kali-mcp

k3nn3dy-ai/kali-mcp

3.3

If you are the rightful owner of kali-mcp and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to henry@mcphub.com.

The Kali MCP Server is a Docker containerized server running on Kali Linux, providing AI assistants with access to a comprehensive suite of security tools.

Tools

  1. run

    Execute security tools and commands in the Kali Linux environment.

  2. fetch

    Retrieve and analyze web content from specified URLs.

  3. resources

    List available system resources and command examples.

  4. vulnerability_scan

    Perform automated vulnerability assessment with multiple tools.

  5. web_enumeration

    Perform comprehensive web application discovery and enumeration.

πŸ›‘οΈ Kali MCP Server

A production-ready MCP (Model Context Protocol) server running in a Kali Linux Docker container, providing AI assistants with access to a comprehensive security toolset.

Kali Linux Docker Python

πŸ“‹ Overview

This project provides a Docker containerized MCP server that runs on Kali Linux, giving AI assistants (like Claude) access to a full suite of security and penetration testing tools. The server communicates via Server-Sent Events (SSE) and allows AI to execute commands in a controlled environment with appropriate security measures.

✨ Features

  • πŸ”’ Security Tools Access: Full access to Kali Linux security toolset through a controlled interface
  • πŸ›‘οΈ Command Validation: Commands are validated against an allowlist for security
  • 🌐 Web Content Fetching: Retrieve and analyze web content
  • πŸ“Š Resource Information: Comprehensive system resource details and command examples
  • πŸ‘€ Security Focus: Running as non-root user with appropriate permissions

πŸ”§ Pre-installed Security Tools

  • πŸ” Network Scanning: nmap, netcat
  • πŸ•ΈοΈ Web Application Testing: nikto, gobuster, dirb
  • πŸ§ͺ Penetration Testing: metasploit-framework
  • πŸ”‘ Credential Testing: hydra
  • πŸ’‰ Data Extraction: sqlmap
  • ℹ️ Information Gathering: whois, dig, host

πŸš€ Quick Start

🐳 Building and Running the Container

# Quick start with the helper script
./run_docker.sh

# Or manually:
# Build the Docker image
docker build -t kali-mcp-server .

# Run with default settings (SSE mode on port 8000)
docker run -p 8000:8000 kali-mcp-server

πŸ”Œ Connecting to Claude Desktop

  1. Edit your Claude Desktop config file:

    • Location: ~/Library/Application Support/Claude/claude_desktop_config.json
    • Add this configuration: 
      {
  "mcpServers": {
    "kali-mcp-server": {
      "transport": "sse",
      "url": "http://localhost:8000/sse",
      "command": "docker run -p 8000:8000 kali-mcp-server"
    }
  }
}

  2. Restart Claude Desktop

  3. Test the connection with a simple command:

    /run nmap -F localhost

πŸ› οΈ Available MCP Tools

The server provides several tools through the MCP protocol:

πŸ’» run - Execute Commands

Run security tools and commands in the Kali Linux environment.

/run nmap -F localhost

Commands are validated against an allowlist for security. Long-running commands will be executed in the background with results saved to an output file.

🌐 fetch - Retrieve Web Content

Fetch and analyze web content from specified URLs.

/fetch https://example.com

πŸ“ˆ resources - List Available Resources

Get information about the system and available commands. (The AI can use these resources to run the commands on you behalf using Natural Language.)

/resources

πŸš€ vulnerability_scan - Automated Vulnerability Assessment

Perform automated vulnerability assessment with multiple tools.

/vulnerability_scan target=127.0.0.1 scan_type=quick
/vulnerability_scan target=example.com scan_type=comprehensive

Scan Types:

  • quick: Fast scan with nmap and nikto
  • comprehensive: Full scan with multiple tools
  • web: Web-focused vulnerability assessment
  • network: Network-focused vulnerability assessment

🌐 web_enumeration - Web Application Discovery

Perform comprehensive web application discovery and enumeration.

/web_enumeration target=http://example.com enumeration_type=full
/web_enumeration target=example.com enumeration_type=aggressive

Enumeration Types:

  • basic: Basic web enumeration with nikto and gobuster
  • full: Comprehensive enumeration including vhost discovery
  • aggressive: Aggressive enumeration with SQL injection testing

πŸ” network_discovery - Network Reconnaissance

Perform multi-stage network reconnaissance and discovery.

/network_discovery target=192.168.1.0/24 discovery_type=comprehensive
/network_discovery target=example.com discovery_type=stealth

Discovery Types:

  • quick: Quick network discovery
  • comprehensive: Comprehensive network mapping
  • stealth: Stealthy network reconnaissance

πŸ” exploit_search - Exploit Database Search

Search for exploits using searchsploit and other exploit databases.

/exploit_search search_term=apache search_type=web
/exploit_search search_term=CVE-2021-44228 search_type=all

Search Types:

  • all: Search all exploit types
  • web: Web application exploits
  • remote: Remote exploits
  • local: Local exploits
  • dos: Denial of service exploits

πŸ’Ύ save_output - Save Content to File

Save content to a timestamped file for evidence collection.

/save_output content="Scan results here" filename=my_scan category=scan
/save_output content="Enumeration data" category=enum

Categories:

  • general: General content (default)
  • scan: Vulnerability scan results
  • enum: Enumeration results
  • evidence: Evidence collection

πŸ“‹ create_report - Generate Structured Reports

Generate a structured report from findings.

/create_report title="Security Assessment Report" findings="Vulnerabilities found..." report_type=markdown
/create_report title="Network Scan Results" findings="Open ports..." report_type=json

Report Types:

  • markdown: Markdown format (default)
  • text: Plain text format
  • json: JSON format

πŸ” file_analysis - Analyze Files

Analyze a file using various tools (file type, strings, hash).

