Kali MCP Server

CHANGELOG.md•9.13 kB

# Changelog All notable changes to the Kali MCP Server project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). ## [1.0.0] - 2025-11-29 ### Added - Initial Release #### Core Infrastructure - MCP server implementation using `@modelcontextprotocol/sdk` - Stdio transport for local execution - TypeScript with strict type checking - Zod schema validation for all inputs - Comprehensive error handling and logging #### Security Features - Command allowlist with 20+ approved tools - Input validation (IP, CIDR, hostname, URL, port, path) - Shell injection prevention - Path traversal prevention - Output sanitization (passwords, keys, tokens) - Execution timeouts (configurable per tool) - Output size limits (10MB default) - Rate limiting (10/min, 100/hour) - Process isolation for all commands - Audit logging to stderr #### Network Tools (6) - `kali_network_nmap_scan` - Network port scanning - Multiple scan types (TCP SYN, Connect, UDP, ACK, NULL, FIN, XMAS) - Service version detection - OS fingerprinting - NSE script execution - Timing templates (T0-T5) - `kali_network_nmap_discover` - Host discovery - Ping, ARP, TCP, UDP, ICMP methods - `kali_network_masscan_scan` - High-speed port scanner - Configurable packet rate - Banner grabbing - `kali_network_netdiscover_scan` - ARP reconnaissance - Active and passive modes - Interface selection - `kali_network_tcpdump_capture` - Packet capture - BPF filtering - PCAP output - Configurable count and duration - `kali_network_tshark_capture` - Packet analysis - Display filters - Field extraction - JSON/XML output #### Web Security Tools (7) - `kali_web_gobuster_dir` - Directory enumeration - Wordlist-based scanning - File extension support - Multi-threaded - Status code filtering - `kali_web_gobuster_dns` - DNS subdomain enumeration - Custom DNS resolver - Multi-threaded - `kali_web_sqlmap_test` - SQL injection testing - Multiple injection techniques - DBMS detection - Configurable risk/level - Batch mode - `kali_web_nikto_scan` - Web vulnerability scanner - SSL/TLS support - Tuning options - `kali_web_wpscan_scan` - WordPress security scanner - Plugin enumeration - Theme enumeration - User enumeration - API token support - `kali_web_ffuf_fuzz` - Web fuzzer - FUZZ keyword support - Custom headers - POST data support - Multi-threaded - `kali_web_nuclei_scan` - Template-based scanner - CVE coverage - Severity filtering - Tag-based filtering - Custom templates #### Password Tools (3) - `kali_password_hydra_brute` - Network login brute-forcer - 10+ protocol support (SSH, FTP, HTTP, MySQL, SMB, RDP) - Username/password list support - Configurable threads - Verbose mode - `kali_password_john_crack` - John the Ripper - Multiple hash formats - Dictionary attacks - Rule-based attacks - Incremental mode - `kali_password_hashcat_crack` - GPU password cracker - 300+ hash type support - Multiple attack modes - Rule support - Mask support #### Exploit Tools (3) - `kali_exploit_searchsploit_search` - Exploit database search - Keyword search - CVE search - Platform filtering - Exploit type filtering - `kali_exploit_searchsploit_examine` - Exploit viewer - Syntax highlighting - Full exploit code display - `kali_exploit_msfvenom_generate` - Payload generator - Multiple payload types - Platform support (Windows, Linux, macOS, Android) - Architecture support (x86, x64) - Encoder support - Multiple output formats (EXE, ELF, raw, Python, PowerShell, etc.) #### Utilities - **Executor** (`src/utils/executor.ts`) - Safe command execution with timeouts - Process cleanup and error handling - Output capture (stdout/stderr) - Progress callback support - Command availability checking - Version detection - **Validator** (`src/utils/validator.ts`) - IPv4 validation - CIDR validation - Hostname validation - URL validation - Port range validation - Path validation - Interface validation - MAC/BSSID validation - Domain validation - Email validation - Hash validation - CVE validation - Wordlist path validation - **Formatter** (`src/utils/formatter.ts`) - Execution result formatting - Error message formatting - JSON formatting - Markdown formatting - Table formatting - List formatting - Progress formatting - Vulnerability formatting - Port scan result formatting - Duration formatting - File size formatting - **Parser** (`src/utils/parser.ts`) - Nmap output parsing - Gobuster output parsing - SQLMap output parsing - Nikto output parsing - Hydra output parsing - Searchsploit output parsing - theHarvester output parsing - WPScan output parsing - enum4linux output parsing - Binwalk output parsing - CVE extraction - IP extraction - URL extraction - Email extraction - Domain extraction #### Documentation - `README.md` - Comprehensive user guide - Feature overview - Tool reference - Security features - Configuration options - Common workflows - Troubleshooting - `INSTALL.md` - Installation and setup guide - Prerequisites - Step-by-step installation - Tool installation - Wordlist setup - Claude Desktop integration - Troubleshooting - Advanced configuration - `QUICKSTART.md` - 5-minute getting started guide - Quick installation - First test - Common tasks - All available tools - Integration with Claude - `PROJECT_SUMMARY.md` - Technical overview - Architecture - Implementation details - Statistics - Design decisions - `LICENSE` - MIT license with legal disclaimer - `CHANGELOG.md` - This file #### Configuration - Configurable tool paths via environment variables - Adjustable rate limits - Customizable timeouts per tool - Modifiable output size limits - Legal disclaimer on startup ### Security - All user inputs validated before execution - Command injection prevention - Path traversal prevention - Output sanitization for sensitive data - Execution timeout enforcement - Output size limits - Rate limiting - Audit logging ### Testing - MCP Inspector support for interactive testing - Example workflows documented - Manual testing procedures - Integration testing with Claude Desktop ## [Unreleased] ### Planned for Future Versions #### Tools (Priority 2) - Windows/AD tools: enum4linux, impacket, evil-winrm, kerbrute, responder - OSINT tools: theharvester, shodan, spiderfoot, amass, sublist3r - Wireless tools: aircrack-ng, aireplay-ng, airodump-ng, reaver, wifite, kismet #### Tools (Priority 3) - Forensics: binwalk, foremost - Shell tools: netcat, socat - Mobile: apktool - Anonymity: proxychains #### Features - [ ] Persistent scan result storage - [ ] Progress tracking for long-running scans - [ ] Scan result comparison and diffing - [ ] Automated report generation (PDF, HTML) - [ ] Integration with vulnerability databases (NVD, CVE) - [ ] HTTP/SSE transport support - [ ] Web UI for server management - [ ] Scan scheduling and queuing - [ ] Result export in multiple formats - [ ] Plugin system for custom tools - [ ] Advanced rate limiting with token bucket - [ ] Scan result database (SQLite) - [ ] API for programmatic access - [ ] Docker container support - [ ] Kubernetes deployment manifests - [ ] Prometheus metrics export - [ ] GraphQL API - [ ] WebSocket support for real-time updates #### Improvements - [ ] Better XML/JSON parsing for tool outputs - [ ] Enhanced error recovery - [ ] Retry logic for transient failures - [ ] Concurrent scan support - [ ] Result caching - [ ] Performance optimizations - [ ] Memory usage optimization - [ ] Streaming output for large scans - [ ] Incremental result delivery #### Documentation - [ ] Video tutorials - [ ] API documentation with examples - [ ] Architecture diagrams - [ ] Security audit report - [ ] Performance benchmarks - [ ] Best practices guide - [ ] Common attack scenarios - [ ] Tool comparison matrix ## Version History ### Version Numbering We use Semantic Versioning (MAJOR.MINOR.PATCH): - **MAJOR**: Incompatible API changes - **MINOR**: New functionality (backward compatible) - **PATCH**: Bug fixes (backward compatible) ### Release Schedule - **v1.0.0** (2025-11-29): Initial release with 20 tools - **v1.1.0** (Planned): Priority 2 tools (Windows, OSINT, Wireless) - **v1.2.0** (Planned): Priority 3 tools (Forensics, Mobile, Shells) - **v2.0.0** (Planned): Major architecture updates, HTTP transport ## Migration Guides ### Upgrading to 1.x from 0.x Not applicable - this is the initial release. ## Breaking Changes ### Version 1.0.0 Not applicable - initial release. ## Contributors - Initial development: Claude Code (AI Assistant) - Project specification: User - Testing and validation: TBD ## Acknowledgments - Anthropic for the Model Context Protocol - Offensive Security for Kali Linux - All security tool authors --- [1.0.0]: https://github.com/yourusername/kali-mcp-server/releases/tag/v1.0.0

Loading blob content...

Latest Blog Posts

Don't Use Large Strings as Cache Keys
By punkpeye on January 11, 2026.
markdown
node-js
cache
What are Claude Skills?
By punkpeye on January 10, 2026.
mcp
skills
How to Test MCP Streamable HTTP Endpoints Using cURL
By punkpeye on January 2, 2026.
tutorial
bash

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/azza39925/kali-mcp-server'

If you have feedback or need assistance with the MCP directory API, please join our Discord server

CHANGELOG.md•9.13 kB