Skip to main content
Glama
Stoicmehedi

K-MCP: Kali Model Context Protocol Server

by Stoicmehedi
OverviewSchemaRelated ServersScoreDiscussions
Python
Hybrid

K-MCP: Kali Model Context Protocol Server

K-MCP is a powerful API bridge that connects AI assistants (like Claude, GPT, etc.) to a Kali Linux terminal, enabling AI-driven penetration testing, CTF solving, and security research.

πŸ” Overview

K-MCP extends the capabilities of AI assistants by giving them direct access to the Kali Linux command line. This enables your AI partner to:

  • Execute security tools like nmap, gobuster, sqlmap, etc.

  • Interact with remote systems via SSH, Evil-WinRM, and similar tools

  • Solve CTF challenges in real-time

  • Help with machines from HackTheBox or TryHackMe

  • Automate repetitive security tasks

  • Assist during penetration tests

πŸš€ Key Features

  • 🧠 AI Integration: Works with Claude Desktop, 5ire, and other MCP-enabled AI interfaces

  • πŸ”§ Tool Access: Execute any Kali Linux security tool through a secure API

  • πŸ”„ Interactive Shell Sessions: Maintains persistent interactive sessions for SSH, Evil-WinRM, etc.

  • πŸ” Automatic Tool Detection: Intelligently detects and handles interactive vs. non-interactive tools

  • πŸ” Security Focus: Purpose-built for penetration testers, CTF players, and security researchers

  • πŸ“ Session Management: Track and manage multiple concurrent interactive sessions

  • 🌐 Network Tools Support: Full support for tools that require continuous network connection

πŸ“‹ Requirements

  • Kali Linux or similar security-focused distribution

  • Python 3.7+ on both server and client

  • An MCP-compatible AI interface (Claude Desktop, 5ire, etc.)

  • Network connectivity between the AI client and Kali server

πŸ› οΈ Installation

1. On Your Kali Linux Machine

# Clone the repository git clone https://github.com/YOUR-USERNAME/K-MCP.git # Navigate to project directory cd K-MCP #Install necessary dependencies pip install -r requirements.txt # Start the Kali server python3 kali_server.py

2: On Your Client Machine (Windows/Linux/Mac)

# Navigate to project directory cd K-MCP #Install necessary dependencies pip install -r requirements.txt #Edit the mcp_server.py file and change the ip DEFAULT_KALI_SERVER = "http://XXX.XXX.XX.XX:5000" # change to your linux IP # Run the MCP client, checking connectionto to your Kali server ( test purposes only ).You don't need to keep running this file. python mcp_server.py

3. Configure Claude Desktop

Edit C:\Users\USERNAME\AppData\Roaming\Claude\claude_desktop_config.json:

{ "mcpServers": { "kali_mcp": { "command": "python", "args": [ "E:\\Paste_your_path_to_code\\mcp_server.py" ] } } }

4: Run the claude desktop

Example Conversations with Claude

1. Basic Network Reconnaissance

User: Can you help me scan the target 192.168.1.100? Claude: I'll help you perform a basic network reconnaissance. Let's start with a quick port scan to identify open services. [Claude executes nmap_scan] nmap_scan( target="192.168.1.100", scan_type="-sV", ports="1-1000", additional_args="-T4" ) [After receiving results] I see several open ports. Let's check the web server on port 80 in more detail. [Claude executes gobuster_scan] gobuster_scan( url="http://192.168.1.100", mode="dir", wordlist="/usr/share/wordlists/dirb/common.txt", additional_args="-x php,html,txt" )

2. Web Application Testing

User: I found a login page at http://192.168.1.100/login.php. Can you help test it? Claude: I'll help you test the login page for common vulnerabilities. Let's start with SQL injection testing. [Claude executes sqlmap_scan] sqlmap_scan( url="http://192.168.1.100/login.php", data="username=admin&password=test", additional_args="--batch --level=5 --risk=3" ) [After receiving results] I see some potential SQL injection points. Let's also check for common directories that might reveal more information. [Claude executes nikto_scan] nikto_scan( target="http://192.168.1.100", additional_args="-h" )

3. Windows Machine Enumeration

User: I found a Windows machine at 192.168.1.100. Can you help enumerate it? Claude: I'll help you enumerate the Windows machine using multiple tools. Let's start with a basic Windows enumeration. [Claude executes enum4linux_scan] enum4linux_scan( target="192.168.1.100", additional_args="-a" )

πŸ’» Usage Examples

Running Security Tools

K-MCP lets your AI execute any Kali Linux tool directly:

execute_command("nmap -sV -p- 10.10.10.10") execute_command("gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt") execute_command("sqlmap -u 'http://target.com/page.php?id=1' --dbs")

Working with Interactive Tools

Interactive tools are automatically detected and handled:

execute_command("ssh user@10.10.10.10") execute_command("evil-winrm -i 10.129.27.195 -u htb-student -p 'Password123!'") execute_command("mysql -u root -p")

The system will:

  1. Recognize these as interactive commands

  2. Create a persistent session

  3. Return a session ID for further interaction

Interactive Session Management

Once a session is created:

# Send a command to the session interactive_send(session_id="your-session-id", command="whoami") # Read output without sending a command interactive_read(session_id="your-session-id") # Close the session when done interactive_close(session_id="your-session-id") # List all active sessions list_active_sessions()

Using Evil-WinRM Helper

For convenience with Evil-WinRM:

evil_winrm_connect( ip="10.129.27.195", username="htb-student", password="Password123!" )

πŸ” Security Considerations

  • This tool enables remote command execution on your system

  • Only use on secure networks or with proper network isolation

  • Consider implementing authentication for the API

  • Review all commands before allowing AI to execute them

  • Designed for educational and professional security testing - use responsibly

πŸ›€οΈ Advanced Use Cases

K-MCP enables AI to assist with many security tasks:

  • Network Discovery & Enumeration: Using nmap, enum4linux, and netcat

  • Web Application Testing: Using gobuster, sqlmap, nikto, etc.

  • Windows Domain Testing: Using impacket, CrackMapExec, and Evil-WinRM

  • Password Attacks: Using hydra, john, hashcat, etc.

  • Forensic Analysis: Using volatility, autopsy, and other tools

  • Exploit Development: For researching, modifying, and testing exploits

  • CTF Challenges: For real-time assistance in solving CTF tasks

🀝 Contributing

Contributions are welcome! Feel free to:

  • Report bugs and suggest features

  • Submit pull requests

  • Improve documentation

  • Share usage examples

⚠️ Disclaimer

K-MCP is intended solely for educational and authorized testing purposes. Any misuse of the information or tools provided β€” including unauthorized access, exploitation, or malicious activity β€” is strictly prohibited. The authors assume no responsibility for misuse.

πŸ“„ License

This project is licensed under the MIT License - see the LICENSE file for details.

πŸ™ Acknowledgements

  • Special thanks to the Kali Linux team for their amazing security distribution

This server cannot be installed

-
security - not tested
A
license - permissive license
-
quality - not tested

How are these scores calculated?

Resources

New MCP Servers

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/Stoicmehedi/K-MCP'

If you have feedback or need assistance with the MCP directory API, please join our Discord server