mcp-cve-intelligence-server-lite-test/README.md

Lite Model Context Protocol server for comprehensive CVE intelligence gathering with multi-source exploit discovery, designed for security professionals and cybersecurity researchers - Alpha Release

# MCP CVE Intelligence Server Lite

A streamlined **Model Context Protocol (MCP) Server** for cybersecurity intelligence, providing unified access to vulnerability data from multiple authoritative sources including NVD, MITRE, and GitHub Security Advisories. This **Lite version** focuses on core CVE intelligence capabilities with essential features for security professionals.

[![MIT License](https://img.shields.io/badge/license-MIT-blue.svg)](LICENSE)
[![Node.js](https://img.shields.io/badge/node-%3E%3D20.0.0-brightgreen)](https://nodejs.org/)
[![TypeScript](https://img.shields.io/badge/typescript-5.8%2B-blue)](https://www.typescriptlang.org/)
[![NPM Package](https://img.shields.io/npm/v/mcp-cve-intelligence-server-lite?color=red&logo=npm)](https://www.npmjs.com/package/mcp-cve-intelligence-server-lite)
[![Downloads](https://img.shields.io/npm/dt/mcp-cve-intelligence-server-lite?color=orange&logo=npm)](https://www.npmjs.com/package/mcp-cve-intelligence-server-lite)
[![Docker](https://img.shields.io/badge/docker-available-blue?logo=docker)](https://github.com/gnlds/mcp-cve-intelligence-server-lite/pkgs/container/mcp-cve-intelligence-server-lite)
[![GitHub Stars](https://img.shields.io/github/stars/gnlds/mcp-cve-intelligence-server-lite?style=social)](https://github.com/gnlds/mcp-cve-intelligence-server-lite/stargazers)
[![Code Quality](https://img.shields.io/badge/code%20quality-TypeScript-blue?logo=typescript)](https://github.com/gnlds/mcp-cve-intelligence-server-lite)
[![Security](https://img.shields.io/badge/security-hardened-green?logo=security)](https://github.com/gnlds/mcp-cve-intelligence-server-lite)
[![ESLint](https://img.shields.io/badge/code%20style-ESLint-purple?logo=eslint)](https://eslint.org/)
[![Maintained](https://img.shields.io/badge/maintained-yes-green?logo=github)](https://github.com/gnlds/mcp-cve-intelligence-server-lite/pulse)

## 🚀 Overview

The MCP CVE Intelligence Server Lite is a streamlined **Model Context Protocol (MCP) Server** designed for security professionals, penetration testers, and cybersecurity researchers who need essential vulnerability intelligence integrated into their AI workflows. This **Lite edition** focuses on core features, aggregating data from multiple authoritative sources and delivering actionable security insights through standardized protocols.

> **Status**: Lite edition with core CVE intelligence features and streamlined functionality.

### Key Features (Lite Edition)

- **🔍 Multi-Source CVE Intelligence**: Unified access to NVD, MITRE CVE Records, and GitHub Security Advisories
- **🎯 Essential Exploit Discovery**: Pattern-based detection from Exploit-DB, GitHub PoCs, Metasploit, and PacketStorm
- **🧮 EPSS Risk Scoring**: Environmental context-aware vulnerability prioritization with exploit prediction
- **📊 Complete CVSS Support**: Full v4/v3/v2 metric analysis with intelligent severity assessment
- **🔧 CPE-Based Discovery**: Product-specific vulnerability identification using standardized identifiers
- **📈 Trending Analysis**: Real-time vulnerability trending based on severity, exploits, and activity
- **📋 Professional Reports**: Generate security reports in multiple formats (Markdown, JSON, summary)
- **⚡ Performance Optimized**: Intelligent caching, retry logic, and streamlined processing
- **🛡️ Security-First**: Type-safe implementation with comprehensive input validation and sanitization
- **🚦 Rate Limiting**: Intelligent request throttling with source-specific limits
- **📊 Health Monitoring**: Real-time source availability and performance tracking

## 🛠️ Installation

### Prerequisites

- **Node.js**: 20.0.0 or higher
- **npm**: Comes with Node.js

### Quick Start

```bash
# Clone the repository
git clone https://github.com/gnlds/mcp-cve-intelligence-server-lite.git
cd mcp-cve-intelligence-server-lite

# Install dependencies
npm install

# Build the project
npm run build

# Start the server
npm start
```

