Marshal

Marshal MCP server automates vulnerability scanning tasks and integrates with the Marshal platform. It accepts vulnerability features and a list of URLs, generates nuclei scan POCs, uploads those POCs to Marshal, creates a scanning workflow, and submits scan tasks automatically. It supports both HTTP API and MCP protocol clients, and can be customized with parameters such as cluster, priority, port ranges, and scanning engines. To use, configure the server with the provided YAML configuration and start the binary; clients can then send MCP requests containing vuln_name, vuln_desc, urls, cluster, and other optional fields to trigger automated scanning workflows. The API path and token-based authentication ensure secure communication with the Marshal API for uploading POCs and managing scans. The server also allows setting scan parameters like interval_days, domain, ip, and engine to tailor scans to your environment.

Prerequisites:

• Go installed (for compilation if building from source)
• Git installed
• A Marshal API instance to integrate with

Installation steps:

1. Clone the repository git clone https://github.com/your-username/marshal-mcp.git cd marshal-mcp

2. Build the MCP server binary (Go-based) go build -o marshal-mcp .

3. Prepare configuration Create or edit config/config.yaml with at least: server: port: 8000 timeout: 60 api: url: "http://your-marshal-api-url" token: "your-api-token" Note: api.token is required for Marshal API authentication.

4. Run the server ./marshal-mcp --config=config/config.yaml

If you prefer a containerized approach, build a container image that contains the compiled marshal-mcp binary and run with the appropriate environment variables and mounted config file.

Tips and considerations:

• Ensure api.token in config/config.yaml is valid; the server automatically attaches it to all Marshal API requests.
• The configuration port should be open in your network to allow MCP clients to connect.
• If you modify the YAML config, restart the server to apply changes.
• When using MCP protocol clients, ensure requests include required fields such as vuln_name, vuln_desc, and urls. Optional fields like engine, domain, ip, port, and interval_days can customize scans.
• Regularly update the binary to pick up improvements and compatibility fixes with the Marshal API.
• If you encounter authentication errors, verify the token scope and that the Authorization header is correctly attached to outgoing API requests.