywords, CVEs, platforms, or exploit types, get full exploit records including code where available, look up all exploits tied to a particular CVE, and inspect recent additions or statistics. You can also export results for downstream analysis or integrate these queries into your automated threat intelligence pipeline.
How to install
Prerequisites you need before installing the MCP Server:
- Node.js (v16 or higher) and npm (v7 or higher) are required.
Installation steps
-
Clone or obtain the MCP server package directory and navigate to it.
-
Install dependencies.
npm install
- Build the project.
npm run build
- Create and adjust a configuration file if you need to customize data paths, update intervals, or result limits.
# Example environment configuration
# Create a .env file in the root with appropriate values
CLONE_REPOSITORY=false
REPOSITORY_URL=https://gitlab.com/exploit-database/exploitdb.git
CSV_URL=https://gitlab.com/exploit-database/exploitdb/-/raw/main/files_exploits.csv
DATA_DIR=./data
DB_PATH=./data/exploitdb.sqlite
UPDATE_INTERVAL=24
MAX_RESULTS=10
Starting the MCP Server
Once built and configured, start the MCP Server using the command shown in the MCP configuration example. This starts the local server process that your MCP client will communicate with.
node /path/to/exploitdb-mcp-server/build/index.js
MCP configuration example
Configure your MCP client to connect to the ExploitDB MCP Server using a local stdio setup. The example uses a local command to run the server. If your environment requires a different path, adjust accordingly.
{
"mcpServers": {
"exploitdb_mcp": {
"command": "node",
"args": ["/path/to/exploitdb-mcp-server/build/index.js"]
}
}
}
Configuration options
You can control how the server pulls and stores data using environment variables. The following options are available and have sensible defaults. You can customize them in a .env file or via your hosting environment.
CLONE_REPOSITORY=false
REPOSITORY_URL=https://gitlab.com/exploit-database/exploitdb.git
CSV_URL=https://gitlab.com/exploit-database/exploitdb/-/raw/main/files_exploits.csv
DATA_DIR=./data
DB_PATH=./data/exploitdb.sqlite
UPDATE_INTERVAL=24
MAX_RESULTS=10
Data sources and scope
The server uses data from the Exploit Database, maintained by Offensive Security. It processes a CSV feed and supports automatic updates, ensuring the dataset reflects recent additions and changes.
Notes and troubleshooting
If you encounter issues starting the server, verify that Node.js and npm are installed, the build completed successfully, and the path to the built index file is correct in the startup command. Check that the data directory is writable and that the update task can access the CSV feed to refresh the database.
Available tools
search_exploits
General search with multiple filters to find exploits by keywords, platforms, and other criteria.
get_exploit
Retrieve detailed information about a specific exploit, including associated code if available.
find_by_cve
Find exploits related to a specific CVE identifier.
get_recent_exploits
Return exploits recently added to the database.
get_statistics
Provide insights into overall exploit statistics and distribution.
search_by_platform
Search exploits for a particular platform with optional filters.
search_by_type
Filter exploits by type such as webapps, remote, local, dos, or hardware.
search_by_author
Find exploits authored by a specific author.
search_by_date_range
Find exploits within a specified date range.
search_by_tags
Search exploits by generated tags like sql injection, xss, etc.
get_platform_statistics
Get detailed statistics for a specific platform.
get_trending_exploits
Identify recently added exploits within a configurable window.
compare_exploits
Compare multiple exploits side-by-side.
get_exploit_timeline
Get a chronological timeline of exploits.
batch_get_exploits
Retrieve multiple exploits efficiently (up to 50).
get_related_exploits
Find exploits related by platform, author, CVE, or tags.
validate_exploit_id
Check if an exploit ID exists.
export_search_results
Export search results in JSON or CSV format.