### Docker Deployment

```bash
# Using the provided Docker setup
chmod +x docker-run.sh
./docker-run.sh up

# Server will be available at http://localhost:13001
# Health check: http://localhost:13001/health
```

> 📋 **For advanced Docker configuration, customization, and deployment options, see [docs/DOCKER.md](docs/DOCKER.md)**

## 📖 Usage

### MCP Tools Available (Lite Edition)

The server provides **7 essential tools** for comprehensive CVE intelligence and security analysis:

#### 1. `searchCves` - Advanced CVE Search & Discovery

Search for vulnerabilities using flexible criteria with intelligent filtering:

```json
{
  "keyword": "apache log4j",
  "severity": "CRITICAL", 
  "hasExploit": true,
  "dateStart": "2021-01-01",
  "dateEnd": "2024-12-31",
  "limit": 50,
  "source": "nvd"
}
```

**Advanced Examples:**

```json
// Search for recent RCE vulnerabilities
{
  "keyword": "remote code execution",
  "severity": "HIGH,CRITICAL",
  "dateStart": "2024-01-01",
  "hasExploit": true,
  "limit": 100
}

// Find Windows privilege escalation issues
{
  "keyword": "windows privilege escalation",
  "severity": "MEDIUM,HIGH,CRITICAL",
  "limit": 25
}
```

#### 2. `getCveDetails` - Comprehensive CVE Intelligence

Retrieve detailed vulnerability information with exploit analysis:

```json
{
  "cveId": "CVE-2021-44228",
  "includeExploits": true,
  "includeReferences": true
}
```

**Response includes:**

- Complete CVSS v4/v3/v2 metrics and scoring
- CWE classifications and weakness analysis
- Affected products with CPE identifiers
- Known exploits from multiple sources
- EPSS risk scores and probability
- Vendor advisories and patches

#### 3. `getTrendingCves` - Real-Time Vulnerability Intelligence

Discover currently trending vulnerabilities based on activity and severity:

```json
{
  "limit": 25,
  "timeframe": "7d",
  "minSeverity": "MEDIUM"
}
```

**Trending Analysis:**

- Recently disclosed high-impact vulnerabilities
- CVEs with increasing exploit activity
- Vulnerabilities gaining security community attention
- Active discussions and proof-of-concepts

#### 4. `calculateEpssScores` - Environmental Risk Assessment

Calculate context-aware EPSS scores for vulnerability prioritization:

```json
{
  "cveIds": ["CVE-2021-44228", "CVE-2022-22965", "CVE-2023-23397"],
  "environmentContext": {
    "networkExposure": "internet-facing",
    "assetCriticality": "critical",
    "securityControls": ["waf", "ids", "edr"],
    "patchingCapability": "rapid"
  }
}
```

**Environment Contexts:**

- `networkExposure`: "internal", "dmz", "internet-facing"
- `assetCriticality`: "low", "medium", "high", "critical"
- `securityControls`: Array of deployed security measures
- `patchingCapability`: "limited", "standard", "rapid"

#### 5. `generateCveReport` - Professional Security Reports

Generate comprehensive vulnerability reports in multiple formats:

```json
{
  "cveIds": ["CVE-2021-44228", "CVE-2022-22965"],
  "format": "markdown",
  "includeExploits": true,
  "includeMetrics": true,
  "includeMitigation": true
}
```

**Report Formats:**

- `markdown`: Professional markdown reports
- `json`: Structured data for automation
- `summary`: Executive summary format

**Report Sections:**

- Executive summary with risk assessment
- Detailed vulnerability analysis
- Exploit availability and complexity
- Recommended mitigation strategies
- CVSS metrics and environmental scoring

#### 6. `searchByCpe` - Product-Specific Vulnerability Discovery

Find vulnerabilities affecting specific products using CPE identifiers:

```json
{
  "cpe": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*",
  "severity": "HIGH,CRITICAL",
  "hasExploit": true,
  "limit": 50
}
```

