kali-penetrationtest-mcp-server by SalmanFaris7 - MCP Server

Kali Pentest MCP Server

A Model Context Protocol (MCP) server that provides secure access to web penetration testing tools from Kali Linux for educational purposes.

Purpose

This MCP server provides a secure interface for AI assistants to perform basic penetration testing and vulnerability scanning on whitelisted targets in a controlled Docker environment.

⚠️ IMPORTANT LEGAL NOTICE

This server is for EDUCATIONAL PURPOSES ONLY. You must:

Only test systems you own or have explicit written permission to test
Comply with all applicable laws and regulations
Never use these tools for unauthorized access or malicious purposes
Understand that unauthorized penetration testing is illegal

Features

Current Implementation

nmap_scan - Perform network port scanning with configurable scan types
nikto_scan - Run web vulnerability scanner to identify common issues
dirb_scan - Enumerate directories and files on web servers
wpscan_check - Scan WordPress sites for vulnerabilities
sqlmap_test - Test for SQL injection vulnerabilities
searchsploit - Search the Exploit Database for known exploits
check_target_whitelist - Display currently allowed testing targets
quick_recon - Run combined reconnaissance using multiple tools

Prerequisites

Docker Desktop with MCP Toolkit enabled
Docker MCP CLI plugin (docker mcp command)
Targets you own or have permission to test

Installation

See the step-by-step instructions provided with the files.

Usage Examples

In Claude Desktop, you can ask:

"Scan localhost port 80 with nmap"
"Check my local WordPress site at localhost:8080 for vulnerabilities"
"Search for Apache exploits in the database"
"Run a quick recon on my test server at 127.0.0.1"
"Show me the whitelisted targets"
"Test localhost/login.php for SQL injection"
"Enumerate directories on my local web server"
"Run nikto scan on my test application"

SalmanFaris7/kali-penetrationtest-mcp-server