Exploit Intel MCP Server

Search the Exploit Intelligence Platform for vulnerabilities (CVEs). Returns a list of matching CVEs with CVSS scores, EPSS exploitation probability, exploit counts, CISA KEV status, VulnCheck KEV, InTheWild.io exploitation signals, and ransomware attribution. Supports full-text search, severity/vendor/product/ecosystem/CWE filters, CVSS/EPSS thresholds, plus any_exploited and ransomware filters. When sort is omitted, the API may automatically prefer newest exploitation, exploit, or nuclei-template activity based on the filters you set. Examples: query='apache httpd' with has_exploits=true; vendor='fortinet' with severity='critical' and is_kev=true sorted by epss_desc; any_exploited=true with ransomware=true for ransomware-linked CVEs; cwe='89' with min_cvss=9 for critical SQL injection CVEs.

Get a full intelligence brief for a specific vulnerability. Accepts both CVE-IDs (e.g. CVE-2024-3400) and EIP-IDs (e.g. EIP-2026-12345 for pre-CVE entries). Returns detailed information including CVSS score and vector, EPSS exploitation probability, CISA KEV status, description, affected products, ranked exploits (grouped by Metasploit modules, verified ExploitDB, GitHub PoCs, and trojans), Nuclei scanner templates with recon dorks, alternate identifiers, and references. Exploits are ranked by quality: Metasploit modules first (peer-reviewed), then verified ExploitDB, then GitHub by stars. Trojans are flagged at the bottom.

Retrieve the source code of a specific exploit by its platform ID. IMPORTANT: Use the platform's internal ID shown as [id=XXXXX] in results, NOT the ExploitDB number (EDB-XXXXX). These are different numbering systems. Returns code from the exploit archive. If no file_path is specified, auto-selects the most relevant code file. Use this to analyze exploit mechanics, understand attack techniques, or review PoC code.

Get the full AI analysis for a single exploit by its platform ID. Returns classification (working_poc, trojan, suspicious, scanner, stub, writeup), attack type, complexity, reliability, confidence score, authentication requirements, target software, a summary of what the exploit does, prerequisites, MITRE ATT&CK techniques, deception indicators for trojans, and the standalone backdoor-review verdict with operator-risk notes when available. Use this to check if an exploit is safe before reviewing its code. Example: exploit_id=61514 returns a TROJAN warning with deception indicators.

Get Nuclei scanner templates and recon dorks for a vulnerability. Returns template metadata, severity, verification status, tags, and ready-to-use Shodan, FOFA, and Google dork queries for target identification. Accepts both CVE-IDs and EIP-IDs. Use this to plan scanning or reconnaissance.

Deep-dive investigation of a specific CVE — vulnerability details, exploit analysis, code review, and Nuclei templates

Audit a technology stack for exploitable vulnerabilities, sorted by exploitation probability

Generate a professional pentest report finding for a specific vulnerability

Analyze the threat landscape for a specific vendor or product — KEV, ransomware, and actively exploited vulnerabilities

Safety-first analysis of a specific exploit — AI classification, trojan check, code review, and MITRE ATT&CK mapping