playbooks

home / mcp / mcp exploit-db server

MCP Exploit-DB Server

Provides access to Exploit-DB data via the searchsploit tool through an MCP server.

Installation
Add the following to your MCP client configuration file.

Configuration

View docs
{
  "mcpServers": {
    "cyberroute-mcp_exploitdb": {
      "command": "/ABSOLUTE/PATH/TO/PARENT/FOLDER/venv/bin/python",
      "args": [
        "-m",
        "exploit_db.server"
      ]
    }
  }
}

You can access Exploit-DB data through a dedicated MCP server that runs the searchsploit-backed Exploit-DB interface. This server lets you query exploits, CVEs, and individual exploit content directly from your MCP client, making it easy to build AI-assisted security queries and research workflows.

How to use

Use your MCP client to connect to the exploitdb MCP server. You can search for exploits by keywords, filter results, fetch full exploit content, retrieve the exact local file path for an exploit, and copy exploits to a destination directory. Common actions you can perform include searching by terms, looking up CVEs, retrieving exploit content, and updating the local Exploit-DB database.

How to install

Prerequisites include Python 3.10 or higher and the searchsploit tool from the exploitdb package. Ensure these are installed before starting the MCP server.

Install searchsploit on Debian-based systems (including Kali Linux) or macOS with Homebrew.

# Debian-based (Kali, Ubuntu, etc.)
sudo apt update
sudo apt install exploitdb

# macOS with Homebrew
brew install exploitdb

Start and configure the MCP server

To run the MCP server locally, use the Python runtime inside your virtual environment to start the server module. The configuration below shows how to declare the MCP server in your client configuration.

{
  "mcpServers": {
    "exploitdb": {
     "command": "/ABSOLUTE/PATH/TO/PARENT/FOLDER/venv/bin/python",
     "args": ["-m", "exploit_db.server"]
    }
  }
}

Additional setup notes

If you need environment variables for your runtime, include them in the server configuration as needed by your system. Ensure you use the exact command path your environment requires and that the working directory contains the Exploit-DB integration available to the Exploit-DB Python module.

Usage patterns and practical examples

- Look up Windows local privilege escalation exploits related to a specific driver or component.

- Find CVEs by identifier to see related exploits and PoC content.

- Retrieve and review the full content of a particular exploit by its Exploit-DB ID.

- Mirror a selected exploit file to a local directory for offline analysis.

Available tools

search_exploits

Search for exploits using keywords with multiple filters and options such as case sensitivity, exact match, strict version matching, and URL display.

search_cve

Find exploits by CVE identifier, returning relevant exploit records and metadata.

get_exploit_path

Retrieve the full local filesystem path to a specific Exploit-DB entry by its ID.

get_exploit_content

Fetch and display the complete content of a specific Exploit-DB entry by its ID.

mirror_exploit

Copy a chosen exploit file to a user-specified destination directory for offline review.

update_exploitdb

Update the local Exploit-DB database to ensure you have the latest exploits available for search.