Kali MCP Server
A Kali Linux MCP server providing AI assistants with access to security tools.
Kali MCP Server
A production-ready MCP (Model Context Protocol) server running in a Kali Linux Docker container, providing AI assistants with access to 35 security tools covering the full offensive security lifecycle.
Overview
This project provides a Docker containerized MCP server that runs on Kali Linux, giving AI assistants (like Claude) access to a full suite of security and penetration testing tools. The server communicates via Server-Sent Events (SSE) or stdio and allows AI to execute commands in a controlled environment.
Quick Start
Building and Running the Container
# Quick start with the helper script
./run_docker.sh
# Or manually:
docker build -t kali-mcp-server .
docker run -p 8000:8000 kali-mcp-server
Connecting to Claude Desktop
- Edit your Claude Desktop config file at
~/Library/Application Support/Claude/claude_desktop_config.json:
{
"mcpServers": {
"kali-mcp-server": {
"transport": "sse",
"url": "http://localhost:8000/sse",
"command": "docker run -p 8000:8000 kali-mcp-server"
}
}
}
- Restart Claude Desktop
- Test with:
/run nmap -F localhost
Available MCP Tools (35)
Core Tools
| Tool | Description |
|---|---|
run | Execute shell commands in the Kali Linux environment |
fetch | Fetch and analyze web content from URLs |
resources | List available system resources and command examples |
Reconnaissance & Scanning
| Tool | Description |
|---|---|
port_scan | Smart nmap wrapper with scan presets (quick, full, stealth, udp, service, aggressive) |
dns_enum | Comprehensive DNS enumeration with zone transfer attempts |
network_discovery | Multi-stage network reconnaissance and discovery |
subdomain_enum | Subdomain enumeration using subfinder, amass, waybackurls |
recon_auto | Automated multi-stage reconnaissance pipeline |
Web Application Testing
| Tool | Description |
|---|---|
vulnerability_scan | Automated vulnerability assessment with multiple tools |
web_enumeration | Web application discovery and enumeration |
web_audit | Comprehensive web application security audit |
spider_website | Web crawling and spidering using gospider |
form_analysis | Discover and analyze web forms |
header_analysis | HTTP header security analysis |
ssl_analysis | SSL/TLS security assessment using testssl.sh |
Credential & Brute-Force Attacks
| Tool | Description |
|---|---|
hydra_attack | Brute-force credential testing via hydra (SSH, FTP, HTTP, SMB, MySQL, RDP, etc.) |
credential_store | Store/retrieve discovered credentials tied to sessions |
Payload & Exploit Tools
| Tool | Description |
|---|---|
payload_generate | Generate payloads using msfvenom (reverse shell, bind shell, meterpreter) |
reverse_shell | Generate reverse shell one-liners for bash, python, php, perl, powershell, nc, ruby, java |
exploit_search | Search for exploits using searchsploit |
Encoding & Hash Tools
| Tool | Description |
|---|---|
encode_decode | Multi-format encoding/decoding (base64, URL, hex, HTML, ROT13) |
hash_identify | Identify hash types with Hashcat mode and John format lookup |
Share Enumeration
| Tool | Description |
|---|---|
enum_shares | SMB/NFS share enumeration (smbclient, enum4linux, showmount) |
Output Parsing
| Tool | Description |
|---|---|
parse_nmap | Parse nmap text/XML output into structured JSON findings |
parse_tool_output | Parse output from nikto, gobuster, dirb, hydra, or sqlmap |
Evidence & Reporting
| Tool | Description |
|---|---|
save_output | Save content to timestamped files for evidence collection |
create_report | Generate structured reports (markdown, text, JSON) |
file_analysis | Analyze files (type detection, strings, hashes, metadata) |
download_file | Download files from URLs with hash verification |
Session Management
| Tool | Description |
|---|---|
session_create | Create a new pentest session |
session_list | List all sessions with metadata |
session_switch | Switch between sessions |
session_status | Show current session status |
session_delete | Delete a session and its evidence |
session_history | Show command history for current session |
Tool Details
port_scan - Smart Nmap Wrapper
Runs nmap with predefined scan presets, generating both text and XML output.
