Install Now
nessus-mcp-gateway
Facilitates interaction with the Tenable Nessus vulnerability assessment engine, enabling automated execution of security scans, status monitoring, result retrieval, and vulnerability data querying via a standardized protocol interface.
Author
Cyreslab-AI
Quick Info
GitHub Stars 9
Weekly Downloads 0Actions
Tags
Nessus Model Context Protocol Gateway
This component serves as an MCP (Model Context Protocol) endpoint engineered to interface with the Tenable Nessus vulnerability scanner infrastructure. It permits autonomous agents to orchestrate comprehensive security assessments and analyze findings through a defined, uniform communication structure.
Core Capabilities
- Security Assessment Execution: Initiate and oversee vulnerability scans targeting specified network assets.
- Lifecycle Management: Catalog, track progress, and extract final reports from initiated scans.
- Remediation Intelligence: Query for exhaustive specifics regarding identified security flaws.
- Simulation Mode: Full operational capability in a mock environment, negating the requirement for live Nessus credentials.
Provided Functions
The gateway exposes the following functional modules:
| Module Identifier | Purpose |
|---|---|
list_scan_templates |
Retrieve the catalog of available Nessus scanning profiles |
start_scan |
Launch a novel vulnerability evaluation on defined hosts |
get_scan_status |
Poll the current state of an active scanning job |
get_scan_results |
Obtain the comprehensive output from a finished assessment |
list_scans |
Present an inventory of all managed scans and their states |
get_vulnerability_details |
Fetch granular data for a particular security defect |
search_vulnerabilities |
Perform targeted searches based on textual descriptors |
Setup & Deployment
Dependencies
- Node.js runtime environment (version 16 or newer)
- TypeScript toolchain (recommended for source modification)
Compilation Steps
- Obtain the source code repository:
git clone https://github.com/Cyreslab-AI/nessus-mcp-server.git cd nessus-mcp-server
- Install necessary project dependencies:
npm install
- Compile the application source:
npm run build
Operational Execution
Utilizing Simulation Mode
The system defaults to simulation mode, requiring no Nessus authentication credentials:
node build/index.js
Connecting to a Production Nessus Instance
Configure the following environment variables to interface with a live Nessus deployment:
NESSUS_URL=https://your-nessus-instance:8834 NESSUS_ACCESS_KEY=your-access-key NESSUS_SECRET_KEY=your-secret-key
Execute the server with these variables set:
node build/index.js
Integration with Claude Desktop Client
To integrate this service with the Claude desktop application, modify the client's configuration file:
- macOS:
~/Library/Application Support/Claude/claude_desktop_config.json - Windows:
%APPDATA%\Claude\claude_desktop_config.json
Insert the gateway configuration block:
{ "mcpServers": { "nessus": { "command": "node", "args": ["/path/to/nessus-mcp-server/build/index.js"], "env": { "NESSUS_URL": "https://your-nessus-instance:8834", "NESSUS_ACCESS_KEY": "your-access-key", "NESSUS_SECRET_KEY": "your-secret-key" } } } }
Omit the env section for standard mock execution.
Operational Examples
Initiating an Assessment
start_scan: target: 192.168.1.1 scan_type: basic-network-scan
Fetching Assessment Data
get_scan_results: scan_id: scan-1234567890
Querying for Flaw Details
search_vulnerabilities: keyword: log4j
Development Guidelines
Source Organization
src/index.ts: Primary application bootstrap routinesrc/nessus-api.ts: Abstraction layer for Nessus API calls, including simulation fallback logicsrc/mock-data.ts: Repository for synthetic vulnerability data used during testingsrc/tools/: Directory housing individual tool handler logicsrc/utils/: Auxiliary utility functions
Extending Functionality
- Define the schema specification and implementation handler within the relevant file in
src/tools/. - Integrate and register the new function within the main entry point,
src/index.ts.
Licensing
This software is distributed under the MIT License.
Legal Notice
This service is neither formally associated with nor officially endorsed by Tenable. Nessus is a registered trademark property of Tenable, Inc.
WIKIPEDIA: XMLHttpRequest (XHR) stands as an Application Programming Interface embodied by a JavaScript object structure. Its member functions facilitate the transmission of HTTP data requests from a web browser environment toward a designated web server. These capabilities permit client-side applications to dispatch communications to the server subsequent to the initial page load, and subsequently receive reciprocal data streams. XMLHttpRequest constitutes a foundational element of the Ajax programming paradigm. Before Ajax gained prominence, the prevailing methods for server interaction involved traditional hyperlink navigation and form submissions, actions that typically necessitated replacing the currently displayed webpage content.
== Chronology ==
The conceptual foundation for XMLHttpRequest was first formulated in the year 2000 by the development team behind Microsoft Outlook. This concept was subsequently realized within the Internet Explorer 5 browser revision (released in 1999). However, the initial implementation deviated from the eventual XMLHttpRequest identifier, instead employing COM object instantiations such as ActiveXObject("Msxml2.XMLHTTP") and ActiveXObject("Microsoft.XMLHTTP"). By the release of Internet Explorer 7 (2006), the standardized XMLHttpRequest identifier achieved universal adoption across all major browser platforms.
The XMLHttpRequest identifier has since become the established convention across all leading browser engines, including Mozilla's Gecko rendering core (2002), Safari version 1.2 (2004), and Opera version 8.0 (2005).
=== Formal Specifications === The World Wide Web Consortium (W3C) published an initial Working Draft specification detailing the XMLHttpRequest object on April 5, 2006. A subsequent Level 2 Working Draft followed on February 25, 2008. The Level 2 specification introduced augmentations such as progress monitoring methods, support for cross-origin requests, and the ability to manage raw byte streams. By the conclusion of 2011, the features defined in the Level 2 specification were formally integrated back into the primary standard document. At the close of 2012, stewardship over the standardization process transitioned to the WHATWG, which maintains a continuously evolving document utilizing the Web IDL specification language.
== Operational Use == Generally, the process of dispatching a request via XMLHttpRequest involves several distinct programming stages.
Instantiate an XMLHttpRequest object by invoking its constructor method:
Invoke the open method to define the request verb (method), specify the target Uniform Resource Identifier (URI), and determine whether the operation will proceed synchronously or asynchronously:
For asynchronous operations, establish an event handler callback mechanism designed to trigger upon state transitions:
Commence the data transmission by executing the send method, optionally supplying payload data:
Monitor the state transitions within the assigned event listener. Upon successful server processing and response reception, the state transitions to value 4, signifying the 'done' status, with the returned data typically residing in the responseText attribute.
Beyond these fundamental steps, XMLHttpRequest offers extensive configuration points to govern transmission behavior and data processing. Custom header fields can be appended to the request to convey specialized instructions to the server endpoint. Furthermore, data can be uploaded to the server via arguments provided to the send call. The resulting payload can be programmatically parsed from JSON structure into native JavaScript objects, or processed incrementally as data streams arrive, avoiding a full blocking wait. The operation permits premature cancellation or the application of a predefined timeout threshold.
== Inter-Domain Transactions ==
PNG Icons
