AI Model Context Protocol (MCP)
Overview
Model Context Protocol (MCP) is an open-source standard developed by Anthropic that enables AI assistants to securely connect to AttackForge with external data sources and tools.
MCP transforms AI from a conversational knowledge base into a practical assistant that can work with your actual AttackForge data and tools to get real work done, fast!
MCP has significant benefits for AttackForge users:
1. More Helpful and Accurate Responses
Access to Current AttackForge Information
Instead of being limited to training data, AI assistants using MCP can pull real-time information from AttackForge - for example access to your latest vulnerabilities and projects. This provides context and answers based on your latest data, not outdated information.
Personalized Assistance
MCP enables AI to access your specific context - your AttackForge vulnerabilities, writeups, assets, projects - making responses tailored to your actual situation rather than generic advice.
2. Greater Productivity
Unified Interface
Instead of switching between different APIs and creating complex scripts, you can interact with your AttackForge through a single conversational interface. Ask questions about your data, retrieve records, check statuses, all in one place.
Automated Workflows
The AI can perform multi-step tasks, like pulling data from AttackForge, analyzing it, and updating a spreadsheet or creating a presentation - all from a simple request.
3. Better Privacy and Control
Data Stays Where It Belongs
With MCP, your sensitive vulnerability data doesn't need to be sent to AI providers for training. The AI accesses your data when needed and only for your specific requests.
Granular Permissions
You control exactly what data and capabilities the AI can access on behalf of any AttackForge user you authorize to use MCP, ensuring appropriate boundaries and compliance with your security requirements.
4. Future-Proof Investment
Vendor Independence
If you build workflows using MCP, you're not locked into a specific AI provider. You can switch AI assistants while keeping all your integrations working.
Growing Ecosystem
As AttackForge continues to build more MCP tools and services, you'll automatically gain access to new capabilities without needing custom development work.
Enabling MCP
Configuring MCP
Remote MCP
Self Registration
Local MCP
User Access to MCP
Access to Tools
MCP Sessions
MCP Clients
Tools
Whoami
Description
This tool can be used to provide details regarding the currently authenticated AttackForge user.
How To Enable
Go to
UsersSelect the user you would like to provide access to this tool
Click on
Access > MCPClick on
Add ToolsSelect the tool
whoamiand clickAdd
Example Prompts
Who is my AttackForge user?What is my AttackForge user id?What is my AttackForge email address?Example Response
{
"id":"5ad737d6e576e6290aff1808",
"email":"[email protected]"
}Count Projects
Description
This tool can be used to count Projects using a provided filter expression.
How To Enable
Go to
UsersSelect the user you would like to provide access to this tool
Click on
Access > MCPClick on
Add ToolsSelect the tool
count_projectsand clickAdd
Example Prompts
How many projects do I have in AttackForge?Supported Query Fields
id: {
description: "This is the project id.",
type: 'string',
pattern: "ObjectId\\(\\'[0-9a-fA-F]{24}\\'\\)",
}
created: {
description: 'The timestamp that this project was created.',
type: 'string',
pattern: '^\\d{4,}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}\\.\\d{3}Z$',
}
modified: {
description: 'The timestamp that this project was last modified.',
type: 'string',
pattern: '^\\d{4,}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}\\.\\d{3}Z$',
}
name: {
type: 'string',
}
code: {
type: 'string',
}
start_date: {
description: 'The timestamp that this project is expected to commence.',
type: 'string',
pattern: '^\\d{4,}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}\\.\\d{3}Z$',
}
end_date: {
description: 'The timestamp that this project is expected to conclude.',
type: 'string',
pattern: '^\\d{4,}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}\\.\\d{3}Z$',
}
status: {
enum: [
'Completed',
'On Hold',
'Overrun',
'Retest',
'Testing',
'Waiting to Start'
]
}
org_code: {
description: 'This is used to capture the Organizational Code that this project belongs',
type: 'string',
}
vuln_code: {
description: 'The Vulnerability Code that is used to generate the alernate id for the project vulnerabilities',
type: 'string',
}
attack_chains_enabled: {
description: 'Indicates if attack chains are enabled on this project',
type: 'boolean'
}
reporting_enabled: {
description: 'Indicates if reporting is enabled on this project',
type: 'boolean'
}
retesting_enabled: {
description: 'Indicates if the retesting workflow is enabled on this project',
type: 'boolean'
}
summary_enabled: {
description: 'Indicates if the summary page is enabled on this project',
type: 'boolean'
}
custom_tags: {
type: 'array',
items: {
type: 'object',
properties: {
name: { type: 'string' },
value: { type: 'string' }
},
required: ['name', 'value'],
additionalProperties: false
}
}
custom_fields: {
type: 'array',
items: {
type: 'object',
properties: {
key: {
type: 'string',
pattern: '^[a-zA-Z]([a-zA-Z0-9_]*[a-zA-Z0-9])?$',
},
value: {
oneOf: [
{
type: 'string',
},
{
type: 'array',
},
]
}
},
required: ['key', 'value'],
additionalProperties: false
}Example Response
{
"count": 15
}Count Vulnerabilities
Description
This tool can be used to count Vulnerabilities using a provided filter expression.