/port_scan target=192.168.1.1 scan_type=quick
/port_scan target=10.0.0.0/24 scan_type=aggressive ports=80,443,8080
Scan Presets:
| Preset | Nmap Flags |
|---|---|
quick | -F -sV |
full | -sS -sV -p- |
stealth | -sS -T2 --max-retries 1 |
udp | -sU --top-ports 100 |
service | -sV --version-intensity 5 -sC |
aggressive | -A -T4 |
dns_enum - DNS Enumeration
Queries all DNS record types and attempts zone transfers.
/dns_enum domain=example.com
/dns_enum domain=target.com record_types=a,mx,ns,txt
recon_auto - Automated Recon Pipeline
Runs a multi-stage reconnaissance pipeline with configurable depth.
/recon_auto target=example.com depth=quick
/recon_auto target=10.0.0.1 depth=standard
/recon_auto target=target.com depth=deep
Depth Levels:
| Depth | Phases |
|---|---|
quick | DNS enumeration, quick port scan, header analysis |
standard | + service scan, SSL analysis, exploit search |
deep | + subdomain enumeration, web enumeration, vulnerability scan |
hydra_attack - Brute-Force Testing
/hydra_attack target=192.168.1.1 service=ssh username=admin passlist=/usr/share/wordlists/rockyou.txt
/hydra_attack target=10.0.0.1 service=ftp userlist=users.txt passlist=passwords.txt threads=32
Supported Services: ssh, ftp, http-get, http-post-form, smb, mysql, rdp, telnet, vnc, pop3, imap, smtp
payload_generate - Msfvenom Payloads
/payload_generate payload_type=reverse_shell platform=linux lhost=10.0.0.1 lport=4444 format=elf
/payload_generate payload_type=meterpreter platform=windows lhost=10.0.0.1 format=exe
Payload Types: reverse_shell, bind_shell, meterpreter Platforms: linux, windows, osx, php, python Formats: elf, exe, raw, python, php, war
reverse_shell - Shell One-Liners
Generates ready-to-use reverse shell commands with listener hints.
/reverse_shell lhost=10.0.0.1 shell_type=bash lport=4444
/reverse_shell lhost=10.0.0.1 shell_type=python lport=9999
Shell Types: bash, python, php, perl, powershell, nc, ruby, java
encode_decode - Encoding Utility
/encode_decode data="hello world" operation=encode format=base64
/encode_decode data="aGVsbG8gd29ybGQ=" operation=decode format=base64
/encode_decode data="<script>alert(1)</script>" operation=encode format=html
Formats: base64, url, hex, html, rot13
hash_identify - Hash Identification
Identifies hash types by regex and returns Hashcat mode numbers and John format names.
/hash_identify hash_value=5d41402abc4b2a76b9719d911017c592
/hash_identify hash_value=$2y$10$abcdefghijklmnopqrstuuABCDEFGHIJKLMNOPQRSTUVWXYZ012345
Supported Types: MD5, SHA-1, SHA-256, SHA-512, bcrypt, SHA-512/256/MD5 Crypt, NTLM, Apache APR1, MySQL, Django
enum_shares - Share Enumeration
/enum_shares target=192.168.1.1 enum_type=all
/enum_shares target=10.0.0.1 enum_type=smb username=admin password=pass
Enum Types: smb (smbclient + enum4linux), nfs (showmount), all
credential_store - Credential Management
Stores discovered credentials as JSON tied to the active session.
/credential_store action=add username=admin password=pass123 service=ssh target=10.0.0.1
/credential_store action=list
/credential_store action=search username=admin
parse_nmap - Nmap Output Parser
Parses both text and XML nmap output into structured JSON with hosts, open ports, services, OS detection, and script output.
/parse_nmap filepath=port_scan_10_0_0_1_quick_20240101_120000.txt
/parse_nmap filepath=scan_results.xml
parse_tool_output - Generic Output Parser
Auto-detects and parses output from nikto, gobuster, dirb, hydra, or sqlmap.
