Kali MCP Server

index.ts•14.3 kB

#!/usr/bin/env node /** * Kali Linux MCP Server * Exposes security testing tools through the Model Context Protocol */ import { Server } from "@modelcontextprotocol/sdk/server/index.js"; import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js"; import { CallToolRequestSchema, CallToolResult, ListToolsRequestSchema, Tool, } from "@modelcontextprotocol/sdk/types.js"; import { LEGAL_DISCLAIMER } from "./constants.js"; // Import schemas import { NmapScanSchema, NmapDiscoverSchema, MasscanSchema, NetdiscoverSchema, TcpdumpSchema, TsharkSchema, } from "./schemas/network.schemas.js"; import { GobusterDirSchema, GobusterDnsSchema, SQLMapSchema, NiktoSchema, WPScanSchema, FfufSchema, NucleiSchema, } from "./schemas/web.schemas.js"; import { HydraSchema, JohnSchema, HashcatSchema, } from "./schemas/password.schemas.js"; import { SearchsploitSearchSchema, SearchsploitExamineSchema, MsfvenomSchema, } from "./schemas/exploit.schemas.js"; // Import tool handlers import { nmapScan, nmapDiscover, masscan, netdiscover, tcpdump, tshark } from "./tools/network.js"; import { gobusterDir, gobusterDns, sqlmap, nikto, wpscan, ffuf, nuclei } from "./tools/web.js"; import { hydra, john, hashcat } from "./tools/password.js"; import { searchsploitSearch, searchsploitExamine, msfvenom } from "./tools/exploit.js"; /** * Convert Zod schema to JSON Schema */ function zodToJsonSchema(zodSchema: any): any { // This is a simplified converter // For production, consider using zod-to-json-schema library const shape = zodSchema._def?.shape?.(); if (!shape) return { type: "object" }; const properties: Record<string, any> = {}; const required: string[] = []; for (const [key, value] of Object.entries(shape)) { const zodField = value as any; // Get description const description = zodField._def?.description || ""; // Determine type let fieldSchema: any = {}; const typeName = zodField._def?.typeName; if (typeName === "ZodString") { fieldSchema.type = "string"; } else if (typeName === "ZodNumber") { fieldSchema.type = "number"; } else if (typeName === "ZodBoolean") { fieldSchema.type = "boolean"; } else if (typeName === "ZodEnum") { fieldSchema.type = "string"; fieldSchema.enum = zodField._def?.values || []; } else if (typeName === "ZodArray") { fieldSchema.type = "array"; fieldSchema.items = { type: "string" }; } else if (typeName === "ZodObject") { fieldSchema.type = "object"; } else if (typeName === "ZodDefault") { const innerType = zodField._def?.innerType; fieldSchema = zodToJsonSchema(innerType).properties?.[key] || { type: "string" }; if (zodField._def?.defaultValue) { fieldSchema.default = zodField._def.defaultValue(); } } else if (typeName === "ZodOptional") { const innerType = zodField._def?.innerType; if (innerType) { const innerSchema = zodToJsonSchema(innerType); fieldSchema = innerSchema.properties?.[Object.keys(innerSchema.properties || {})[0]!] || { type: "string" }; } } else { fieldSchema.type = "string"; } if (description) { fieldSchema.description = description; } properties[key] = fieldSchema; // Check if required if (!zodField.isOptional?.() && typeName !== "ZodDefault") { required.push(key); } } return { type: "object", properties, required: required.length > 0 ? required : undefined, }; } /** * Initialize MCP server */ const server = new Server( { name: "kali-mcp-server", version: "1.0.0", }, { capabilities: { tools: {}, }, } ); /** * Tool definitions */ const tools: Tool[] = [ // Network tools { name: "kali_network_nmap_scan", description: `Perform network port scanning using Nmap. Nmap (Network Mapper) is a powerful network scanner for discovering hosts, services, and potential vulnerabilities. **Capabilities:** - TCP SYN, Connect, UDP, and stealth scans - Service version detection (-sV) - OS fingerprinting (-O, requires root) - NSE script execution - Multiple output formats **Usage Notes:** - TCP SYN scan requires root privileges - Use appropriate timing for stealth vs speed - Large port ranges increase scan time significantly **Example:** - Quick scan: target="192.168.1.1", ports="22,80,443" - Full scan: target="10.0.0.0/24", ports="-", timing="aggressive"`, inputSchema: zodToJsonSchema(NmapScanSchema), }, { name: "kali_network_nmap_discover", description: "Discover live hosts on a network using Nmap. Supports ping, ARP, TCP, UDP, and ICMP discovery methods.", inputSchema: zodToJsonSchema(NmapDiscoverSchema), }, { name: "kali_network_masscan_scan", description: "High-speed port scanner