How To Enable
Go to
UsersSelect the user you would like to provide access to this tool
Click on
Access > MCPClick on
Add ToolsSelect the tool
count_vulnerabilitiesand clickAdd
Example Prompts
How many vulnerabilities do I have in AttackForge?Supported Query Fields
id: {
type: 'string',
pattern: "ObjectId\\(\\'[0-9a-fA-F]{24}\\'\\)",
description: "This is the vulnerability id.",
}
created: {
type: 'string',
pattern: '^\\d{4,}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}\\.\\d{3}Z$',
description: 'The timestamp that this vulnerability was created.'
},
modified: {
type: 'string',
pattern: '^\\d{4,}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}\\.\\d{3}Z$',
description: 'The timestamp that this vulnerability was last modified.'
}
title: {
type: 'string',
}
priority: {
enum: [
'Critical',
'High',
'Medium',
'Low',
'Info'
]
}
alternate_id: {
type: 'string',
}
cvssv3_1_score: {
description: 'CVSSv3.1 score',
type: 'number'
}
cvssv3_1_vector: {
description: 'CVSSv3.1 vector string',
type: 'string'
}
status: {
enum: ['Closed', 'Open']
}
status_updated: {
type: 'string',
pattern: '^\\d{4,}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}\\.\\d{3}Z$',
description: 'The status was last updated at this timestamp.'
}
target_remediation_date: {
type: 'string',
pattern: '^\\d{4,}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}\\.\\d{3}Z$',
description: 'The latest timestamp at which the vulnerability is planned to be remediated.'
}
likelihood_of_exploitation: {
type: 'integer',
description: 'Scale of exploitability - 1 is least, 10 is most.'
}
steps_to_reproduce_html: {
type: 'string',
}
release_date: {
type: 'string',
pattern: '^\\d{4,}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}\\.\\d{3}Z$',
description: 'The timestamp when the vulnerability was marked as released.'
}
sla: {
type: 'string',
pattern: '^\\d{4,}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}\\.\\d{3}Z$',
description: 'The timestamp when the vulnerability is expected to be remediated.'
}
tags: {
type: 'array',
items: { type: 'string' }
}
custom_tags: {
type: 'array',
items: {
type: 'object',
properties: {
name: { type: 'string' },
value: { type: 'string' }
},
required: ['name', 'value'],
additionalProperties: false
}
}
custom_fields: {
type: 'array',
items: {
type: 'object',
properties: {
key: {
type: 'string',
pattern: '^[a-zA-Z]([a-zA-Z0-9_]*[a-zA-Z0-9])?$',
},
value: {
oneOf: [
{
type: 'string',
},
{
type: 'array',
},
]
}
},
required: ['key', 'value'],
additionalProperties: false
}
is_retest: {
enum: ['Yes', 'No'],
description: 'Indicates whether this vulnerability has been marked for retest.'
