nist-csf-2-mcp-server
by rocklambros
Overview
A professional cybersecurity assessment backend API for NIST CSF 2.0, providing real-time dashboards and executive reporting capabilities.
Installation
npm run devEnvironment Variables
- AUTH_MODE
- JWT_SECRET
- API_KEY
- JWKS_URI
- CORS_ORIGIN
- DATABASE_PATH
- SERVER_PORT
- SERVER_HOST
Security Notes
The server demonstrates strong input validation using Zod schemas for most parameters, and includes robust security logging and monitoring features. Authentication mechanisms (JWT, API Key) are implemented but disabled by default in development. However, a critical vulnerability exists: the `generate_report` tool allows a user to specify `output_path` without sufficient path traversal validation. This could enable an attacker to write arbitrary files to sensitive locations on the server (e.g., `/etc/passwd`), potentially leading to remote code execution. This makes the application unsafe to run as-is without remediation.
Similar Servers
VibeShift
VibeShift is an intelligent security agent that integrates with AI coding assistants to analyze AI-generated code for vulnerabilities, suggest remediations, and facilitate web test recording, crawling, and execution.
pentestMCP
This MCP server enables AI agents to perform automated and interactive penetration testing tasks by exposing a suite of security assessment utilities as callable tools.
mcp-cybersec-watchdog
A Linux server security auditing and continuous monitoring tool that provides security posture analysis and anomaly detection capabilities, designed to be integrated with AI agents.
mcp-pentest
An AI-driven middleware to orchestrate and manage penetration testing tools and engagements.