Provides access to common Kali Linux security tools including nmap, sqlmap, hydra, john, nikto, aircrack-ng, and metasploit-framework for penetration testing and security analysis
Enables execution of Metasploit framework commands for penetration testing and vulnerability assessment through the MCP server's tool execution capabilities
kali-mcp-server
This project provides a Docker container that runs a Model Context Protocol (MCP) server on top of a Kali Linux base image. The server exposes common security tools so they can be invoked by an LLM through MCP or via a small Flask web API. Clients can discover which utilities are available and control execution timeouts to keep interactions safe.
Supported tools
The server currently allows the following Kali utilities to be run. More tools may be added by setting the EXTRA_TOOLS environment variable when the container is launched (comma separated list):
nmapsqlmaphydrajohnniktoaircrack-ngmetasploit-framework
Usage
Build the container and run it locally:
The MCP server listens on port 8000 by default. Use the run_tool MCP tool to invoke one of the supported commands with any desired arguments. The list_tools MCP tool returns the list of permitted utilities.
An HTTP API is also available on port 5000. Query the available tools with GET /tools and run a tool by POSTing JSON to the /run endpoint:
To enable HTTPS, mount a certificate and key and set the SSL_CERT and SSL_KEY environment variables when running the container:
This server cannot be installed
remote-capable server
The server can be hosted and run remotely because it primarily relies on remote services or has no dependency on the local environment.
Enables LLMs to execute common security testing tools like nmap, sqlmap, hydra, and metasploit through a secure Docker container. Provides controlled access to penetration testing utilities with configurable timeouts and tool discovery capabilities.