/**
* Constants for Kali MCP Server
*/
/**
* Default execution timeout (5 minutes)
*/
export const DEFAULT_TIMEOUT = 300000;
/**
* Maximum execution timeout (10 minutes)
*/
export const MAX_TIMEOUT = 600000;
/**
* Maximum output size (10MB)
*/
export const MAX_OUTPUT_SIZE = 10 * 1024 * 1024;
/**
* Default rate limits
*/
export const DEFAULT_RATE_LIMIT = {
maxPerMinute: 10,
maxPerHour: 100,
};
/**
* Allowed commands (security allowlist)
*/
export const ALLOWED_COMMANDS = new Set([
// Network tools
"nmap",
"masscan",
"netdiscover",
"hping3",
"tcpdump",
"tshark",
// Web tools
"gobuster",
"nikto",
"sqlmap",
"wpscan",
"ffuf",
"nuclei",
// Password tools
"hydra",
"john",
"hashcat",
"medusa",
"crackmapexec",
// Exploit tools
"msfconsole",
"searchsploit",
"msfvenom",
// Wireless tools
"aircrack-ng",
"aireplay-ng",
"airodump-ng",
"reaver",
"wifite",
"kismet",
// Windows tools
"enum4linux",
"smbclient",
"evil-winrm",
"kerbrute",
"responder",
// OSINT tools
"theHarvester",
"shodan",
"spiderfoot",
"amass",
"sublist3r",
// Forensics tools
"binwalk",
"foremost",
// Shell tools
"nc",
"netcat",
"socat",
// Anonymity tools
"proxychains",
"proxychains4",
// Mobile tools
"apktool",
]);
/**
* Tool paths (can be overridden by environment variables)
*/
export const TOOL_PATHS: Record<string, string> = {
nmap: process.env.NMAP_PATH || "nmap",
masscan: process.env.MASSCAN_PATH || "masscan",
gobuster: process.env.GOBUSTER_PATH || "gobuster",
sqlmap: process.env.SQLMAP_PATH || "sqlmap",
hydra: process.env.HYDRA_PATH || "hydra",
searchsploit: process.env.SEARCHSPLOIT_PATH || "searchsploit",
nikto: process.env.NIKTO_PATH || "nikto",
wpscan: process.env.WPSCAN_PATH || "wpscan",
ffuf: process.env.FFUF_PATH || "ffuf",
nuclei: process.env.NUCLEI_PATH || "nuclei",
john: process.env.JOHN_PATH || "john",
hashcat: process.env.HASHCAT_PATH || "hashcat",
msfconsole: process.env.MSF_PATH || "msfconsole",
msfvenom: process.env.MSFVENOM_PATH || "msfvenom",
theHarvester: process.env.THEHARVESTER_PATH || "theHarvester",
amass: process.env.AMASS_PATH || "amass",
enum4linux: process.env.ENUM4LINUX_PATH || "enum4linux",
binwalk: process.env.BINWALK_PATH || "binwalk",
netcat: process.env.NETCAT_PATH || "nc",
proxychains: process.env.PROXYCHAINS_PATH || "proxychains4",
apktool: process.env.APKTOOL_PATH || "apktool",
};
/**
* Common wordlists (Kali Linux default paths)
*/
export const WORDLISTS = {
rockyou: "/usr/share/wordlists/rockyou.txt",
dirb_common: "/usr/share/wordlists/dirb/common.txt",
dirb_big: "/usr/share/wordlists/dirb/big.txt",
dirbuster_medium: "/usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt",
seclists_common: "/usr/share/seclists/Discovery/Web-Content/common.txt",
seclists_passwords: "/usr/share/seclists/Passwords/Common-Credentials/10-million-password-list-top-1000000.txt",
};
/**
* Sensitive patterns to redact from output
*/
export const SENSITIVE_PATTERNS = [
/password[=:]\s*\S+/gi,
/passwd[=:]\s*\S+/gi,
/secret[=:]\s*\S+/gi,
/key[=:]\s*\S+/gi,
/token[=:]\s*\S+/gi,
/api[_-]?key[=:]\s*\S+/gi,
/authorization[=:]\s*\S+/gi,
/bearer\s+\S+/gi,
];
/**
* Legal disclaimer
*/
export const LEGAL_DISCLAIMER = `
⚠️ LEGAL NOTICE ⚠️
This tool is intended for AUTHORIZED security testing only.
- You MUST have explicit written permission to test any systems
- Unauthorized access to computer systems is ILLEGAL
- Users are responsible for ensuring proper authorization
- The authors assume NO LIABILITY for misuse of this tool
By using this tool, you acknowledge that you have proper authorization
and accept full responsibility for your actions.
`;
/**
* Tool-specific timeouts (in milliseconds)
*/
export const TOOL_TIMEOUTS: Record<string, number> = {
nmap: 600000, // 10 minutes
masscan: 300000, // 5 minutes
gobuster: 600000, // 10 minutes
sqlmap: 1800000, // 30 minutes
hydra: 1800000, // 30 minutes
nikto: 600000, // 10 minutes
wpscan: 600000, // 10 minutes
nuclei: 600000, // 10 minutes
john: 3600000, // 60 minutes
hashcat: 3600000, // 60 minutes
searchsploit: 30000, // 30 seconds
binwalk: 300000, // 5 minutes
};
