Skip to main content
Glama

Kali MCP Server

by JesseEikeland
OverviewInspectNewSchemaRelated ServersScore
Python
Hybrid
  • Linux
  • Apple

πŸ” Kali MCP Server

Model Context Protocol (MCP) server with comprehensive Kali Linux penetration testing tools.

License: MIT Docker Kali Linux

⚠️ LEGAL DISCLAIMER

THIS TOOL IS FOR EDUCATIONAL PURPOSES ONLY!

βœ“ Only use on systems you own or have explicit written permission to test
βœ“ Comply with all applicable laws and regulations
βœ“ Understand that unauthorized access to computer systems is illegal
βœ“ Take full responsibility for your actions

Unauthorized access to computer systems is a crime. Use at your own risk!

πŸš€ Features

This MCP server provides access to 20+ professional penetration testing tools:

🌐 Network Scanning

  • nmap - Network mapper and port scanner

  • masscan - Ultra-fast port scanner

πŸ•·οΈ Web Vulnerability Scanners

  • nikto - Web server vulnerability scanner

  • wpscan - WordPress security scanner

  • whatweb - Web technology identifier

  • wafw00f - Web Application Firewall detector

πŸ“‚ Directory/File Enumeration

  • dirb - Directory brute forcer

  • gobuster - Fast directory/DNS/vhost brute forcer

πŸ’‰ Exploitation Tools

  • sqlmap - SQL injection detection and exploitation

  • searchsploit - Exploit database search

πŸ” DNS Enumeration

  • dnsrecon - DNS enumeration and scanning

  • dnsenum - DNS enumeration tool

πŸ”’ SSL/TLS Testing

  • sslscan - SSL/TLS configuration tester

πŸ”“ Password Cracking

  • hydra - Network login brute forcer

  • john - John the Ripper password cracker

  • hashcat - Advanced password recovery

🦠 Windows/SMB Enumeration

  • enum4linux - Windows and Samba enumeration

πŸ“‘ Additional Tools

  • Metasploit Framework

  • Burp Suite

  • Aircrack-ng suite

  • And many more!

πŸ“¦ Installation

Prerequisites

  • Docker and Docker Compose installed

  • At least 4GB of free disk space

  • Linux/macOS or Windows with WSL2

Quick Start

  1. Clone the repository:

git clone https://github.com/JesseEikeland/kali-mcp.git cd kali-mcp

  1. Build the Docker container:

docker-compose build

⏰ This will take 10-15 minutes as it downloads and installs all tools.

  1. Start the server:

docker-compose up -d

  1. Access the container:

docker-compose exec kali-mcp bash

  1. Run the MCP server:

python3 server.py

πŸ› οΈ Usage

Available MCP Tools

🌐 Network Scanning

# Basic nmap scan nmap_scan(target="192.168.1.1", scan_type="basic") # Full port scan nmap_scan(target="example.com", scan_type="full") # Vulnerability scan nmap_scan(target="192.168.1.1", scan_type="vuln") # Fast masscan masscan_scan(target="192.168.1.0/24", ports="1-1000", rate=1000)

πŸ•·οΈ Web Scanning

# Nikto web scan nikto_scan(target="http://example.com", ssl=False) # WordPress scan wpscan_scan(target="http://example.com", enumerate="vp,vt,u") # Identify web technologies whatweb_scan(target="http://example.com", aggression=1) # Detect WAF wafw00f_detect(target="http://example.com")

πŸ“‚ Directory Brute Force

# Dirb scan dirb_scan(target="http://example.com") # Gobuster directory scan gobuster_scan(target="http://example.com", mode="dir") # Gobuster DNS enumeration gobuster_scan(target="example.com", mode="dns")

πŸ’‰ SQL Injection Testing

# Basic SQLMap scan sqlmap_scan(target="http://example.com/page?id=1") # With POST data sqlmap_scan(target="http://example.com/login", data="username=admin&password=test") # With cookies sqlmap_scan(target="http://example.com/page", cookie="PHPSESSID=abc123")

πŸ” Exploit Search

# Search for exploits searchsploit_search(query="wordpress") # Exact match search searchsploit_search(query="Apache 2.4.49", exact=True)

🌐 DNS Enumeration

# DNS reconnaissance dnsrecon_scan(domain="example.com", scan_type="std") # DNS enumeration dnsenum_scan(domain="example.com")

