Exploit-DB MCP Server

Integrates the Exploit-DB database with AI assistants to enable searching for exploits, shellcodes, and proof-of-concept code during penetration testing workflows. It allows users to perform keyword searches and direct CVE-to-exploit mappings to retrieve technical security data.

→ johnohhh1/exploitdb-mcp-server · listed on glama

Is this your MCP?

Claim it to get a verified publisher badge, a free copy of our full audit findings, and direct contact for any high-priority issues we find.

Install from

Glama

M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.

// key findings

⚠️

Tool descriptions don’t match what handlers do

2 tools describe read intent but their handlers mutate — search_exploits (line 73: result = subprocess.run(); get_exploit_code (line 164: result = subprocess.run()

✅

No credential exfiltration, no sensitive file access, no obfuscation

Static analysis found nothing flowing your secrets to unexpected places.

// required environment variables

This server reads these from process.env. You'll be asked to provide them before it can run.

configEXPLOITDB_PATH— "": "C:\\Users\\John\\exploitdb-main"

// full audit trail

The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.

// improvement guidance — verified publishers only

We have 8 concrete improvements we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.

// embed badge in your README

[![M8ven Score](https://m8ven.ai/badge/mcp/johnohhh1-exploitdb-mcp-server-v6qnlg)](https://m8ven.ai/mcp/johnohhh1-exploitdb-mcp-server-v6qnlg)

commit: f830ec8f573bfa1960e692b1e47314b7825da0a0

code hash: 5da5ef5cfbf1de6d2aad78ac77840bd83bf4d2dd71b5617ff3cbffb89ef42790

verified: 6/17/2026, 12:22:36 PM

view raw JSON →