Rapid7 InsightVM MCP Server
Equip your AI to interact directly with Rapid7 InsightVM, extracting vulnerability assessments, scanning network assets, and launching immediate scans.
Ask AI about this MCP Server
Vinkius supports streamable HTTP and SSE.
* Every MCP server runs on Vinkius-managed infrastructure inside AWS - a purpose-built runtime with per-request V8 isolates, Ed25519 signed audit chains, and sub-40ms cold starts optimized for native MCP execution. See our infrastructure
What is the Rapid7 InsightVM MCP Server?
The Rapid7 InsightVM MCP Server gives AI agents like Claude, ChatGPT, and Cursor direct access to Rapid7 InsightVM via 10 tools. Equip your AI to interact directly with Rapid7 InsightVM, extracting vulnerability assessments, scanning network assets, and launching immediate scans. Powered by the Vinkius - no API keys, no infrastructure, connect in under 2 minutes.
Built-in capabilities (10)
Tools for your AI Agents to operate Rapid7 InsightVM
Ask your AI agent "Fetch the list of network sites currently managed by Rapid7." and get the answer without opening a single dashboard. With 10 tools connected to real Rapid7 InsightVM data, your agents reason over live information, cross-reference it with other MCP servers, and deliver insights you would spend hours assembling manually.
Works with Claude, ChatGPT, Cursor, and any MCP-compatible client. Powered by the Vinkius - your credentials never touch the AI model, every request is auditable. Connect in under two minutes.
Why teams choose Vinkius
One subscription gives you access to thousands of MCP servers - and you can deploy your own to the Vinkius Edge. Your AI agents only access the data you authorize, with DLP that blocks sensitive information from ever reaching the model, kill switch for instant shutdown, and up to 60% token savings. Enterprise-grade infrastructure and security, zero maintenance.
Build your own MCP Server with our secure development framework →Vinkius works with every AI agent you already use
…and any MCP-compatible client
Rapid7 InsightVM MCP Server capabilities
10 toolsRetrieves detailed information for a specific asset
Lists all vulnerabilities found on a specific asset
Retrieves execution status and results for a specific scan
Retrieves details for a specific network site
Retrieves details for a specific vulnerability ID
Lists all discovered computing assets
Lists chronological assessment scans
Lists all configured network scan sites
Lists global vulnerability definitions
Forces an immediate vulnerability scan for a site
What the Rapid7 InsightVM MCP Server unlocks
Connect your Rapid7 InsightVM (formerly Nexpose) platform directly to your AI agent. By granting this access, your AI becomes a highly interactive cybersecurity assistant, allowing engineers and security analysts to query vulnerabilities, review asset health, and start scans right from their workspace or IDE.
What you can do
- Asset Querying — Retrieve comprehensive inventory lists to discover all tracked computing assets and read their operating system fingerprints and hardware information.
- Vulnerability Checks — Scan specific assets to instantly read CVE numbers mapped against them, alongside full vulnerability advisories and remediation guidelines.
- Scan Operations — Read chronologically maintained assessment scans and track their execution status without jumping between consoles.
- Site Management — Explore configured network sites, observing their designated scanning scopes and reviewing overall health risks.
- Trigger Scanning — Force an immediate re-evaluation scan on a specified site after applying a patch, validating your resolution securely.
How it works
1. Authorize the server module inside your environment.
2. Add the URL and port of your Rapid7 Security Console alongside a dedicated set of credentials (username and password) configured as Basic Authentication.
3. Chat with your AI to start asking about the latest threats affecting your domain servers.
Who is this for?
- Cybersecurity Analysts (SOC) — Analyze identified security flaws and fetch CVE details and remediation instructions without leaving their incident response platform.
- DevOps & SysAdmins — Quickly order a vulnerability assessment on a subnet after applying OS updates to check if the threat is successfully patched.
- Network Engineers — Evaluate site configurations directly when provisioning new subnets to ensure full scanning scope coverage.
Frequently asked questions about the Rapid7 InsightVM MCP Server
How do I configure my credentials for Rapid7?
The integration uses Basic Authentication interacting with the Rapid7 Console API. You must configure the RAPID7_HOST (IP or FQDN), RAPID7_PORT (usually 3780), along with a dedicated RAPID7_USER and RAPID7_PASSWORD. We strongly recommend generating a specific service account in your console with restricted scan permissions.
Is the scanning triggered individually per asset?
By default, the trigger_scan mechanism relies on referencing a defined site_id, scanning the preconfigured scope attached to it rather than blindly scanning one unassociated IP.
Does it report CVSS scores?
Yes, depending on the response data provided by your installed version of the InsightVM console. Using get_vulnerability or checking asset lists brings standard threat metadata and corresponding CVSS vectors directly into your AI interface context.
More in this category
Semgrep
10 toolsEquip your AI agent with read/write access to Semgrep's SAST platform to audit code security findings, update triage statuses, and enforce custom semantic rules.
OFAC Sanctions Service
10 toolsAccess authoritative sanctions data via OFAC SLS — track SDN lists, entities, and version history directly from your AI agent.
Google Cloud Storage
12 toolsManage your GCS buckets and objects — list files, upload data, and audit permissions via AI.
You might also like
Junip
10 toolsManage product reviews, questions, and campaigns via Junip API.
LibraryThing
4 toolsLook up books by ISBN, explore works, and check library coverage — a bibliographic intelligence tool for AI agents.
Pennylane
13 toolsManage French accounting workflows via Pennylane — track invoices, customers, suppliers, and synchronize estimates dynamically using AI.
Connect Rapid7 InsightVM with your favorite client
Step-by-step setup guides for every MCP-compatible client and framework:
Anthropic's native desktop app for Claude with built-in MCP support.
AI-first code editor with integrated LLM-powered coding assistance.
GitHub Copilot in VS Code with Agent mode and MCP support.
Purpose-built IDE for agentic AI coding workflows.
Autonomous AI coding agent that runs inside VS Code.
Anthropic's agentic CLI for terminal-first development.
Python SDK for building production-grade OpenAI agent workflows.
Google's framework for building production AI agents.
Type-safe agent development for Python with first-class MCP support.
TypeScript toolkit for building AI-powered web applications.
TypeScript-native agent framework for modern web stacks.
Python framework for orchestrating collaborative AI agent crews.
Leading Python framework for composable LLM applications.
Data-aware AI agent framework for structured and unstructured sources.
Microsoft's framework for multi-agent collaborative conversations.
Give your AI agents the power of Rapid7 InsightVM MCP Server
Production-grade Rapid7 InsightVM MCP Server. Verified, monitored, and maintained by Vinkius. Ready for your AI agents — connect and start using immediately.