**CPE Examples:**

```json
// Search for all Apache products
{
  "cpe": "cpe:2.3:a:apache:*:*:*:*:*:*:*:*:*",
  "severity": "CRITICAL"
}

// Windows Server vulnerabilities
{
  "cpe": "cpe:2.3:o:microsoft:windows_server:*:*:*:*:*:*:*:*",
  "hasExploit": true
}

// Specific version targeting
{
  "cpe": "cpe:2.3:a:apache:log4j:2.14.1:*:*:*:*:*:*:*",
  "includeExploits": true
}
```

#### 7. `getSourceHealth` - Data Source Monitoring

Monitor the health and availability of CVE data sources:

```json
{
  "includeMetrics": true,
  "includeLastUpdated": true
}
```

**Health Metrics:**

- Source availability status
- Response times and performance
- Last successful data update
- API rate limit status
- Error rates and reliability

### Command Line Interface

The server includes a comprehensive CLI for production deployment and testing:

#### Quick Start Commands

```bash
# Quick start with HTTP transport
npm start -- quick-start --port 3001

# Start with stdio transport (default MCP)
npm start -- --transport stdio

# Start with custom configuration
npm start -- --transport http --port 3001 --log-level debug
```

#### Configuration Management

```bash
# Show current configuration and environment
npm start -- config
```

#### Health Monitoring & Testing

```bash
# Basic health check via HTTP endpoint
curl http://localhost:3001/health

# Test via MCP tools
curl -X POST http://localhost:3001/mcp \
  -H "Content-Type: application/json" \
  -d '{"method": "tools/call", "params": {"name": "getSourceHealth", "arguments": {}}}'
```

#### Docker Integration

```bash
# Generate Docker commands and deployment info
npm start -- docker --port 3001
```

#### Advanced Options

```bash
# Custom transport and networking
npm start -- --transport http --port 3001 --host 0.0.0.0

# Set log level for debugging
npm start -- --transport http --log-level debug

# Help and available commands
npm start -- --help
```

### Practical Usage Examples

#### Scenario 1: Security Assessment Workflow

```bash
# 1. Start the server for assessment
npm start -- quick-start --port 3001

# 2. Check source health
curl -X POST http://localhost:3001/mcp \
  -H "Content-Type: application/json" \
  -d '{"method": "tools/call", "params": {"name": "getSourceHealth", "arguments": {}}}'

# 3. Search for critical vulnerabilities in your stack
curl -X POST http://localhost:3001/mcp \
  -H "Content-Type: application/json" \
  -d '{"method": "tools/call", "params": {"name": "searchByCpe", "arguments": {"cpe": "cpe:2.3:a:apache:*:*:*:*:*:*:*:*:*", "severity": "CRITICAL"}}}'

# 4. Generate assessment report
curl -X POST http://localhost:3001/mcp \
  -H "Content-Type: application/json" \
  -d '{"method": "tools/call", "params": {"name": "generateCveReport", "arguments": {"cveIds": ["CVE-2021-44228"], "format": "markdown", "includeExploits": true}}}'
```

#### Scenario 2: Threat Intelligence Research

```bash
# 1. Find trending vulnerabilities
npm start -- --transport http --port 3001

# 2. Research specific CVE with exploits
curl -X POST http://localhost:3001/mcp \
  -H "Content-Type: application/json" \
  -d '{"method": "tools/call", "params": {"name": "getCveDetails", "arguments": {"cveId": "CVE-2024-12345", "includeExploits": true}}}'

# 3. Calculate environmental risk
curl -X POST http://localhost:3001/mcp \
  -H "Content-Type: application/json" \
  -d '{"method": "tools/call", "params": {"name": "calculateEpssScores", "arguments": {"cveIds": ["CVE-2024-12345"], "environmentContext": {"networkExposure": "internet-facing", "assetCriticality": "critical"}}}}'
```

#### Scenario 3: Penetration Testing Preparation

```bash
# Search for exploitable vulnerabilities in target technology
curl -X POST http://localhost:3001/mcp \
  -H "Content-Type: application/json" \
  -d '{"method": "tools/call", "params": {"name": "searchCves", "arguments": {"keyword": "windows server 2019", "hasExploit": true, "severity": "HIGH,CRITICAL", "limit": 50}}}'

# Find recent RCE vulnerabilities
curl -X POST http://localhost:3001/mcp \
  -H "Content-Type: application/json" \
  -d '{"method": "tools/call", "params": {"name": "searchCves", "arguments": {"keyword": "remote code execution", "dateStart": "2024-01-01", "hasExploit": true}}}'
```