πŸ”’ SSL/TLS Testing

# Test SSL configuration sslscan_test(target="example.com:443")

πŸ”“ Password Cracking

# Brute force SSH hydra_bruteforce( target="192.168.1.1", service="ssh", username="admin", wordlist="/usr/share/wordlists/rockyou.txt" )

🦠 SMB/Windows Enumeration

# Enumerate Windows/Samba enum4linux_scan(target="192.168.1.1")

πŸ”§ Utility Functions

# List available wordlists list_wordlists() # Get legal disclaimer get_disclaimer()

πŸ—οΈ Architecture

kali-mcp/ β”œβ”€β”€ Dockerfile # Kali Linux container with all tools β”œβ”€β”€ docker-compose.yml # Container orchestration β”œβ”€β”€ server.py # FastMCP server with tool wrappers β”œβ”€β”€ requirements.txt # Python dependencies β”œβ”€β”€ README.md # This file β”œβ”€β”€ SETUP.md # Quick setup guide β”œβ”€β”€ LICENSE # MIT License β”œβ”€β”€ .gitignore # Git ignore rules β”œβ”€β”€ scans/ # Scan results (created on first run) └── wordlists/ # Custom wordlists (optional)

How It Works

  1. Docker Container: Runs Kali Linux with all penetration testing tools installed

  2. MCP Server: Python FastMCP server wraps each tool with safe input sanitization

  3. Non-Root User: Runs as pentester user with minimal required capabilities

  4. Input Sanitization: All inputs are sanitized to prevent command injection

  5. Timeouts: Commands have configurable timeouts to prevent hanging

πŸ”’ Security Features

  • βœ“ Runs as non-root user (pentester)

  • βœ“ Input sanitization on all parameters

  • βœ“ Command injection prevention

  • βœ“ Timeout limits on all operations

  • βœ“ No new privileges security option

  • βœ“ Resource limits (CPU/Memory)

  • βœ“ Minimal required capabilities (NET_RAW, NET_ADMIN)

πŸŽ“ Learning Resources

Recommended Platforms

Books

  • "The Web Application Hacker's Handbook" by Dafydd Stuttard

  • "Penetration Testing" by Georgia Weidman

  • "The Hacker Playbook 3" by Peter Kim

YouTube Channels

  • NetworkChuck

  • IppSec

  • John Hammond

  • The Cyber Mentor

πŸ› Troubleshooting

Container won't start

# Check logs docker-compose logs kali-mcp # Rebuild container docker-compose down docker-compose build --no-cache docker-compose up -d

Permission errors

# Fix scan directory permissions sudo chown -R $USER:$USER ./scans

Tools not found

# Update package lists docker-compose exec kali-mcp apt-get update # Install missing tool docker-compose exec kali-mcp apt-get install -y <tool-name>

πŸ“ Configuration

Environment Variables

Edit docker-compose.yml to customize:

environment: - MAX_TIMEOUT=300 # Maximum command timeout (seconds) - SCAN_RESULTS_DIR=/home/pentester/scans

Custom Wordlists

Place your wordlists in the ./wordlists directory:

mkdir -p wordlists cp /path/to/custom.txt wordlists/

🀝 Contributing

Contributions are welcome! Please:

  1. Fork the repository

  2. Create a feature branch

  3. Make your changes

  4. Submit a pull request

πŸ“„ License

MIT License - See LICENSE file for details

Important: This license applies to the code only. You are solely responsible for how you use this software.

βš–οΈ Legal Notice

READ THIS CAREFULLY:

This tool is provided for educational and authorized testing purposes only.

By using this software, you agree that:

  1. You will only use it on systems you own or have explicit written authorization to test

  2. You understand that unauthorized computer access is illegal

  3. You take full responsibility for your actions

  4. The authors and contributors are not liable for any misuse or damage

Always get written permission before testing!

πŸ™ Acknowledgments

  • Kali Linux Team - For the amazing pentesting distribution

  • FastMCP - For the MCP server framework

  • Tool Authors - For creating these incredible security tools

  • NetworkChuck - For inspiring this project

πŸ“ž Support

πŸ—ΊοΈ Roadmap

  • Add Metasploit integration

  • Web UI for easier interaction

  • Report generation (PDF/HTML)

  • Automated vulnerability chains

  • Integration with CVE databases

  • Custom scan profiles

  • Scheduled scanning

  • Multi-target support

Remember: With great power comes great responsibility. Use wisely! 🦸

Made with ❀️ for the security community

This server cannot be installed

-
security - not tested
F
license - not found
-
quality - not tested

How are these scores calculated?

Related Resources

New MCP Servers

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/JesseEikeland/kali-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server