/parse_tool_output filepath=nikto_results.txt
/parse_tool_output filepath=gobuster_output.txt tool_type=gobuster
vulnerability_scan
/vulnerability_scan target=127.0.0.1 scan_type=quick
/vulnerability_scan target=example.com scan_type=comprehensive
Scan Types: quick, comprehensive, web, network
web_enumeration
/web_enumeration target=http://example.com enumeration_type=full
Types: basic, full, aggressive
network_discovery
/network_discovery target=192.168.1.0/24 discovery_type=comprehensive
Types: quick, comprehensive, stealth
Pre-installed Tools
The Docker container includes the following tools, all enabled for use through the run command:
| Category | Tools |
|---|---|
| Network Scanning | nmap, masscan, netcat, tcpdump, tshark |
| Web Testing | nikto, gobuster, dirb, sqlmap, wfuzz, ffuf, feroxbuster, whatweb, wafw00f |
| Exploitation | metasploit-framework (msfconsole, msfvenom), searchsploit |
| Credential Attacks | hydra, hashcat, john |
| Information Gathering | whois, dig, nslookup, amass, subfinder, theharvester, recon-ng, fierce, dnsenum, dnsrecon |
| Web Crawling | gospider, waybackurls |
| Share Enumeration | smbclient, enum4linux, showmount (nfs-common) |
| SSL/TLS | testssl.sh, openssl |
| HTTP Probing | httpx-toolkit, curl, wget |
| File Analysis | file, strings, binwalk, exiftool, xxd, hexdump |
| Utilities | python3, perl, ruby, php, git, base64, jq |
All commands are allowed by default inside the container. The container itself is the security boundary - it runs as a non-root user with no access to the host filesystem.
Security Considerations
- Container isolation: The server runs inside an isolated Docker container as non-root user
mcpuser - Input sanitization: Shell metacharacters (
;,&,|) are stripped from all command input - No host access: The container has no access to the host filesystem or network stack
- Authorization required: Only use for legitimate security testing with proper authorization
- Local only: The container should not be exposed to the internet
Requirements
- Docker
- Claude Desktop or other MCP client (SSE or stdio)
- Port 8000 available on your host machine
Development
Setup
git clone https://github.com/yourusername/kali-mcp-server.git
cd kali-mcp-server
python -m venv .venv
source .venv/bin/activate
pip install -e ".[dev]"
Running Checks
# All checks
./run_tests.sh
# Individual
pyright # Type checking
ruff check . # Linting
ruff format . # Formatting
pytest # All tests
pytest tests/test_tools.py # Single file
pytest -k "session" # Pattern match
Architecture
Adding a new tool requires changes in three places:
kali_mcp_server/tools.py- Implement the async functionkali_mcp_server/server.py- Add dispatch inhandle_tool_request()and schema inlist_available_tools()tests/- Add tests in bothtest_tools.pyandtest_server.py
Acknowledgements
- Kali Linux for their security-focused distribution
- Anthropic for Claude and the MCP protocol
- The open-source security tools community
Related Servers
Scout Monitoring MCP
sponsorPut performance and error data directly in the hands of your AI assistant.
Alpha Vantage MCP Server
sponsorAccess financial market data: realtime & historical stock, ETF, options, forex, crypto, commodities, fundamentals, technical indicators, & more
MCP Framework
A TypeScript framework for building Model Context Protocol (MCP) servers.
Ollama MCP Server
Integrates Ollama's local LLM models with MCP-compatible applications. Requires a local Ollama installation.
MiniMax MCP JS
A JavaScript/TypeScript server for MiniMax MCP, offering image/video generation, text-to-speech, and voice cloning.
agentskill.sh
Search, discover, and install 55k+ AI agent skills for Claude Code, Cursor, Copilot, Windsurf, and more.
KiCad MCP Server
An MCP server for KiCad providing project management, PCB design analysis, BOM management, and design rule checking.
Authn8
Access your team's 2FA codes from AI agents without sharing secrets. List accounts, generate TOTP codes, and maintain full audit trails
Sensei MCP
Expert guidance for Dojo and Cairo development on Starknet, specializing in the Dojo ECS framework for building onchain worlds.
Vibetest Use
A browser-agent QA swarm with an MCP interface for testing AI-generated websites.
XcodeBuild MCP
A server providing tools for Xcode project management, simulator management, and app utilities.
DevBrain
Finds relevant code snippets, developer articles, and blog posts based on your queries.