exploitdb-mcp-server
Verified Safeby johnohhh1
Overview
Integrates Exploit-DB with AI assistants (e.g., Open-WebUI) to assist with penetration testing workflows by searching for and retrieving exploit information.
Installation
python server.pyEnvironment Variables
- EXPLOITDB_PATH
Security Notes
The server executes external commands via `subprocess.run` (specifically `searchsploit`) with user-provided `keyword` and `edb_id`. While `searchsploit` is a legitimate and common tool for this purpose, direct passing of unsanitized user input to external commands can be a vector for command injection if not handled carefully, or if `searchsploit` itself has vulnerabilities. However, `searchsploit` is designed to process arbitrary search terms. The `README.md` explicitly warns against exposing the server to the internet and emphasizes use for authorized testing only, which mitigates the primary risks. No `eval` or hardcoded secrets were found.
Similar Servers
MCP-Kali-Server
Enabling AI-driven offensive security testing by bridging AI agents to a Kali Linux terminal for command execution.
burp-mcp-agents
Connects Burp Suite MCP Server to AI backends (Codex, Gemini, Ollama, LM Studio) for assisted, non-destructive vulnerability analysis using real Burp traffic.
AgentBoard
Integrates AI agents with browser capabilities, enabling interaction with web pages and external Model Context Protocol (MCP) servers through a suite of specialized tools for tasks like content extraction and web automation.
VibeShift
VibeShift is an intelligent security agent that integrates with AI coding assistants to analyze AI-generated code for vulnerabilities, suggest remediations, and facilitate web test recording, crawling, and execution.