Runs security testing tools in a containerized Kali Linux environment, providing isolated execution of penetration testing utilities
Exposes penetration testing tools through HTTP API endpoints, enabling programmatic access to security scanning capabilities
Automates Docker image building and deployment pipeline for continuous integration of the pentesting server
Provides access to specialized penetration testing tools including nmap, nikto, sqlmap, wpscan, dirb, and searchsploit for security assessments
Kali MCP Pentest Server
A FastAPI-based MCP server running in a Kali Linux Docker container, exposing security tools (nmap, nikto, sqlmap, wpscan, dirb, searchsploit) via HTTP API for educational pentesting.
Features
HTTP API (port 8080) for each tool
Input sanitization
Non-root execution with required capabilities
Python virtual environment for dependency isolation
Dockerfile for reproducible builds
GitHub Actions workflow for CI/CD
Usage
Build the Docker image:
docker build -t kali-mcp-server .Run the container:
docker run -p 8080:8080 --cap-add=NET_RAW --cap-add=NET_ADMIN --cap-add=NET_BIND_SERVICE kali-mcp-serverAccess the API endpoints (POST requests):
/nmap(target)/nikto(target)/sqlmap(target)/wpscan(target)/dirb(target)/searchsploit(query)
GitHub Actions
Workflow in
.github/workflows/docker-build.ymlbuilds and pushes the Docker image to DockerHub on push tomain.Set
DOCKERHUB_USERNAMEandDOCKERHUB_TOKENsecrets in your repository.
Security
Runs as non-root user
Input sanitization to prevent command injection
Uses Python virtual environment to comply with PEP 668 (externally managed environment)
For educational use only
This server cannot be installed
remote-capable server
The server can be hosted and run remotely because it primarily relies on remote services or has no dependency on the local environment.
Enables users to perform security testing and penetration testing tasks through a Docker-based API that provides access to popular security tools like nmap, nikto, sqlmap, wpscan, dirb, and searchsploit. Designed for educational purposes with input sanitization and non-root execution for safer pentesting workflows.