nist-csf-2-mcp-server
by rocklambros
Overview
A professional cybersecurity assessment backend API for NIST CSF 2.0, providing real-time dashboards and executive reporting capabilities.
Installation
npm run devEnvironment Variables
- AUTH_MODE
- JWT_SECRET
- API_KEY
- JWKS_URI
- CORS_ORIGIN
- DATABASE_PATH
- SERVER_PORT
- SERVER_HOST
Security Notes
The server demonstrates strong input validation using Zod schemas for most parameters, and includes robust security logging and monitoring features. Authentication mechanisms (JWT, API Key) are implemented but disabled by default in development. However, a critical vulnerability exists: the `generate_report` tool allows a user to specify `output_path` without sufficient path traversal validation. This could enable an attacker to write arbitrary files to sensitive locations on the server (e.g., `/etc/passwd`), potentially leading to remote code execution. This makes the application unsafe to run as-is without remediation.
Similar Servers
VibeShift
VibeShift is an intelligent security agent that integrates with AI coding assistants to analyze AI-generated code for vulnerabilities, suggest remediations, and facilitate web test recording, crawling, and execution.
mcp-pentest
An AI-driven middleware to orchestrate and manage penetration testing tools and engagements.
pentestMCP
Provides an AI-powered interface for ethical penetration testing by exposing a suite of security assessment tools as callable functions for LLM agents.
mcp-contrast
This server acts as an AI agent gateway to Contrast Security platforms, enabling AI models (like GitHub Copilot, Claude Code) to query and interact with application security data (vulnerabilities, libraries, attacks, route coverage) for analysis and remediation guidance.