}
is_zero_day: {
enum: ['Yes', 'No'],
description: 'Indicates whether this vulnerability has been categorised as zero day.'
}
writeup_id: {
type: 'string',
pattern: "ObjectId\\(\\'[0-9a-fA-F]{24}\\'\\)",
description: "This is the Writeup id. Example query: { writeup_id: { $eq: ObjectId('65a440c08cade68ca7bc7192') } }"
}Example Response
{
"count": 3232
}Count Writeups
Description
This tool can be used to count Writeups using a provided filter expression.
How To Enable
Go to
UsersSelect the user you would like to provide access to this tool
Click on
Access > MCPClick on
Add ToolsSelect the tool
count_writeupsand clickAdd
Example Prompts
How many writeups do I have in AttackForge?How many writeups are in my main library?Supported Query Fields
id: {
type: 'string',
pattern: "ObjectId\\(\\'[0-9a-fA-F]{24}\\'\\)",
}
created: {
type: 'string',
pattern: '^\\d{4,}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}\\.\\d{3}Z$',
description: 'The timestamp that this vulnerability was created.'
}
modified: {
type: 'string',
pattern: '^\\d{4,}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}\\.\\d{3}Z$',
description: 'The timestamp that this vulnerability was last modified.'
}
attack_scenario: {
type: 'string',
}
description: {
type: 'string',
}
impact_on_availability: {
enum: [
'High',
'Medium',
'Low',
'None',
]
}
impact_on_confidentiality: {
enum: [
'High',
'Medium',
'Low',
'None',
]
}
impact_on_integrity: {
enum: [
'High',
'Medium',
'Low',
'None',
]
}
import_source_id: {
type: 'string'
}
import_source: {
type: 'string'
}
likelihood_of_exploitation: {
description: 'Scale of exploitability, 1 is least and 10 is most',
enum: [1, 2, 3, 4, 5, 6, 7, 8, 9, 10]
}
remediation_recommendation: {
type: 'string'
}
severity: {
description: '1 is least severe and 10 is most severe',
enum: [1, 2, 3, 4, 5, 6, 7, 8, 9, 10]
}
title: {
type: 'string',
}
tags: {
type: 'array',
items: { type: 'string' }
}
custom_tags: {
type: 'array',
items: {
type: 'object',
properties: {
name: { type: 'string' },
value: { type: 'string' }
},
required: ['name', 'value'],
additionalProperties: false
}
}
custom_fields: {
type: 'array',
items: {
type: 'object',
properties: {
key: {
type: 'string',
pattern: '^[a-zA-Z]([a-zA-Z0-9_]*[a-zA-Z0-9])?$',
},
value: {
oneOf: [
{
type: 'string',
},
{
type: 'array',
},
]
}
},
required: ['key', 'value'],
additionalProperties: false
}Example Response
{
"count": 891
}Find Projects
Description
This tool can be used to find Projects using a provided filter expression.
