Kali Metasploit MCP Server

Instructions

Implementation Reference

• src/index.ts:248-286 (handler)

  The handler for the 'search_exploits' tool. It extracts query and optional platform from arguments, constructs the msfconsole search command, executes it using executeMsfCommand helper, and returns formatted JSON results or error.
  case "search_exploits": { const { query, platform } = args as { query: string; platform?: string }; const commands = platform ? [`search platform:${platform} ${query}`] : [`search ${query}`]; try { const results = await executeMsfCommand(commands); return { content: [ { type: "text", text: JSON.stringify( { success: true, query, platform: platform || null, results, }, null, 2 ), }, ], }; } catch (error: any) { return { content: [ { type: "text", text: JSON.stringify({ success: false, error: error.message, }), }, ], }; } }
• src/index.ts:72-89 (registration)

  Registration of the 'search_exploits' tool in the tools array, defining its name, description, and input schema for MCP protocol compliance.
  { name: "search_exploits", description: "Search for exploits in Metasploit database", inputSchema: { type: "object", properties: { query: { type: "string", description: "Search query (e.g., 'windows smb', 'apache', 'CVE-2021-44228')", }, platform: { type: "string", description: "Optional: Filter by platform (windows, linux, etc.)", }, }, required: ["query"], }, },
• src/index.ts:27-40 (helper)

  Shared helper function used by search_exploits handler to execute Metasploit console commands asynchronously with timeout and buffer limits.
  async function executeMsfCommand(commands: string[]): Promise<string> { const commandString = commands.join("; "); const fullCommand = `msfconsole -q -x "${commandString}; exit"`; try { const { stdout, stderr } = await execAsync(fullCommand, { timeout: 60000, // 60 second timeout maxBuffer: 10 * 1024 * 1024, // 10MB buffer }); return stdout || stderr; } catch (error: any) { throw new Error(error.message || "Command execution failed"); } }