Skip to main content
Glama

Kali MCP Pentest Server

by andrew-stclair
GitHub
Python
OverviewInspectNewEndpointsSchemaRelated ServersReviewsScore
Need Help?View Source CodeReport Issue

Kali MCP Pentest Server

A FastAPI-based MCP server running in a Kali Linux Docker container, exposing security tools (nmap, nikto, sqlmap, wpscan, dirb, searchsploit) via HTTP API for educational pentesting.

Features

  • HTTP API (port 8080) for each tool

  • Input sanitization

  • Non-root execution with required capabilities

  • Python virtual environment for dependency isolation

  • Dockerfile for reproducible builds

  • GitHub Actions workflow for CI/CD

Usage

Using Docker Compose (Recommended)

  1. Start the service:

    docker compose up -d

  2. View logs:

    docker compose logs -f

  3. Stop the service:

    docker compose down

Using Docker (Manual)

  1. Build the Docker image:

    docker build -t kali-mcp-server .

  2. Run the container:

    docker run -p 8080:8080 --cap-add=NET_RAW --cap-add=NET_ADMIN --cap-add=NET_BIND_SERVICE kali-mcp-server

API Endpoints

Access the API endpoints (POST requests):

  • /nmap (target)

  • /nikto (target)

  • /sqlmap (target)

  • /wpscan (target)

  • /dirb (target)

  • /searchsploit (query)

Example Usage

Test the API endpoints using curl:

# Test nmap scan curl -X POST -F "target=scanme.nmap.org" http://localhost:8080/nmap # Test searchsploit query curl -X POST -F "query=apache" http://localhost:8080/searchsploit # Check service status curl http://localhost:8080/

GitHub Actions

  • Workflow in .github/workflows/docker-build.yml builds the Docker image on pull requests and pushes to GitHub Container Registry only on merge to main.

  • Uses GitHub token authentication for container registry access.

Security

  • Runs as non-root user

  • Input sanitization to prevent command injection

  • Uses Python virtual environment to comply with PEP 668 (externally managed environment)

  • For educational use only

This server cannot be installed

-
security - not tested
F
license - not found
-
quality - not tested

How are these scores calculated?

remote-capable server

The server can be hosted and run remotely because it primarily relies on remote services or has no dependency on the local environment.

Enables users to perform security testing and penetration testing tasks through a Docker-based API that provides access to popular security tools like nmap, nikto, sqlmap, wpscan, dirb, and searchsploit. Designed for educational purposes with input sanitization and non-root execution for safer pentesting workflows.

  1. Features
    1. Usage
      1. Using Docker Compose (Recommended)
      2. Using Docker (Manual)
      3. API Endpoints
      4. Example Usage
    2. GitHub Actions
      1. Security

        New MCP Servers

        MCP directory API

        We provide all the information about MCP servers via our MCP API.

        curl -X GET 'https://glama.ai/api/mcp/v1/servers/andrew-stclair/kali-mcp-server'

        If you have feedback or need assistance with the MCP directory API, please join our Discord server