How To Enable
Go to
UsersSelect the user you would like to provide access to this tool
Click on
Access > MCPClick on
Add ToolsSelect the tool
find_projectsand clickAdd
Example Prompts
Which projects are currently in Testing status? Include custom fields in the response.Supported Query Fields
id: {
description: "This is the project id. Match against single id: { id: { $eq: ObjectId('65a440c08cade68ca7bc7192') } }. Match against multiple ids: { id: { $in: [ ObjectId('65a440c08cade68ca7bc7192'), ObjectId('65a440c08cade68ca7bc7192') ] } }",
type: 'string',
pattern: "ObjectId\\(\\'[0-9a-fA-F]{24}\\'\\)",
}
created: {
description: 'The timestamp that this project was created.',
type: 'string',
pattern: '^\\d{4,}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}\\.\\d{3}Z$',
}
modified: {
description: 'The timestamp that this project was last modified.',
type: 'string',
pattern: '^\\d{4,}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}\\.\\d{3}Z$',
}
name: {
type: 'string',
}
code: {
type: 'string',
}
start_date: {
description: 'The timestamp that this project is expected to commence.',
type: 'string',
pattern: '^\\d{4,}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}\\.\\d{3}Z$',
}
end_date: {
description: 'The timestamp that this project is expected to conclude.',
type: 'string',
pattern: '^\\d{4,}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}\\.\\d{3}Z$',
}
status: {
enum: [
'Completed',
'On Hold',
'Overrun',
'Retest',
'Testing',
'Waiting to Start'
]
}
org_code: {
description: 'This is used to capture the Organizational Code that this project belongs',
type: 'string',
}
vuln_code: {
description: 'The Vulnerability Code that is used to generate the alernate id for the project vulnerabilities',
type: 'string',
}
attack_chains_enabled: {
description: 'Indicates if attack chains are enabled on this project',
type: 'boolean'
}
reporting_enabled: {
description: 'Indicates if reporting is enabled on this project',
type: 'boolean'
}
retesting_enabled: {
description: 'Indicates if the retesting workflow is enabled on this project',
type: 'boolean'
}
summary_enabled: {
description: 'Indicates if the summary page is enabled on this project',
type: 'boolean'
}
custom_tags: {
type: 'array',
items: {
type: 'object',
properties: {
name: { type: 'string' },
value: { type: 'string' }
},
required: ['name', 'value'],
additionalProperties: false
}
}
custom_fields: {
type: 'array',
items: {
type: 'object',
properties: {
key: {
type: 'string',
pattern: '^[a-zA-Z]([a-zA-Z0-9_]*[a-zA-Z0-9])?$',
},
value: {
oneOf: [
{
type: 'string',
},
{
type: 'array',
},
]
}
},
required: ['key', 'value'],
additionalProperties: false
}Example Response
{
"data":
[
{
"id": "685500711d6a44e61f90db4e",
"created": "2025-06-20T06:32:17.811Z",
"modified": "2025-09-26T22:45:11.191Z",
"name": "HackerOne Bug Bounty",
"code": "H1-BB",
"start_date": "2025-05-31T14:00:00.000Z",
"end_date": "2025-07-31T13:59:59.000Z",
"status": "Testing",
"vuln_code": "H1",
"attack_chains_enabled": true,
"reporting_enabled": true,
"retesting_enabled": true,
"summary_enabled": true,
"custom_tags":
[],
"custom_fields":
[
{
"key": "testing_types",
"value":
[
"Bug Bounty"
],
"label": "Testing Type(s)"
},
{
"key": "substatus",
"value": "Continuous Testing",
"label": "Sub-Status"
},
{
"key": "project_budget",
"value": "Under $10,000",
"label": "Project Budget"
},
{
"key": "jira_project_key",
"value": "ATTAKFORGE",
"label": "JIRA Project Key"
},
{
"key": "slack_channel",
"value": "C08CC3EMXGE",
"label": "Slack Channel"
}
]
}
],
"count": 1,
"total": 1
}Find Vulnerabilities
Description
This tool can be used to find Vulnerabilities using a provided filter expression.
How To Enable
Go to
UsersSelect the user you would like to provide access to this tool
Click on
Access > MCPClick on
Add ToolsSelect the tool
find_vulnerabilitiesand clickAdd
Example Prompts
Which vulnerabilities are currently in Retest status? Include custom fields in the response.Supported Query Fields
id: {
type: 'string',
pattern: "ObjectId\\(\\'[0-9a-fA-F]{24}\\'\\)",
description: "This is the vulnerability id. Match against single id: { id: { $eq: ObjectId('65a440c08cade68ca7bc7192') } }. Match against multiple ids: { id: { $in: [ ObjectId('65a440c08cade68ca7bc7192'), ObjectId('65a440c08cade68ca7bc7192') ] } }",
}
created: {
type: 'string',
pattern: '^\\d{4,}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}\\.\\d{3}Z$',
description: 'The timestamp that this vulnerability was created.'
},
modified: {
type: 'string',
pattern: '^\\d{4,}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}\\.\\d{3}Z$',
description: 'The timestamp that this vulnerability was last modified.'
