MCP Exploit-DB Server

An MCP (Model Context Protocol) server that provides access to the Exploit-DB database using the searchsploit command-line tool. This allows AI assistants like Claude to search for and retrieve exploit information directly.

Prerequisites

• Python 3.10 or higher
• searchsploit command-line tool (from exploitdb package)

Installing searchsploit

On Kali Linux / Debian-based systems:

sudo apt update
sudo apt install exploitdb

On macOS with Homebrew:

brew install exploitdb

Installation on Claude Code and Desktop

1. Clone or download the repository:

claude mcp add --transport stdio exploitdb -- venv/bin/python exploit_db/server.py

After updating the configuration claude_desktop_config.json, restart Claude Desktop (see sample file in the repo).

{
  "mcpServers": {
    "exploitdb": {
     "command": "/ABSOLUTE/PATH/TO/PARENT/FOLDER/venv/bin/python",
     "args": ["-m", "exploit_db.server"]
    }
  }
}

Available Tools

1. search_exploits

Search for exploits using keywords.

Parameters:

• terms (required): Array of search terms (e.g., ["afd", "windows", "local"])
• case_sensitive (optional): Perform case-sensitive search (default: false)
• exact (optional): Exact match on exploit title (default: false)
• strict (optional): Strict version matching (default: false)
• title_only (optional): Search only in titles, not paths (default: false)
• exclude (optional): Exclude terms from results (use | to separate)
• json_output (optional): Return JSON format (default: false)
• show_urls (optional): Show web URLs instead of local paths (default: false)

Example:

Search for Windows local privilege escalation exploits related to afd.sys

2. search_cve

Search for exploits by CVE identifier.

Parameters:

• cve (required): CVE identifier (e.g., "2021-44228" or "CVE-2021-44228")
• json_output (optional): Return JSON format (default: false)

Example:

Find exploits for CVE-2021-44228

3. get_exploit_path

Get the full local filesystem path to an exploit.

Parameters:

• edb_id (required): Exploit-DB ID (e.g., "39446")

Example:

Get the path for exploit 39446

4. get_exploit_content

Retrieve and display the full content of an exploit.

Parameters:

• edb_id (required): Exploit-DB ID (e.g., "39446")

Example:

Show me the content of exploit 39446

5. mirror_exploit

Copy an exploit file to a specified directory.

Parameters:

• edb_id (required): Exploit-DB ID
• destination (optional): Destination directory (default: current directory)

Example:

Copy exploit 39446 to /tmp

6. update_exploitdb

Update the local Exploit-DB database.

Example:

Update the exploit database

Usage Examples

Once configured, you can ask Claude questions like:

• "Search for Apache Struts 2.0.0 exploits"
• "Find exploits for CVE-2021-44228"
• "Show me Windows kernel privilege escalation exploits"
• "Get the content of exploit 39446"
• "Search for Linux kernel 3.2 exploits excluding PoC and DoS"
• "Find remote code execution exploits for PHP"

Credits

• Exploit-DB: https://www.exploit-db.com/
• searchsploit: Part of the exploitdb package
• MCP Protocol: https://modelcontextprotocol.io/