### Configuration

Configure the server using environment variables or `.env` file:

#### Basic Configuration

```bash
# Core server settings
export MCP_HTTP_PORT="3001"
export MCP_TRANSPORT="http"  # or "stdio"
export LOG_LEVEL="info"      # debug, info, warn, error
export NODE_ENV="production" # development, production, test
```

#### API Authentication (Enhanced Functionality)

```bash
# NVD API (NIST) - Higher rate limits
export NVD_API_KEY="your-nvd-api-key"

# GitHub API - Higher rate limits for security advisories
export GITHUB_TOKEN="your-github-personal-access-token"

# MITRE CVE Program - Requires CVE Program membership
export MITRE_API_KEY="your-mitre-api-key"
export MITRE_API_ORG="your-organization-name"
export MITRE_API_USER="your-username"
```

> **Security Note**: API keys and tokens are only accepted via environment variables for security reasons. They cannot be provided via CLI arguments.

#### Advanced Configuration

```bash
# Rate limiting and performance
export CVE_CACHE_TTL="1800"          # Cache TTL in seconds
export CVE_CACHE_MAX_SIZE="1000"     # Maximum cache entries
export CVE_REQUEST_TIMEOUT="30000"   # Request timeout in ms
export CVE_RETRY_ATTEMPTS="3"        # Retry attempts for failed requests

# Security settings
export CVE_CORS_ORIGIN="*"           # CORS allowed origins
export CVE_API_KEY_REQUIRED="false"  # Require API key for access
export CVE_RATE_LIMIT="100"          # Requests per window
export CVE_RATE_WINDOW="3600"        # Rate limit window in seconds

# Logging and monitoring
export LOG_FILE_PATH="/app/logs"     # Log file directory
export LOG_MAX_FILES="30"            # Maximum log files to keep
export LOG_MAX_SIZE="100mb"          # Maximum log file size
export METRICS_ENABLED="true"        # Enable performance metrics
```

#### Environment File Example

Create a `.env` file in your project root:

```env
# .env file for MCP CVE Intelligence Server Lite
NODE_ENV=development
MCP_HTTP_PORT=3001
LOG_LEVEL=debug

# API Keys (optional but recommended)
NVD_API_KEY=your-nvd-api-key-here
GITHUB_TOKEN=ghp_your-github-token-here

# Performance tuning
CVE_CACHE_TTL=3600
CVE_REQUEST_TIMEOUT=30000
CVE_RETRY_ATTEMPTS=3

# Security
CVE_CORS_ORIGIN=http://localhost:3000,https://yourdomain.com
CVE_RATE_LIMIT=200
CVE_RATE_WINDOW=3600
```

#### Docker Environment Configuration

```yaml
# docker-compose.yml environment section
environment:
  - NODE_ENV=production
  - MCP_HTTP_PORT=3001
  - LOG_LEVEL=info
  - NVD_API_KEY=${NVD_API_KEY}
  - GITHUB_TOKEN=${GITHUB_TOKEN}
  - CVE_CACHE_TTL=1800
  - CVE_RATE_LIMIT=100
```

### Authentication Details

| Source | Authentication | Required For | Setup |
|--------|---------------|--------------|-------|
| **NVD** | Optional API key | Higher rate limits | `NVD_API_KEY` |
| **GitHub** | Optional token | Higher rate limits | `GITHUB_TOKEN` |
| **MITRE** | CVE Program membership | Search functionality | `MITRE_API_KEY`, `MITRE_API_ORG`, `MITRE_API_USER` |

> **Note**: MITRE search requires CVE Program membership with Secretariat role. Individual CVE lookups work without authentication.
> 📋 **For Docker-specific configuration and deployment options, see [docs/DOCKER.md](docs/DOCKER.md)**

## 🏗️ Architecture (Lite Edition)

### Core Components

- **CVE Service**: Central intelligence engine for vulnerability analysis
- **Source Manager**: Manages multiple CVE data sources with failover
- **Transport Manager**: Handles both STDIO and HTTP transport protocols
- **Health Service**: Monitors data source availability and performance
- **Exploit Intelligence**: Pattern-based exploit discovery and classification