}
title: {
type: 'string',
}
priority: {
enum: [
'Critical',
'High',
'Medium',
'Low',
'Info'
]
}
alternate_id: {
type: 'string',
}
cvssv3_1_score: {
description: 'CVSSv3.1 score',
type: 'number'
}
cvssv3_1_vector: {
description: 'CVSSv3.1 vector string',
type: 'string'
}
status: {
enum: ['Closed', 'Open']
}
status_updated: {
type: 'string',
pattern: '^\\d{4,}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}\\.\\d{3}Z$',
description: 'The status was last updated at this timestamp.'
}
target_remediation_date: {
type: 'string',
pattern: '^\\d{4,}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}\\.\\d{3}Z$',
description: 'The latest timestamp at which the vulnerability is planned to be remediated.'
}
likelihood_of_exploitation: {
type: 'integer',
description: 'Scale of exploitability - 1 is least, 10 is most.'
}
steps_to_reproduce: {
type: 'string',
}
release_date: {
type: 'string',
pattern: '^\\d{4,}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}\\.\\d{3}Z$',
description: 'The timestamp when the vulnerability was marked as released.'
}
sla: {
type: 'string',
pattern: '^\\d{4,}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}\\.\\d{3}Z$',
description: 'The timestamp when the vulnerability is expected to be remediated.'
}
tags: {
type: 'array',
items: { type: 'string' }
}
custom_tags: {
type: 'array',
items: {
type: 'object',
properties: {
name: { type: 'string' },
value: { type: 'string' }
},
required: ['name', 'value'],
additionalProperties: false
}
}
custom_fields: {
type: 'array',
items: {
type: 'object',
properties: {
key: {
type: 'string',
pattern: '^[a-zA-Z]([a-zA-Z0-9_]*[a-zA-Z0-9])?$',
},
value: {
oneOf: [
{
type: 'string',
},
{
type: 'array',
},
]
}
},
required: ['key', 'value'],
additionalProperties: false
}
is_retest: {
enum: ['Yes', 'No'],
description: 'Indicates whether this vulnerability has been marked for retest.'
}
is_zero_day: {
enum: ['Yes', 'No'],
description: 'Indicates whether this vulnerability has been categorised as zero day.'
}
writeup_id: {
type: 'string',
pattern: "ObjectId\\(\\'[0-9a-fA-F]{24}\\'\\)",
description: "This is the Writeup id. Example query: { writeup_id: { $eq: ObjectId('65a440c08cade68ca7bc7192') } }"
}Example Response
{
"data":
[
{
"id": "656168055d7035a12ade4cb3",
"created": "2023-11-25T03:20:37.342Z",
"modified": "2025-05-21T08:54:09.414Z",
"title": "Hosts Respond with Hashes/Challenge-Responses to Spoofed Hostnames",
"priority": "High",
"project_ids":
[
"656158c0965172000f9119e8"
],
"writeup_id": "5b9d9c9296d7402e00f42f8a",
"affected_assets":
[
"682d94b146e588dd33696a46"
],
"status": "Open",
"status_updated": "2023-11-25T03:20:37.342Z",
"target_remediation_date": "2025-05-26T14:00:00.000Z",
"likelihood_of_exploitation": 9,
"steps_to_reproduce": "<p>Run the tool Responder on an active broadcast domain:</p><p>{{{start-responder.png}}}</p><p>User attempts to search for a share that doesn't exist:</p><p>{{{user-mistypes-share.png}}}</p><p>View the LLMNR request in Responder:</p><p>{{{request-in-responder.png}}}</p><p>Get the user’s hashed credentials:</p><p>{{{user-hash.png}}}</p><p>Crack the hash using a tool such as Hashcat:</p><p>{{{cracked-hash.png}}}</p>",
"release_date": "2023-11-25T03:20:37.362Z",
"sla": "2025-06-19T14:00:00.000Z",
"tags":
[
"CWE-350: Reliance on Reverse DNS Resolution for a Security-Critical Action",
"CWE-290: Authentication Bypass by Spoofing",
"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"CVSSv3.1 Base Score: 8.1"
],
"cvssv3_1_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"cvssv3_1_score": 8.1,
"custom_tags":
[],
"custom_fields":
[
{
"key": "attack_narrative",
"value": "<p>For this assessment, attackers were placed on the 10.0.9.0/24 network segment. </p><p>This attack was executed from host 10.0.9.18.</p>",
"label": "Attack Narrative"
},
{
"key": "critical_steps",
"value":
[
{
"step": "1",
"details": "Ensure network access is established. Use 'ip a' or 'ifconfig' to confirm."