capable of scanning the entire internet in minutes. Use with caution and proper authorization.", inputSchema: zodToJsonSchema(MasscanSchema), }, { name: "kali_network_netdiscover_scan", description: "ARP reconnaissance tool for discovering hosts on a local network. Supports active and passive modes.", inputSchema: zodToJsonSchema(NetdiscoverSchema), }, { name: "kali_network_tcpdump_capture", description: "Capture network packets for analysis. Supports BPF filters and can save to PCAP files.", inputSchema: zodToJsonSchema(TcpdumpSchema), }, { name: "kali_network_tshark_capture", description: "Wireshark CLI for packet capture and analysis with advanced filtering and multiple output formats.", inputSchema: zodToJsonSchema(TsharkSchema), }, // Web tools { name: "kali_web_gobuster_dir", description: `Enumerate directories and files on web servers using wordlists. Gobuster is a fast directory/file brute-forcing tool written in Go. **Features:** - Fast multi-threaded scanning - Customizable file extensions - Status code filtering - Recursive scanning support **Example:** - Basic: url="https://example.com", wordlist="/usr/share/wordlists/dirb/common.txt" - With extensions: url="https://example.com", extensions="php,html,txt"`, inputSchema: zodToJsonSchema(GobusterDirSchema), }, { name: "kali_web_gobuster_dns", description: "Enumerate subdomains using DNS brute-forcing with wordlists.", inputSchema: zodToJsonSchema(GobusterDnsSchema), }, { name: "kali_web_sqlmap_test", description: `Automated SQL injection testing and exploitation. SQLMap automates the detection and exploitation of SQL injection vulnerabilities. **WARNING:** Only use on systems you have authorization to test. **Features:** - Automatic SQL injection detection - Database fingerprinting - Data extraction - Multiple injection techniques **Example:** - GET: url="https://example.com/page?id=1" - POST: url="https://example.com/login", data="user=admin&pass=test", method="POST"`, inputSchema: zodToJsonSchema(SQLMapSchema), }, { name: "kali_web_nikto_scan", description: "Comprehensive web server scanner for vulnerabilities, misconfigurations, and security issues.", inputSchema: zodToJsonSchema(NiktoSchema), }, { name: "kali_web_wpscan_scan", description: "WordPress security scanner for finding vulnerabilities in WordPress sites, themes, and plugins.", inputSchema: zodToJsonSchema(WPScanSchema), }, { name: "kali_web_ffuf_fuzz", description: "Fast web fuzzer for discovering hidden files, directories, and parameters. URL must contain FUZZ keyword.", inputSchema: zodToJsonSchema(FfufSchema), }, { name: "kali_web_nuclei_scan", description: "Template-based vulnerability scanner with extensive CVE coverage and custom templates support.", inputSchema: zodToJsonSchema(NucleiSchema), }, // Password tools { name: "kali_password_hydra_brute", description: `Fast network login brute-forcer supporting many protocols. Hydra is a parallelized login cracker which supports numerous protocols. **Supported Services:** - SSH, FTP, HTTP(S), MySQL, SMB, RDP, Telnet, and more **WARNING:** Only use on systems you have authorization to test. **Example:** - SSH: target="192.168.1.1", service="ssh", username="admin", password_list="/usr/share/wordlists/rockyou.txt"`, inputSchema: zodToJsonSchema(HydraSchema), }, { name: "kali_password_john_crack", description: "John the Ripper password cracker supporting many hash formats and attack modes.", inputSchema: zodToJsonSchema(JohnSchema), }, { name: "kali_password_hashcat_crack", description: "Advanced password recovery tool using GPU acceleration. Supports 300+ hash types.", inputSchema: zodToJsonSchema(HashcatSchema), }, // Exploit tools { name: "kali_exploit_searchsploit_search", description: `Search the Exploit Database for public exploits and vulnerability information. SearchSploit is a command-line search tool for Exploit-DB. **Search Options:** - By software name/version - By CVE identifier - By platform (linux, windows, php, etc.) - By exploit type (local, remote, webapps, dos) **Example:** - query="apache 2.4", platform="linux" - cve="CVE-2021-44228"`, inputSchema: zodToJsonSchema(SearchsploitSearchSchema), }, { name: "kali_exploit_searchsploit_examine", description: "Examine and display the contents of an exploit from searchsploit results.", inputSchema: zodToJsonSchema(SearchsploitExamineSchema), }, { name: "kali_exploit_msfvenom_generate", description: `Generate custom payloads for Metasploit Framework. Msfvenom is a payload generator