prompt2cve
Using LLMs and MCP to execute CVEs.
Repository Info
About This Server
Using LLMs and MCP to execute CVEs.
Model Context Protocol (MCP) - This server can be integrated with AI applications to provide additional context and capabilities, enabling enhanced AI interactions and functionality.
Documentation
Prompt 2 CVE
Description
Minimal example of using LLMs and MCP to test CVEs. This example uses the gradio library to create a vulnerable service that is exploitable via LFI (CVE-2024-1561). The goal is to use the tools to scan for open ports and exploit the vulnerability by sending a request to the server for the file at /etc/shadow.
Demo
!cve-mcp.gif
Getting Started
Prerequisites
venv .venv
source .venv/bin/activate
# `.\.venv\Scripts\activate` on Windows
pip install -e .
Setup and run the vulnerable service
docker build -t gradio-lfi-demo:4.12.0 --no-cache .
docker run -it -v ./app.py:/app/app.py -p 7860:7860 gradio-lfi-demo:4.12.0
Start the MCP server
mcp dev src/server.py
Prompt
Scan port `7860` on host at `127.0.0.1`. If is open, use the `service_scan` command to send a request to the server for the file at `/etc/shadow` on that same port.
Resources
- NIST CVE-2024-1561
Quick Start
Clone the repository
git clone https://github.com/christopherwoodall/prompt2cveInstall dependencies
cd prompt2cve
npm installFollow the documentation
Check the repository's README.md file for specific installation and usage instructions.
Repository Details
Recommended MCP Servers
Discord MCP
Enable AI assistants to seamlessly interact with Discord servers, channels, and messages.
Knit MCP
Connect AI agents to 200+ SaaS applications and automate workflows.
Apify MCP Server
Deploy and interact with Apify actors for web scraping and data extraction.
BrowserStack MCP
BrowserStack MCP Server for automated testing across multiple browsers.
Zapier MCP
A Zapier server that provides automation capabilities for various apps.