### Data Sources (Lite Configuration)

| Source | Purpose | Features | Authentication |
|--------|---------|----------|----------------|
| **NVD (NIST)** | Primary CVE database | CVSS metrics, CPE matching, essential search | Optional (API key) |
| **MITRE** | Authoritative CVE records | Official assignments, CWE mappings, CVE JSON 5.1 | CVE Program membership |
| **GitHub Security** | Modern vulnerability advisories | GHSA identifiers, ecosystem-specific data | Optional (token) |

### Exploit Sources (Lite Pattern Detection)

- **Exploit-DB**: Verified exploits with detailed documentation and proof-of-concepts
- **GitHub PoCs**: Cutting-edge research and proof-of-concept repositories
- **Metasploit Framework**: Professional penetration testing modules and exploits
- **PacketStorm Security**: Curated security exploits and security advisories

## 🔧 Development

### Quick Development Setup

```bash
# Clone and setup
git clone https://github.com/gnlds/mcp-cve-intelligence-server-lite.git
cd mcp-cve-intelligence-server-lite
npm install

# Build and run
npm run build
npm start
```

> 📋 **For detailed development workflow, debugging, testing procedures, and contribution guidelines, see [CONTRIBUTING.md](CONTRIBUTING.md)**

## 📊 Performance Features (Lite Edition)

- **Essential Caching**: Smart caching reduces API calls and improves response times
- **Streamlined Processing**: Optimized source queries for faster results
- **Retry Logic**: Exponential backoff with circuit breaker for reliable API communication
- **Request Optimization**: Prevents duplicate API calls within time windows
- **Performance Monitoring**: Built-in timing, metrics collection, and health checks
- **Connection Management**: Efficient HTTP connection handling
- **Rate Limiting**: Source-specific throttling respecting API limits and quotas

## 🔒 Security Considerations

- **Input Validation**: Comprehensive Zod schema validation for all inputs
- **Sanitization**: Multi-layer input sanitization preventing injection attacks
- **Rate Limiting**: Request throttling with client identification and blocking
- **Error Handling**: Secure error messages without sensitive data exposure
- **Type Safety**: Strict TypeScript implementation preventing runtime errors
- **API Key Management**: Secure environment variable handling with validation
- **Transport Security**: HTTPS enforcement and secure headers
- **Session Management**: Secure session handling for HTTP transport

## 🌟 Use Cases (Lite Edition)

### For Security Professionals

- **Vulnerability Assessment**: Essential CVE research and analysis
- **Threat Intelligence**: Real-time vulnerability trending and prioritization
- **Penetration Testing**: Exploit discovery and pattern analysis
- **Compliance Reporting**: Professional vulnerability reports

### For AI/LLM Integration

- **Context-Aware Security**: Provide vulnerability context to AI models
- **Automated Research**: Enable AI-driven security research workflows
- **Intelligent Prioritization**: AI-assisted vulnerability triage
- **Report Generation**: Automated security documentation

## 🤝 Contributing

We welcome contributions! Please see our [Contributing Guide](CONTRIBUTING.md) for details on:

- Setting up the development environment
- Code style guidelines
- Submitting pull requests
- Reporting bugs and feature requests

## � Security

This project follows security best practices:

- **Responsible Disclosure**: See our [Security Policy](.github/SECURITY.md) for reporting vulnerabilities
- **Secure Development**: All releases go through automated security scanning and approval processes
- **Access Control**: Repository access is restricted to verified maintainers
- **Audit Trail**: All production deployments are tracked and require approval

For security concerns, please see our [Security Policy](.github/SECURITY.md).

## �📄 License

This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.

## 🙋‍♂️ Support

- **GitHub Issues**: [Report bugs or request features](https://github.com/gnlds/mcp-cve-intelligence-server/issues)
- **GitHub Discussions**: [Community discussions and questions](https://github.com/gnlds/mcp-cve-intelligence-server/discussions)
- **Documentation**: Check the inline code documentation for API details

## 🏆 Credits

- **NIST NVD**: Primary vulnerability database
- **MITRE Corporation**: CVE numbering authority
- **GitHub Security**: Modern security advisory platform
- **Model Context Protocol**: AI integration framework

---

### Built with ❤️ for the cybersecurity community

**MCP CVE Intelligence Server Lite** - Essential CVE intelligence for security professionals