Kali MCP Server

Perform network port scanning using Nmap.

Nmap (Network Mapper) is a powerful network scanner for discovering hosts, services, and potential vulnerabilities.

Capabilities:

• TCP SYN, Connect, UDP, and stealth scans

• Service version detection (-sV)

• OS fingerprinting (-O, requires root)

• NSE script execution

• Multiple output formats

Usage Notes:

• TCP SYN scan requires root privileges

• Use appropriate timing for stealth vs speed

• Large port ranges increase scan time significantly

Example:

• Quick scan: target="192.168.1.1", ports="22,80,443"

• Full scan: target="10.0.0.0/24", ports="-", timing="aggressive"

Discover live hosts on a network using Nmap. Supports ping, ARP, TCP, UDP, and ICMP discovery methods.

High-speed port scanner capable of scanning the entire internet in minutes. Use with caution and proper authorization.

ARP reconnaissance tool for discovering hosts on a local network. Supports active and passive modes.

Capture network packets for analysis. Supports BPF filters and can save to PCAP files.

Wireshark CLI for packet capture and analysis with advanced filtering and multiple output formats.

Enumerate directories and files on web servers using wordlists.

Gobuster is a fast directory/file brute-forcing tool written in Go.

Features:

• Fast multi-threaded scanning

• Customizable file extensions

• Status code filtering

• Recursive scanning support

Example:

• Basic: url="https://example.com", wordlist="/usr/share/wordlists/dirb/common.txt"

• With extensions: url="https://example.com", extensions="php,html,txt"

Enumerate subdomains using DNS brute-forcing with wordlists.

Automated SQL injection testing and exploitation.

SQLMap automates the detection and exploitation of SQL injection vulnerabilities.

WARNING: Only use on systems you have authorization to test.

Features:

• Automatic SQL injection detection

• Database fingerprinting

• Data extraction

• Multiple injection techniques

Example:

• GET: url="https://example.com/page?id=1"

• POST: url="https://example.com/login", data="user=admin&pass=test", method="POST"

Comprehensive web server scanner for vulnerabilities, misconfigurations, and security issues.

WordPress security scanner for finding vulnerabilities in WordPress sites, themes, and plugins.

Fast web fuzzer for discovering hidden files, directories, and parameters. URL must contain FUZZ keyword.

Template-based vulnerability scanner with extensive CVE coverage and custom templates support.

Fast network login brute-forcer supporting many protocols.

Hydra is a parallelized login cracker which supports numerous protocols.

Supported Services:

• SSH, FTP, HTTP(S), MySQL, SMB, RDP, Telnet, and more

WARNING: Only use on systems you have authorization to test.

Example:

• SSH: target="192.168.1.1", service="ssh", username="admin", password_list="/usr/share/wordlists/rockyou.txt"

John the Ripper password cracker supporting many hash formats and attack modes.

Advanced password recovery tool using GPU acceleration. Supports 300+ hash types.

Search the Exploit Database for public exploits and vulnerability information.

SearchSploit is a command-line search tool for Exploit-DB.

Search Options:

• By software name/version

• By CVE identifier

• By platform (linux, windows, php, etc.)

• By exploit type (local, remote, webapps, dos)

Example:

• query="apache 2.4", platform="linux"

• cve="CVE-2021-44228"

Examine and display the contents of an exploit from searchsploit results.

Generate custom payloads for Metasploit Framework.

Msfvenom is a payload generator and encoder combining msfpayload and msfencode.

WARNING: Only use generated payloads for authorized security testing.

Common Payloads:

• windows/meterpreter/reverse_tcp

• linux/x64/shell_reverse_tcp

• php/meterpreter/reverse_tcp

Example:

• payload="linux/x64/shell_reverse_tcp", lhost="192.168.1.100", lport=4444, format="elf"