nsauditor-ai 0.1.2 → 0.1.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +16 -5
- package/mcp_server.mjs +13 -6
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -264,25 +264,36 @@ Security: SSRF protection on all host inputs (blocks RFC 1918, loopback, fc00::/
|
|
|
264
264
|
|
|
265
265
|
### Claude Desktop Setup
|
|
266
266
|
|
|
267
|
-
|
|
267
|
+
First install the package globally:
|
|
268
|
+
|
|
269
|
+
```bash
|
|
270
|
+
npm install -g nsauditor-ai
|
|
271
|
+
```
|
|
272
|
+
|
|
273
|
+
Then add this to your `claude_desktop_config.json` (Settings → Developer → Edit Config):
|
|
268
274
|
|
|
269
275
|
```json
|
|
270
276
|
{
|
|
271
277
|
"mcpServers": {
|
|
272
278
|
"nsauditor-ai": {
|
|
273
|
-
"command": "
|
|
274
|
-
"args": ["nsauditor-ai
|
|
279
|
+
"command": "node",
|
|
280
|
+
"args": ["/path/to/global/node_modules/nsauditor-ai/mcp_server.mjs"],
|
|
275
281
|
"env": {
|
|
276
282
|
"AI_PROVIDER": "claude",
|
|
277
283
|
"ANTHROPIC_API_KEY": "your-key-here",
|
|
278
|
-
"NSA_ALLOW_ALL_HOSTS": "1"
|
|
284
|
+
"NSA_ALLOW_ALL_HOSTS": "1",
|
|
285
|
+
"PLUGIN_TIMEOUT_MS": "5000"
|
|
279
286
|
}
|
|
280
287
|
}
|
|
281
288
|
}
|
|
282
289
|
}
|
|
283
290
|
```
|
|
284
291
|
|
|
285
|
-
|
|
292
|
+
Find your global install path with `npm root -g`, then append `/nsauditor-ai/mcp_server.mjs`.
|
|
293
|
+
|
|
294
|
+
- `NSA_ALLOW_ALL_HOSTS=1` — required to scan private/RFC 1918 addresses (e.g., `192.168.x.x`)
|
|
295
|
+
- `PLUGIN_TIMEOUT_MS=5000` — reduces per-plugin timeout to 5s so the full scan completes within Claude Desktop's 60s MCP limit
|
|
296
|
+
- `AI_PROVIDER` and API key — optional, enables AI-powered analysis of scan results
|
|
286
297
|
|
|
287
298
|
### Claude Code Setup
|
|
288
299
|
|
package/mcp_server.mjs
CHANGED
|
@@ -8,6 +8,10 @@
|
|
|
8
8
|
// import { createServer, toolHandlers } from './mcp_server.mjs' — for testing
|
|
9
9
|
|
|
10
10
|
import { createRequire } from 'node:module';
|
|
11
|
+
import { dirname } from 'node:path';
|
|
12
|
+
import { fileURLToPath } from 'node:url';
|
|
13
|
+
|
|
14
|
+
const __dirname = dirname(fileURLToPath(import.meta.url));
|
|
11
15
|
import { Server } from '@modelcontextprotocol/sdk/server/index.js';
|
|
12
16
|
import { resolveAndValidate } from './utils/net_validation.mjs';
|
|
13
17
|
import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
|
|
@@ -65,7 +69,7 @@ let _nvdClient = null;
|
|
|
65
69
|
async function getPluginManager() {
|
|
66
70
|
if (_pluginManager) return _pluginManager;
|
|
67
71
|
const { default: PluginManager } = await import('./plugin_manager.mjs');
|
|
68
|
-
_pluginManager = await PluginManager.create(
|
|
72
|
+
_pluginManager = await PluginManager.create(`${__dirname}/plugins`);
|
|
69
73
|
return _pluginManager;
|
|
70
74
|
}
|
|
71
75
|
|
|
@@ -194,11 +198,14 @@ export async function validateHost(host) {
|
|
|
194
198
|
throw new Error('Scanning loopback, link-local, or metadata addresses is not allowed via MCP');
|
|
195
199
|
}
|
|
196
200
|
|
|
197
|
-
// DNS resolution check — catches rebinding, decimal/octal IPs, IPv6-mapped addrs
|
|
198
|
-
|
|
199
|
-
|
|
200
|
-
|
|
201
|
-
|
|
201
|
+
// DNS resolution check — catches rebinding, decimal/octal IPs, IPv6-mapped addrs.
|
|
202
|
+
// NSA_ALLOW_ALL_HOSTS=1 bypasses RFC 1918 checks for local network auditing.
|
|
203
|
+
if (!process.env.NSA_ALLOW_ALL_HOSTS) {
|
|
204
|
+
try {
|
|
205
|
+
await resolveAndValidate(h);
|
|
206
|
+
} catch (err) {
|
|
207
|
+
throw new Error('Scanning loopback, link-local, or metadata addresses is not allowed via MCP');
|
|
208
|
+
}
|
|
202
209
|
}
|
|
203
210
|
return h;
|
|
204
211
|
}
|