Metadata-Version: 2.4
Name: iflow-mcp_rinadelph_cve-mcp
Version: 1.0.0
Summary: Advanced CVE Intelligence MCP Server
License-File: LICENSE
Requires-Python: >=3.9
Requires-Dist: anyio
Requires-Dist: click
Requires-Dist: httpx
Requires-Dist: mcp
Requires-Dist: starlette
Requires-Dist: uvicorn
Description-Content-Type: text/markdown

# CVE-MCP: Advanced CVE Intelligence MCP Server

**Author:** Luis Alejandro Rincon (rinadelph)  
**License:** AGPL-3.0

An advanced Model Context Protocol (MCP) server providing comprehensive CVE vulnerability intelligence with unique analysis capabilities, trend detection, and risk assessment features.

## Overview

CVE-MCP goes beyond basic CVE search functionality to provide deep vulnerability intelligence, including exploitability assessments, trend analysis, and bulk vulnerability checking. Built on the MCP framework with SSE transport support, it integrates seamlessly with AI assistants while providing advanced security insights.

## Unique Features

- **🔍 Advanced CVE Search**: Multi-criteria search with intelligent caching
- **📊 Trend Analysis**: Analyze CVE patterns and distributions over time
- **⚠️ Exploit Risk Assessment**: Evaluate exploitability with custom risk scoring
- **🚀 Bulk Operations**: Check multiple CVEs simultaneously with summary statistics
- **💾 Smart Caching**: In-memory response caching for improved performance
- **🔐 Enhanced Security Analysis**: Deep vulnerability insights beyond basic CVSS scores
- **📄 Pagination Support**: Handle large result sets efficiently with built-in pagination
- **📊 Detailed Logging**: Comprehensive server-side logging for debugging and monitoring

## Installation

### Prerequisites

- Python 3.9 or higher
- pip package manager
- NVD API Key (recommended for higher rate limits)

### Setup

1. Clone the repository:
```bash
git clone https://github.com/rinadelph/CVE-MCP.git
cd CVE-MCP
```

2. Install dependencies:
```bash
pip install -e .
```

3. Configure your NVD API key (recommended):
```bash
# Set as environment variable
export NVD_API_KEY="your-api-key-here"

# Or create .env file
echo "NVD_API_KEY=your-api-key-here" > .env
```

To obtain an NVD API key:
- Visit https://nvd.nist.gov/developers/request-an-api-key
- Register for a free API key
- API key provides 50 requests/30 seconds (vs 5 without key)

## Usage

### Running as SSE Server (Recommended)

```bash
# Run on default port 8088
python main.py --transport sse

# Run on custom port
python main.py --transport sse --port 8080
```

The server will start on `http://0.0.0.0:8088` (or your specified port) and accept SSE connections.

### Running with STDIO Transport

```bash
python main.py --transport stdio
```

### Running with the installed command

After installation, you can also use:
```bash
# SSE mode
cve-mcp --transport sse --port 8088

# STDIO mode  
cve-mcp --transport stdio
```

### Integration with AI Assistants

For Cursor IDE or other MCP-compatible tools:
1. Update the `cursor-plug.json` file with your NVD API key
2. Add the configuration to your project
3. The MCP server will be automatically available

## Available Tools

### 1. `cve_search` - Advanced CVE Search

Search CVEs with multiple filter options and intelligent result ranking.

**Parameters:**
- `keyword`: Search in CVE descriptions
- `vendor`: Filter by vendor name
- `product`: Filter by product (requires vendor)
- `severity`: Filter by severity (LOW, MEDIUM, HIGH, CRITICAL)
- `last_days`: CVEs from last N days
- `cve_id`: Search specific CVE
- `limit`: Max results to fetch (default: 100)
- `page`: Page number for pagination (default: 1)
- `page_size`: Results per page (default: 10, max: 50)

### 2. `cve_details` - Comprehensive CVE Information

Get detailed vulnerability information including all metrics, weaknesses, and configurations.

**Parameters:**
- `cve_id`: CVE identifier (required)

### 3. `recent_cves` - Recent Vulnerability Monitoring

Track newly published or modified CVEs with severity filtering.

**Parameters:**
- `hours`: Look back period (default: 24)
- `severity`: Filter by severity level

### 4. `cve_by_vendor` - Vendor-Specific Search

Search vulnerabilities by vendor/product/version with CPE matching.

**Parameters:**
- `vendor`: Vendor name (required)
- `product`: Product name (optional)
- `version`: Product version (optional)

### 5. `cve_analyze_trends` - Trend Analysis (Unique)

Analyze CVE patterns and distributions for strategic insights.

**Parameters:**
- `vendor`: Filter by vendor
- `last_days`: Analysis period (default: 30)
- `severity`: Filter by severity

**Returns:**
- Severity distribution
- Yearly distribution
- Statistical summaries

### 6. `cve_exploit_assessment` - Risk Assessment (Unique)

Evaluate CVE exploitability with custom risk scoring algorithm.

**Parameters:**
- `cve_id`: CVE to assess (required)

**Returns:**
- Risk level (LOW/MEDIUM/HIGH/CRITICAL)
- Risk score (0-10)
- Exploit availability
- Attack vector analysis

### 7. `cve_bulk_check` - Bulk Vulnerability Check (Unique)

Check multiple CVEs simultaneously with aggregate statistics.

**Parameters:**
- `cve_ids`: List of CVE IDs (max 10)

**Returns:**
- Individual CVE status
- Aggregate statistics
- Severity distribution

## Example Usage

### Search for Critical Microsoft Vulnerabilities (with pagination)
```json
{
  "tool": "cve_search",
  "parameters": {
    "vendor": "microsoft",
    "severity": "CRITICAL",
    "last_days": 30,
    "page": 1,
    "page_size": 10
  }
}
```

### Get Next Page of Results
```json
{
  "tool": "cve_search",
  "parameters": {
    "vendor": "microsoft",
    "severity": "CRITICAL",
    "last_days": 30,
    "page": 2,
    "page_size": 10
  }
}
```

### Analyze Apache Vulnerability Trends
```json
{
  "tool": "cve_analyze_trends",
  "parameters": {
    "vendor": "apache",
    "last_days": 90
  }
}
```

### Assess Exploit Risk
```json
{
  "tool": "cve_exploit_assessment",
  "parameters": {
    "cve_id": "CVE-2023-12345"
  }
}
```

## Architecture

CVE-MCP is built with:
- **Async/await** for high-performance concurrent operations
- **Smart caching** to reduce API calls and improve response times
- **Modular design** for easy extension and maintenance
- **Comprehensive error handling** with detailed error messages
- **SSE transport** for real-time streaming capabilities

## API Rate Limits

- Without API key: 5 requests per 30 seconds
- With API key: 50 requests per 30 seconds
- Built-in caching helps maximize efficiency within rate limits

## Contributing

Contributions are welcome! Please feel free to submit issues or pull requests.

## Acknowledgments

- National Vulnerability Database (NVD) for providing the CVE data
- MCP framework developers for the excellent protocol implementation
- SSE transport pattern inspired by domain-mcp implementation

## License

This project is licensed under the GNU Affero General Public License v3.0 (AGPL-3.0).

## Contact

Created by Luis Alejandro Rincon (rinadelph)  
GitHub: https://github.com/rinadelph/CVE-MCP

---

*Building secure systems through intelligent vulnerability analysis*