}
],
"label": "Critical Steps"
},
{
"key": "technical_impact",
"value": "<p>Receive the hash or challenge-response and username of the person using the host, then subject the hashes to an offline password cracking/recovery attack.</p>",
"label": "Technical Impact"
},
{
"key": "persons_targeted",
"value":
[],
"label": "Persons Targeted"
},
{
"key": "cve",
"value": "CVE-2025-26943",
"label": "CVE"
}
],
"is_retest": "No",
"is_zero_day": "No"
}
],
"count": 50,
"total": 332
}Find Affected Assets
Description
This tool can be used to find Affected Assets on Vulnerabilities using a provided filter expression.
How To Enable
Go to
UsersSelect the user you would like to provide access to this tool
Click on
Access > MCPClick on
Add ToolsSelect the tool
find_affected_assetsand clickAdd
Example Prompts
How many affected assets do I have? Include custom fields in the response.Supported Query Fields
ids: {
description: 'Find AttackForge affected assets by id.',
type: 'array',
items: {
type: 'string',
pattern: '^[0-9a-fA-F]{24}$'
}
}Example Response
{
"data":
[
{
"id": "64e17a99009140000f4acf70",
"name": "192.168.0.1",
"components":
[
{
"name": "192.168.0.1",
"notes":
[
"\nThe following is a list of SSL anonymous ciphers supported by the remote server :\n\n Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)\n\n ADH-DES-CBC3-SHA Kx=DH Au=None Enc=3DES-CBC(168) Mac=SHA1 \n AECDH-DES-CBC3-SHA Kx=ECDH Au=None Enc=3DES-CBC(168) Mac=SHA1 \n\n High Strength Ciphers (>= 112-bit key)\n\n DH-AES128-SHA256 Kx=DH Au=None Enc=AES-GCM(128) Mac=SHA256 \n DH-AES256-SHA384 Kx=DH Au=None Enc=AES-GCM(256) Mac=SHA384 \n ADH-AES128-SHA Kx=DH Au=None Enc=AES-CBC(128) Mac=SHA1 \n ADH-AES256-SHA Kx=DH Au=None Enc=AES-CBC(256) Mac=SHA1 \n ADH-CAMELLIA128-SHA Kx=DH Au=None Enc=Camellia-CBC(128) Mac=SHA1 \n ADH-CAMELLIA256-SHA Kx=DH Au=None Enc=Camellia-CBC(256) Mac=SHA1 \n AECDH-AES128-SHA Kx=ECDH Au=None Enc=AES-CBC(128) Mac=SHA1 \n AECDH-AES256-SHA Kx=ECDH Au=None Enc=AES-CBC(256) Mac=SHA1 \n DH-AES128-SHA256 Kx=DH Au=None Enc=AES-CBC(128) Mac=SHA256 \n DH-AES256-SHA256 Kx=DH Au=None Enc=AES-CBC(256) Mac=SHA256 \n\nThe fields above are :\n\n {OpenSSL ciphername}\n Kx={key exchange}\n Au={authentication}\n Enc={symmetric encryption method}\n Mac={message authentication code}\n {export flag}\n",
"http://www.nessus.org/u?3a040ada"
],
"tags":
[
"port:21",
"pluginID:31705",
"pluginFamily:Service detection",
"svc_name:ftp",
"protocol:tcp",
"severity:1",
"cve:CVE-2007-1858",
"cvss3_base_score:5.9",
"cvss3_temporal_score:5.2",
"cvss3_temporal_vector:CVSS:3.0/E:U/RL:O/RC:C",
"cvss3_vector:CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"cvss_base_score:2.6",
"cvss_temporal_score:1.9",
"cvss_temporal_vector:CVSS2#E:U/RL:OF/RC:C",
"cvss_vector:CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N",
"exploit_available:false",
"exploitability_ease:No known exploits are available",
"plugin_modification_date:2018/08/03",
"plugin_publication_date:2008/03/28",
"plugin_type:remote"
]
}
],
"notes":
[],
"tags":
[],
"actioned": false,
"asset_type": "Infrastructure",
"external_asset_id": "CMDB-123",
"details": "This asset is the main router for the head office",
"custom_fields":
[
{
"key": "af_sys_hostnames",
"value":
[],
"label": "Hostnames"
},
{
"key": "internet_facing",
"value": "Yes",
"label": "Internet Facing"
},
{
"key": "subnets",
"value":
[
"192.168.0.0/24",
"192.168.0.1/24"
],
"label": "Subnets"
},
{
"key": "af_sys_ports",
"value":
[],
"label": "Ports"
}
],
"vulnerability_id": "64e17a99009140000f4acf6e"
}
],
"count": 1,
"total": 1
