mcp-kev

marklechner/mcp-kev

3.2

If you are the rightful owner of mcp-kev and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to henry@mcphub.com.

The KEV MCP Server is a locally hosted Model Context Protocol server designed for interacting with the CISA Known Exploited Vulnerabilities database, utilizing FastAPI, Python, and the official MCP SDK.

Tools
2
Resources
0
Prompts
0

KEV MCP Server

A locally hosted MCP (Model Context Protocol) server for interacting with the CISA Known Exploited Vulnerabilities (KEV) database, built with FastAPI, Python, and the official MCP SDK.

Features

  • FastMCP Implementation: Uses the official Python MCP SDK with FastMCP for clean, documented patterns
  • Real-time KEV Data: Fetches from CISA's official KEV JSON feed (1,400+ vulnerabilities)
  • Smart Caching: 1-hour cache expiry for optimal performance
  • AI Analysis: Integration with Ollama for vulnerability analysis and security insights
  • Flexible Search: Search by vendor, limit results, get detailed statistics
  • UV Package Management: Modern Python dependency management

Quick Start

Prerequisites

  • Python 3.11+
  • UV for package management
  • Ollama for AI analysis (optional)

Installation

  1. Clone the repository:
git clone <repository-url>
cd kev-mcp
  1. Install dependencies:
cd client
uv sync

Running the Demo

The easiest way to see the KEV MCP server in action:

python demo.py

This will run three demonstrations:

  1. Database Statistics - Overview of KEV data
  2. Vendor Search - Find Microsoft vulnerabilities
  3. AI Analysis - Ollama-powered security analysis

Manual Usage

Basic Commands

Get KEV database statistics:

cd client
uv run python kev_mcp_ai_client.py ../server/fastmcp_kev_server.py stats

Search for vulnerabilities by vendor:

cd client
uv run python kev_mcp_ai_client.py ../server/fastmcp_kev_server.py search Microsoft 5

AI-powered vulnerability analysis:

cd client
uv run python kev_mcp_ai_client.py ../server/fastmcp_kev_server.py ai-search Apple 3

Interactive Mode

For interactive exploration:

cd client
uv run python kev_mcp_ai_client.py ../server/fastmcp_kev_server.py

Available commands in interactive mode:

  • stats - Get database statistics
  • search [vendor] [limit] - Search vulnerabilities
  • ai-search [vendor] [limit] - Search with AI analysis
  • quit - Exit

Repository Structure

kev-mcp/
ā”œā”€ā”€ README.md              # This file
ā”œā”€ā”€ demo.py                # Interactive demonstration script
ā”œā”€ā”€ server/
ā”‚   ā””ā”€ā”€ fastmcp_kev_server.py  # Main MCP server (FastMCP implementation)
ā””ā”€ā”€ client/
    ā”œā”€ā”€ kev_mcp_ai_client.py   # AI-enhanced MCP client
    ā”œā”€ā”€ pyproject.toml         # Dependencies and configuration
    ā””ā”€ā”€ README.md              # Client-specific documentation

Architecture

Server (server/fastmcp_kev_server.py)

  • FastMCP-based: Uses official MCP SDK patterns with decorators
  • Two Tools:
    • get_kev_statistics(): Database overview with ransomware stats and top vendors
    • search_vulnerabilities(vendor, limit): Flexible vulnerability search
  • Global Caching: 1-hour cache for CISA KEV data
  • Type Hints: Automatic schema generation

Client (client/kev_mcp_ai_client.py)

  • MCP Communication: Official stdio transport patterns
  • Ollama Integration: AI vulnerability analysis using local LLM
  • Multiple Modes: Command-line arguments or interactive mode
  • Error Handling: Comprehensive error handling and debugging

Key Use Cases

Security Teams

  • Threat Intelligence: Stay updated on actively exploited vulnerabilities
  • Risk Assessment: Understand which vendors have the most KEV entries
  • Prioritization: Focus on vulnerabilities with known ransomware usage

DevSecOps

  • CI/CD Integration: Query KEV data in automated security pipelines
  • Vendor Risk: Assess third-party component risks
  • Compliance: Track remediation of known exploited vulnerabilities

Security Researchers

  • Trend Analysis: Study patterns in exploited vulnerabilities
  • AI Insights: Get detailed security analysis and mitigation strategies
  • Data Exploration: Interactive investigation of KEV database

Data Source

This server fetches data from the official CISA KEV catalog:

Development

The server follows official MCP documentation patterns exactly:

  • Uses @mcp.tool() decorators for automatic schema generation
  • Implements proper stdio transport for client-server communication
  • Type hints enable automatic parameter validation
  • Global caching with configurable expiry

Requirements

  • FastAPI: High-performance async web framework
  • MCP SDK: Official Python MCP implementation
  • UV: Modern Python package and dependency manager
  • HTTPX: Async HTTP client for CISA API calls
  • Ollama: Local LLM integration for AI analysis

License

This project demonstrates MCP server implementation for educational and security research purposes.