io.github.megabrainee/sectora
Official14 toolsThreat intel + your scans/findings/Shield posture. CVE, EPSS, KEV, package vuln lookup, DAST.
Threat intelligence, CVE lookup, EPSS scores, and vulnerability scanning.
Captured live from the server via tools/list.
lookup_cve
Get full threat intelligence enrichment for a CVE including EPSS score, CISA KEV status, public exploits, Nuclei templates, risk level, and risk factors. Input must be a valid CVE ID.
Parameters (1)
- cve_idstringrequired
CVE identifier in format CVE-YYYY-NNNNN (e.g., CVE-2024-3400)
assess_tech_risk
Assess security risk for a list of technologies. Returns known CVEs affecting each technology with severity breakdown. Input: comma-separated technology names only.
Parameters (1)
- technologiesstringrequired
Comma-separated list of technology names (e.g., "Apache HTTP Server, OpenSSL, nginx"). Max 50 technologies.
search_cves
Search for CVEs by keyword, severity, or other filters. Query must be alphanumeric text.
Parameters (4)
- querystringrequired
Search keyword (CVE ID, technology name, or description)
- severitystring
Filter by severity
- is_kevstring
Only show CVEs in CISA KEV catalog
- has_exploitstring
Only show CVEs with public exploits
get_kev_recent
Get recently added entries to the CISA Known Exploited Vulnerabilities (KEV) catalog.
Parameters (1)
- daysstring
Number of days to look back (1-365, default: 30)
get_trending_cves
Get currently trending CVEs based on recent KEV additions, high EPSS scores, and exploit availability.
Parameters (1)
- limitstring
Maximum results to return (1-100, default: 20)
get_weaponization_score
Get the weaponization score (0-100) for a CVE. Factors in EPSS, KEV status, exploit availability, Nuclei templates, and CVSS. Input must be a valid CVE ID.
Parameters (1)
- cve_idstringrequired
CVE identifier in format CVE-YYYY-NNNNN (e.g., CVE-2024-3400)
lookup_ip_reputation
Look up community IP reputation from Sectora Shield WAF network. Shows if an IP has been reported for attacks. Accepts IPv4 or IPv6 (the Shield network sees both).
Parameters (1)
- ipstringrequired
IPv4 (e.g., 1.2.3.4) or IPv6 (e.g., 2606:4700::1) address to look up
get_threat_stats
Get statistics about the Sectora threat intelligence database including counts of EPSS scores, KEV entries, Nuclei templates, and exploits. No input required.
No parameters.
list_my_findings
List the API key owner's open security findings across all scans. Use this to answer "what's my current exposure?" Filter by severity, status, or domain. Returns finding summaries; call get_scan for full detail. Requires API key.
Parameters (4)
- severitystring
Comma-separated severities to include: critical, high, medium, low, info
- statusstring
Filter by confirmation status
- domainstring
Limit to a single domain (e.g., app.example.com)
- limitstring
Max findings (1-100, default: 25)
list_my_scans
List the API key owner's recent scans with summary counts. Requires API key.
Parameters (2)
- limitstring
Max scans (1-100, default: 25)
- statusstring
Filter by status (queued, running, completed, failed)
get_scan
Get a scan with all its findings (full detail: title, description, evidence, remediation, CVSS). Requires API key.
Parameters (1)
- scan_idstringrequired
Scan UUID
scan_url
Kick off a DAST security scan against a public URL the API key owner controls. Two-step flow: first call returns a preview (target, profile, ETA, quota remaining); confirm by calling again with confirm:true to actually start the scan. Returns scan_id; poll status with get_scan. Domain must be verified in the Sectora account. Daily quota: 25 scans/24h per user. Requires API key.
Parameters (3)
- urlstringrequired
Full URL to scan (must start with http:// or https://)
- profilestring
Scan profile: quick (~2 min), standard (~10 min), deep (~30 min)
- confirmstring
Set to "true" to actually execute the scan. Without this, the call returns a preview only.
get_my_posture
Get Shield WAF posture score and breakdown for a domain registered under this account. Returns 0-100 score, letter grade, per-component breakdown (origin lock, virtual patching, TLS, etc.), and edge_health (whether Shield is actually intercepting traffic). Requires API key.
Parameters (1)
- domainstringrequired
Domain registered under your Sectora account
assess_dependency
Check a single package@version for known vulnerabilities via OSV.dev (npm, PyPI, Go, Maven, NuGet, RubyGems, Packagist, crates.io, etc.). Returns advisories with CVE IDs, severity, fixed versions, and references. Free tier eligible.
Parameters (3)
- namestringrequired
Package name (e.g., "lodash", "django", "github.com/gorilla/mux")
- versionstringrequired
Exact version (e.g., "4.17.20")
- ecosystemstringrequired
Package ecosystem: npm, PyPI, Go, Maven, NuGet, RubyGems, Packagist, crates.io
README not available yet.
Install
claude_desktop_config.json
{
"mcpServers": {
"sectora": {
"command": "npx",
"args": [
"-y",
"mcp-remote",
"https://mcp.sectora.io/mcp"
]
}
}
}Desktop config is stdio-only; this bridges via mcp-remote. Native remote: Settings > Connectors.