}Find Writeups
Description
This tool can be used to find Writeups using a provided filter expression.
How To Enable
Go to
UsersSelect the user you would like to provide access to this tool
Click on
Access > MCPClick on
Add ToolsSelect the tool
find_writeupsand clickAdd
Example Prompts
Show me my Writeups in the 'Main' library. Include custom fields in the response.Supported Query Fields
id: {
type: 'string',
pattern: "ObjectId\\(\\'[0-9a-fA-F]{24}\\'\\)",
}
created: {
type: 'string',
pattern: '^\\d{4,}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}\\.\\d{3}Z$',
description: 'The timestamp that this vulnerability was created.'
}
modified: {
type: 'string',
pattern: '^\\d{4,}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}\\.\\d{3}Z$',
description: 'The timestamp that this vulnerability was last modified.'
}
attack_scenario: {
type: 'string',
}
description: {
type: 'string',
}
impact_on_availability: {
enum: [
'High',
'Medium',
'Low',
'None',
]
}
impact_on_confidentiality: {
enum: [
'High',
'Medium',
'Low',
'None',
]
}
impact_on_integrity: {
enum: [
'High',
'Medium',
'Low',
'None',
]
}
import_source_id: {
type: 'string'
}
import_source: {
type: 'string'
}
likelihood_of_exploitation: {
description: 'Scale of exploitability, 1 is least and 10 is most',
enum: [1, 2, 3, 4, 5, 6, 7, 8, 9, 10]
}
remediation_recommendation: {
type: 'string'
}
severity: {
description: '1 is least severe and 10 is most severe',
enum: [1, 2, 3, 4, 5, 6, 7, 8, 9, 10]
}
title: {
type: 'string',
}
tags: {
type: 'array',
items: { type: 'string' }
}
custom_tags: {
type: 'array',
items: {
type: 'object',
properties: {
name: { type: 'string' },
value: { type: 'string' }
},
required: ['name', 'value'],
additionalProperties: false
}
}
custom_fields: {
type: 'array',
items: {
type: 'object',
properties: {
key: {
type: 'string',
pattern: '^[a-zA-Z]([a-zA-Z0-9_]*[a-zA-Z0-9])?$',
},
value: {
oneOf: [
{
type: 'string',
},
{
type: 'array',
},
]
}
},
required: ['key', 'value'],
additionalProperties: false
}Example Response
{
"data":
[
{
"id": "5ad737feccb39f330a8ef316",
"created": "2018-04-18T12:20:14.784Z",
"modified": "2025-06-23T19:43:59.724Z",
"attack_scenario": "<p>XSS injection attack is a well-documented attack with a number of automated tools available to facilitate discovery, exploitation and post-exploitation control processes. XSS can cause a variety of problems for the end user that range in severity from an annoyance to complete account compromise. Some XSS vulnerabilities can be exploited to manipulate or steal cookies, create requests that can be mistaken for those of a valid user, compromise confidential information, or execute malicious code on the end user systems for a variety of nefarious purposes. Other damaging attacks include the disclosure of end user files, installation of Trojan horse programs, redirecting the user to some other page or site, running 'Active X' controls (under Microsoft Internet Explorer) from sites that a user perceives as trustworthy, and modifying presentation of content. An attack against the larger user base of the application may result in successful compromise of users computers and potential infection with malware that would effectively allow further compromise of users data.</p><p>{{{xss.png}}}</p><p></p>",
