Happy slice of mcp pizzaMCP.pizza

nessus-mcp-server

MCP.Pizza Chef: Cyreslab-AI

The nessus-mcp-server is an MCP server that integrates the Tenable Nessus vulnerability scanner with AI assistants. It enables starting, monitoring, and managing vulnerability scans, retrieving scan results, and detailed vulnerability analysis through the MCP protocol. It supports a mock mode for testing without requiring a Nessus API key, making it ideal for secure, automated vulnerability management workflows.

Use This MCP server To

Start and monitor vulnerability scans on specified network targets Retrieve and analyze detailed vulnerability scan results List and select Nessus scan templates for customized scans Search for specific vulnerabilities and get detailed info Test vulnerability scanning workflows using mock mode without API keys

README

Nessus MCP Server

A Model Context Protocol (MCP) server for interacting with the Tenable Nessus vulnerability scanner. This server allows AI assistants to perform vulnerability scanning and analysis through the MCP protocol.

Features

  • Vulnerability Scanning: Start and monitor vulnerability scans against specified targets
  • Scan Management: List, track, and retrieve results from vulnerability scans
  • Vulnerability Analysis: Search for and get detailed information about specific vulnerabilities
  • Mock Mode: Fully functional mock mode for testing without a Nessus API key

Tools

The server provides the following tools:

Tool Name Description
list_scan_templates List available Nessus scan templates
start_scan Start a new vulnerability scan against a target
get_scan_status Check the status of a running scan
get_scan_results Get the results of a completed scan
list_scans List all scans and their status
get_vulnerability_details Get detailed information about a specific vulnerability
search_vulnerabilities Search for vulnerabilities by keyword

Installation

Prerequisites

  • Node.js 16 or higher
  • TypeScript (for development)

Building from Source

  1. Clone the repository:

    git clone https://github.com/Cyreslab-AI/nessus-mcp-server.git
cd nessus-mcp-server

  2. Install dependencies:

    npm install

  3. Build the server:

    npm run build

Usage

Running in Mock Mode

By default, the server runs in mock mode, which doesn't require a Nessus API key:

node build/index.js

Running with Nessus API

To connect to a real Nessus instance, set the following environment variables:

NESSUS_URL=https://your-nessus-instance:8834
NESSUS_ACCESS_KEY=your-access-key
NESSUS_SECRET_KEY=your-secret-key

Then run the server:

node build/index.js

Using with Claude for Desktop

To use this server with Claude for Desktop:

  1. Edit your Claude for Desktop configuration file:

    • macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
    • Windows: %APPDATA%\Claude\claude_desktop_config.json

  2. Add the server configuration:

{
  "mcpServers": {
    "nessus": {
      "command": "node",
      "args": ["/path/to/nessus-mcp-server/build/index.js"],
      "env": {
        "NESSUS_URL": "https://your-nessus-instance:8834",
        "NESSUS_ACCESS_KEY": "your-access-key",
        "NESSUS_SECRET_KEY": "your-secret-key"
      }
    }
  }
}

For mock mode, you can omit the env section.

Example Interactions

Starting a Scan

start_scan:
  target: 192.168.1.1
  scan_type: basic-network-scan

Getting Scan Results

get_scan_results:
  scan_id: scan-1234567890

Searching for Vulnerabilities

search_vulnerabilities:
  keyword: log4j

Development

Project Structure

  • src/index.ts: Main server entry point
  • src/nessus-api.ts: Nessus API client with mock fallback
  • src/mock-data.ts: Mock vulnerability data for testing
  • src/tools/: Tool implementations
  • src/utils/: Utility functions

Adding New Tools

  1. Define the tool schema and handler in the appropriate file in src/tools/
  2. Import and register the tool in src/index.ts

License

MIT

Disclaimer

This server is not affiliated with or endorsed by Tenable. Nessus is a trademark of Tenable, Inc.

nessus-mcp-server FAQ

How does the nessus-mcp-server interact with the Nessus scanner?
It uses the Nessus API to start scans, retrieve results, and perform vulnerability analysis via the MCP protocol.
Can I use the nessus-mcp-server without a Nessus API key?
Yes, it includes a fully functional mock mode for testing without an API key.
What types of scans can I start with this MCP server?
You can start vulnerability scans using predefined Nessus scan templates or custom targets.
How does the server handle scan result retrieval?
It allows listing, tracking, and fetching detailed scan results for analysis.
Is the nessus-mcp-server suitable for automated security workflows?
Yes, it enables AI assistants to automate vulnerability scanning and analysis securely.
Does the server support integration with multiple LLM providers?
Yes, it is designed to work with various LLMs like OpenAI, Claude, and Gemini through the MCP protocol.
How secure is the communication between the MCP client and the nessus-mcp-server?
The server follows MCP principles for secure, scoped, and observable interactions to protect sensitive scan data.
Can I customize scan parameters through the MCP server?
Yes, you can select scan templates and specify targets to tailor scans to your needs.