This MCP server is inspired from debsecan utility on Debian to give list of vulnerable packages installed on the system. The server will expose following tools:

It will use the installed package list generated by initialized module and vulnerability data which is prepared in initialize module to get a list of CVE on the system. It will then call categorise_vulnerabilities to categorise the vulnerabilities in critical, high, medium, low and negligible based on the EPSS score and severity of the vulnerability. It will then return the list of vulnerabilities. Make sure that function only returns CVE ID for each category with no other details.

This tool will take a list of CVEs and return the list of Vulnerability object with required details. It will internally use vulnerability objects prepared by initialization code.

The server will contain some resuable components which will be the main brain of the MCP server and the tools will be calling these when they are invoked.

Before MCP server starts it should initialize few things globally which can be used by tools function without needing to call things repeatedly.

1. It will call epss.download_epss() to download the EPSS data and prepare a map of the CVEs along with their scores.
2. It will call package.get_installed_packages() to get the list of packages installed on the system.
3. It will call vulnerability.fetch_data() to download the CVE data from the security tracker of Debian and prepare a map of the CVEs along with their details.

All this data will be then available for the tool functions to re-use.

This module will be responsible for fetching the EPSS score from the EPSS API and preparing a map of the CVEs along with their scores. It will be used to enrich Vulnerability object with EPSS score.

Check this code for function for downloading epss and loading epss cve maps [5]

This module essentially deals with packages on the system. It will have a class PackageFile similar to debsecan.PackageFile [2] which will be used to read the package files and prepare the data for Vulnerability class. It will also have a class Version similar to debsecan.Version [3] which will be used to compare versions of packages.

Models on the debsecan.PackageFile class [2]. This class will be used to read the package files and prepare the data for Vulnerability class.

Models on the debsecan.Version class [3]. This class will be used to compare versions of packages.

It will have following functions

This function will be used to get the list of installed packages on the system. It will read /var/lib/dpkg/status or access the package information via subprocess module to return list of packages installed on the system. It will return a list of PackageFile objects.

This module mostly deals with fetching the CVE data from the security tracker of Debian parsing and preparing a map of the CVEs along with their details. This module will be used by both tools.

It will have classes based on original debsecan code

A class describing vulnerability packages etc to be modelled on debsecan.Vulnerability class [1]. The vulnerability object is such that when converting to string it should give minimum yet comprehensive details of the vulnerability. Idea is to reduce token for LLM when using this object.

Will be closely modeled on what the debsecan is doing in its function debsecan.fetch_data and return values are similar to original function [4]. The code is just modeled on this and need not be the same as the original code.

Given a CVE it will return a vulnerability object consturcted in fetch_data by enriching the data with EPSS score from epss module.

Takes list of CVE and then uses the Vulnerability object from vulnerability module to categroise the vulnerabilities in

[1] https://gitlab.com/fweimer/debsecan/-/blob/master/src/debsecan?ref_type=heads#L416 [2] https://gitlab.com/fweimer/debsecan/-/blob/master/src/debsecan?ref_type=heads#L115 [3] https://gitlab.com/fweimer/debsecan/-/blob/master/src/debsecan?ref_type=heads#L80 [4] https://gitlab.com/fweimer/debsecan/-/blob/master/src/debsecan?ref_type=heads#L495 [5] https://github.com/copyninja/notebooks/blob/main/langchain/secscan-common.ipynb