/file_analysis filepath=./suspicious_file
/file_analysis filepath=/path/to/downloaded/file

Analysis includes:

  • File type detection
  • String extraction
  • SHA256 hash
  • File metadata
  • Content preview

πŸ“₯ download_file - Download Files

Download a file from a URL and save it locally.

/download_file url=https://example.com/file.txt filename=downloaded_file
/download_file url=https://example.com/script.sh

Features:

  • Automatic filename extraction from URL
  • SHA256 hash generation
  • Content-type detection
  • Safe filename sanitization

πŸ—‚οΈ session_create - Create New Session

Create a new pentest session with name, description, and target.

/session_create session_name="web_app_test" description="Web application security assessment" target="example.com"
/session_create session_name="network_scan" target="192.168.1.0/24"

Features:

  • Session metadata storage
  • Automatic session activation
  • Organized file structure

πŸ“‹ session_list - List Sessions

List all pentest sessions with metadata and status.

/session_list

Shows:

  • All available sessions
  • Active session indicator
  • Session descriptions and targets
  • Creation dates and history counts

πŸ”„ session_switch - Switch Sessions

Switch to a different pentest session.

/session_switch session_name="web_app_test"

Features:

  • Validates session existence
  • Updates active session
  • Shows session details after switch

πŸ“Š session_status - Session Status

Show current session status and summary.

/session_status

Shows:

  • Active session details
  • Session metadata
  • File count and history
  • Recent activity

πŸ—‘οΈ session_delete - Delete Session

Delete a pentest session and all its evidence.

/session_delete session_name="old_session"

Safety Features:

  • Cannot delete active session
  • Confirms deletion with session details
  • Removes all session files and evidence

πŸ“œ session_history - Session History

Show command/evidence history for the current session.

/session_history

Shows:

  • Chronological history of activities
  • Action types and timestamps
  • Session-specific evidence tracking

Enhanced Web Application Testing Tools

πŸ•·οΈ Spider Website

Comprehensive web crawling and spidering using gospider.

/spider_website url=https://example.com depth=2 threads=10

Parameters:

  • url (required): Target URL to spider
  • depth (optional): Crawling depth (default: 2)
  • threads (optional): Number of concurrent threads (default: 10)

πŸ“ Form Analysis

Discover and analyze web forms for security testing.

/form_analysis url=https://example.com scan_type=comprehensive

Parameters:

  • url (required): Target URL to analyze
  • scan_type (optional): Type of analysis - "basic", "comprehensive", "aggressive" (default: "comprehensive")

πŸ“‹ Header Analysis

Analyze HTTP headers for security information and misconfigurations.

/header_analysis url=https://example.com include_security=true

Parameters:

  • url (required): Target URL to analyze
  • include_security (optional): Include security header analysis (default: true)

πŸ” SSL Analysis

Perform SSL/TLS security assessment using testssl.sh.

/ssl_analysis url=example.com port=443

Parameters:

  • url (required): Target URL to analyze
  • port (optional): SSL port (default: 443)

πŸ” Subdomain Enumeration

Perform subdomain enumeration using multiple tools (subfinder, amass, waybackurls).

/subdomain_enum url=example.com enum_type=comprehensive

Parameters:

  • url (required): Target domain to enumerate
  • enum_type (optional): Type of enumeration - "basic", "comprehensive", "aggressive" (default: "comprehensive")

πŸ” Web Audit

Perform comprehensive web application security audit.

/web_audit url=https://example.com audit_type=comprehensive

Parameters:

  • url (required): Target URL to audit
  • audit_type (optional): Type of audit - "basic", "comprehensive", "aggressive" (default: "comprehensive")

Tools Used in Web Audit:

  • Nikto (web vulnerability scanner)
  • Gobuster (directory/vhost enumeration)
  • SQLMap (SQL injection testing)
  • Dirb (directory enumeration)
  • TestSSL.sh (SSL/TLS analysis)
  • Curl (header analysis)

Session Management Tools

⚠️ Troubleshooting

πŸ”Œ Connection Issues

  • Ensure port 8000 is available on your machine
  • Check that the Docker container is running: docker ps
  • Verify the URL in Claude Desktop configuration matches the container's port

βš™οΈ Command Execution Problems

  • If commands timeout, try running them in the background: command > output.txt &
  • Use /resources to see examples of properly formatted commands
  • For permission errors, ensure you're not trying to access protected system areas

πŸ”’ Security Considerations

This container provides access to powerful security tools. Please observe the following:

  • Use responsibly and only in controlled environments
  • The container is designed to be run locally and should not be exposed to the internet
  • Commands are validated against an allowlist for security
  • The server runs as a non-root user inside the container
  • Only use this tool for legitimate security testing with proper authorization

πŸ“‹ Requirements

  • Docker
  • Claude Desktop or other SSE enabled MCP clients
  • Port 8000 available on your host machine

πŸ‘¨β€πŸ’» Development

πŸ› οΈ Setting Up a Development Environment

# Clone the repository
git clone https://github.com/yourusername/kali-mcp-server.git
cd kali-mcp-server

# Create a virtual environment
python -m venv .venv
source .venv/bin/activate  # On Windows: .venv\Scripts\activate

# Install dependencies
pip install -r requirements.txt

# Install development dependencies
pip install -e ".[dev]"

πŸ§ͺ Running Tests

# Run tests with the helper script
./run_tests.sh

# Or manually:
# Run all tests
pytest

# Run with coverage
pytest --cov=kali_mcp_server

πŸ™ Acknowledgements

  • Kali Linux for their security-focused distribution
  • Anthropic for Claude and the MCP protocol
  • The open-source security tools community

Built for security professionals and AI assistants