"description": "<h2>Cross Site Scripting</h2><p>Cross-site scripting (XSS) vulnerability occurs when data submitted to the application is not properly handled before being embedded within the applications response or stored for later retrieval.</p><h2>Reflected cross-site scripting</h2><p>Reflected cross-site scripting (XSS) occurs when a server receives data directly from a HTTP request and returns (or reflects) it back in the HTTP response. In a typical XSS attack scenario, exploitation takes place when an attacker causes a victim to supply dangerous content to a vulnerable web application, which is then reflected back to the victim and executed by the web browser.</p><p><strong><u>The most common mechanism for delivering malicious content</u></strong> is to include it as a parameter in a URL that is posted publicly or e-mailed directly to the victim. URLs constructed in this manner constitute the core of many phishing schemes, whereby an attacker convinces a victim to visit a URL that refers to a vulnerable site. After the site reflects the attacker's content back to the victim, the content is executed by the victim's browser.</p><p><strong><u>The most common attack</u></strong> performed with XSS involves the disclosure of session or other sensitive information stored in user cookies. Typically, a malicious user will craft a client-side script, which when parsed by a web browser performs some activity (such as sending all site cookies to a given e-mail address). This script will be loaded and run by each user visiting the vulnerable component of the web site. Since the site requesting to run the script has access to the cookies in question, the malicious script does also. For example, an attacker could redirect users to malicious web sites.</p><p>More sophisticated attacks may extend to, for example, an attacker using advanced XSS exploitation tools like the Browser Exploitation Framework (BeEF).</p>",
"impact_on_availability": "None",
"impact_on_confidentiality": "None",
"impact_on_integrity": "None",
"likelihood_of_exploitation": 6,
"remediation_recommendation": "<p>To prevent XSS attacks a multi-layered approach is recommended. </p><ul><li>Input received from the client should be strictly validated on the server side before any further processing takes place. </li><li>The filter should use a White List approach by only accepting Known Good characters. </li><li>Validation should be performed on a per field basis and should endeavour to be as strict as possible. </li><li>Ensure that data is fully normalised and decoded before being compared to the filter. </li><li>All client supplied data should be HMTL encoded at the point where it is displayed to the user. This includes request data such as query string parameters and data retrieved from storage. </li><li>It is recommended that all alphanumeric characters be HTML encoded to avoid XSS. However the following characters must be encoded: double quotes, ampersand, less than sign, and greater than sign</li></ul>",
"severity": 6,
"title": "Reflected Cross Site Scripting",
"tags":
[
"OWASP Top 10",
"CWE Top 25",
"CWE-79: Improper Neutralisation of Input During Web Page Generation ('Cross-site Scripting')",
"CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:P/RL:T/RC:R/CR:M/IR:M/AR:M/MAV:A/MAC:H/MPR:L/MUI:R/MS:C/MC:L/MI:L/MA:H",
"CVSSv3.1 Base Score: 7.6",
"CVSSv3.1 Temporal Score: 6.6",
"CVSSv3.1 Environmental Score: 5.9"
],
"custom_tags":
[],
"custom_fields":
[
{
"key": "af_sys_steps_to_reproduce",
"value": "<ol><li>do this.</li><li>do that.</li></ol><pre class=\"ql-syntax\" spellcheck=\"false\"><script>alert(1)</script>\n</pre><p>Observe arbitrary script is executed in the victim's browser.</p>",
"label": "Templates Steps to Reproduce (POC)"
}
]
}
],
"count": 1,
"total": 1
}Prompt Examples
Last updated