and encoder combining msfpayload and msfencode. **WARNING:** Only use generated payloads for authorized security testing. **Common Payloads:** - windows/meterpreter/reverse_tcp - linux/x64/shell_reverse_tcp - php/meterpreter/reverse_tcp **Example:** - payload="linux/x64/shell_reverse_tcp", lhost="192.168.1.100", lport=4444, format="elf"`, inputSchema: zodToJsonSchema(MsfvenomSchema), }, ]; /** * List tools handler */ server.setRequestHandler(ListToolsRequestSchema, async () => { return { tools }; }); /** * Call tool handler */ server.setRequestHandler(CallToolRequestSchema, async (request): Promise<CallToolResult> => { const { name, arguments: args } = request.params; try { // Network tools if (name === "kali_network_nmap_scan") { const input = NmapScanSchema.parse(args); return await nmapScan(input); } else if (name === "kali_network_nmap_discover") { const input = NmapDiscoverSchema.parse(args); return await nmapDiscover(input); } else if (name === "kali_network_masscan_scan") { const input = MasscanSchema.parse(args); return await masscan(input); } else if (name === "kali_network_netdiscover_scan") { const input = NetdiscoverSchema.parse(args); return await netdiscover(input); } else if (name === "kali_network_tcpdump_capture") { const input = TcpdumpSchema.parse(args); return await tcpdump(input); } else if (name === "kali_network_tshark_capture") { const input = TsharkSchema.parse(args); return await tshark(input); } // Web tools else if (name === "kali_web_gobuster_dir") { const input = GobusterDirSchema.parse(args); return await gobusterDir(input); } else if (name === "kali_web_gobuster_dns") { const input = GobusterDnsSchema.parse(args); return await gobusterDns(input); } else if (name === "kali_web_sqlmap_test") { const input = SQLMapSchema.parse(args); return await sqlmap(input); } else if (name === "kali_web_nikto_scan") { const input = NiktoSchema.parse(args); return await nikto(input); } else if (name === "kali_web_wpscan_scan") { const input = WPScanSchema.parse(args); return await wpscan(input); } else if (name === "kali_web_ffuf_fuzz") { const input = FfufSchema.parse(args); return await ffuf(input); } else if (name === "kali_web_nuclei_scan") { const input = NucleiSchema.parse(args); return await nuclei(input); } // Password tools else if (name === "kali_password_hydra_brute") { const input = HydraSchema.parse(args); return await hydra(input); } else if (name === "kali_password_john_crack") { const input = JohnSchema.parse(args); return await john(input); } else if (name === "kali_password_hashcat_crack") { const input = HashcatSchema.parse(args); return await hashcat(input); } // Exploit tools else if (name === "kali_exploit_searchsploit_search") { const input = SearchsploitSearchSchema.parse(args); return await searchsploitSearch(input); } else if (name === "kali_exploit_searchsploit_examine") { const input = SearchsploitExamineSchema.parse(args); return await searchsploitExamine(input); } else if (name === "kali_exploit_msfvenom_generate") { const input = MsfvenomSchema.parse(args); return await msfvenom(input); } // Unknown tool else { return { isError: true, content: [ { type: "text", text: `Unknown tool: ${name}`, }, ], }; } } catch (error: any) { // Zod validation error if (error?.name === "ZodError") { return { isError: true, content: [ { type: "text", text: `Invalid arguments: ${JSON.stringify(error.errors, null, 2)}`, }, ], }; } // Other errors return { isError: true, content: [ { type: "text", text: `Error: ${error?.message || String(error)}`, }, ], }; } }); /** * Main entry point */ async function main() { // Display legal disclaimer console.error(LEGAL_DISCLAIMER); const transport = new StdioServerTransport(); await server.connect(transport); console.error("Kali MCP Server running on stdio"); console.error(`Registered ${tools.length} security tools`); console.error("Ready for requests"); } // Run server main().catch((error) => { console.error("Fatal error:", error); process.exit(1); });

Loading blob content...

Latest Blog Posts

Don't Use Large Strings as Cache Keys
By punkpeye on January 11, 2026.
markdown
node-js
cache
What are Claude Skills?
By punkpeye on January 10, 2026.
mcp
skills
How to Test MCP Streamable HTTP Endpoints Using cURL
By punkpeye on January 2, 2026.
tutorial
bash

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/azza39925/kali-mcp-server'

If you have feedback or need assistance with the MCP directory API, please join our Discord server

index.ts•14.3 kB