🛡️ Kali MCP Server

A production-ready MCP (Model Context Protocol) server running in a Kali Linux Docker container, providing AI assistants with access to a comprehensive security toolset.

📋 Overview

This project provides a Docker containerized MCP server that runs on Kali Linux, giving AI assistants (like Claude) access to a full suite of security and penetration testing tools. The server communicates via Server-Sent Events (SSE) and allows AI to execute commands in a controlled environment with appropriate security measures.

✨ Features

• 🔒 Security Tools Access: Full access to Kali Linux security toolset through a controlled interface

• 🛡️ Command Validation: Commands are validated against an allowlist for security

• 🌐 Web Content Fetching: Retrieve and analyze web content

• 📊 Resource Information: Comprehensive system resource details and command examples

• 👤 Security Focus: Running as non-root user with appropriate permissions

🔧 Pre-installed Security Tools

• 🔍 Network Scanning: nmap, netcat

• 🕸️ Web Application Testing: nikto, gobuster, dirb

• 🧪 Penetration Testing: metasploit-framework

• 🔑 Credential Testing: hydra

• 💉 Data Extraction: sqlmap

• ℹ️ Information Gathering: whois, dig, host

🚀 Quick Start

🐳 Building and Running the Container

🔌 Connecting to Claude Desktop

1. Edit your Claude Desktop config file:

   • Location: ~/Library/Application Support/Claude/claude_desktop_config.json

   • Add this configuration:

     { "mcpServers": { "kali-mcp-server": { "transport": "sse", "url": "http://localhost:8000/sse", "command": "docker run -p 8000:8000 kali-mcp-server" } } }

2. Restart Claude Desktop

3. Test the connection with a simple command:

   /run nmap -F localhost

🛠️ Available MCP Tools

The server provides several tools through the MCP protocol:

💻 run - Execute Commands

Run security tools and commands in the Kali Linux environment.

Commands are validated against an allowlist for security. Long-running commands will be executed in the background with results saved to an output file.

🌐 fetch - Retrieve Web Content

Fetch and analyze web content from specified URLs.

📈 resources - List Available Resources

Get information about the system and available commands. (The AI can use these resources to run the commands on you behalf using Natural Language.)

🚀 vulnerability_scan - Automated Vulnerability Assessment

Perform automated vulnerability assessment with multiple tools.

Scan Types:

• quick: Fast scan with nmap and nikto

• comprehensive: Full scan with multiple tools

• web: Web-focused vulnerability assessment

• network: Network-focused vulnerability assessment

🌐 web_enumeration - Web Application Discovery

Perform comprehensive web application discovery and enumeration.

Enumeration Types:

• basic: Basic web enumeration with nikto and gobuster

• full: Comprehensive enumeration including vhost discovery

• aggressive: Aggressive enumeration with SQL injection testing

🔍 network_discovery - Network Reconnaissance

Perform multi-stage network reconnaissance and discovery.

Discovery Types:

• quick: Quick network discovery

• comprehensive: Comprehensive network mapping

• stealth: Stealthy network reconnaissance

🔍 exploit_search - Exploit Database Search

Search for exploits using searchsploit and other exploit databases.

Search Types:

• all: Search all exploit types

• web: Web application exploits

• remote: Remote exploits

• local: Local exploits

• dos: Denial of service exploits

💾 save_output - Save Content to File

Save content to a timestamped file for evidence collection.

Categories:

• general: General content (default)

• scan: Vulnerability scan results

• enum: Enumeration results

• evidence: Evidence collection

📋 create_report - Generate Structured Reports

Generate a structured report from findings.

Report Types:

• markdown: Markdown format (default)

• text: Plain text format

• json: JSON format

🔍 file_analysis - Analyze Files

Analyze a file using various tools (file type, strings, hash).

Analysis includes:

• File type detection

• String extraction

• SHA256 hash

• File metadata

• Content preview

📥 download_file - Download Files

Download a file from a URL and save it locally.

Features:

• Automatic filename extraction from URL

• SHA256 hash generation

• Content-type detection

• Safe filename sanitization

🗂️ session_create - Create New Session

Create a new pentest session with name, description, and target.

Features:

• Session metadata storage

• Automatic session activation

• Organized file structure

📋 session_list - List Sessions

List all pentest sessions with metadata and status.

Shows:

• All available sessions

• Active session indicator

• Session descriptions and targets

• Creation dates and history counts

🔄 session_switch - Switch Sessions

Switch to a different pentest session.

Features:

• Validates session existence

• Updates active session

• Shows session details after switch

📊 session_status - Session Status

Show current session status and summary.

Shows:

• Active session details

• Session metadata

• File count and history

• Recent activity

🗑️ session_delete - Delete Session

Delete a pentest session and all its evidence.

Safety Features:

• Cannot delete active session

• Confirms deletion with session details

• Removes all session files and evidence

📜 session_history - Session History

Show command/evidence history for the current session.

Shows:

• Chronological history of activities

• Action types and timestamps

• Session-specific evidence tracking

Enhanced Web Application Testing Tools

🕷️ Spider Website

Comprehensive web crawling and spidering using gospider.

Parameters:

• url (required): Target URL to spider

• depth (optional): Crawling depth (default: 2)

• threads (optional): Number of concurrent threads (default: 10)

📝 Form Analysis

Discover and analyze web forms for security testing.

Parameters:

• url (required): Target URL to analyze

• scan_type (optional): Type of analysis - "basic", "comprehensive", "aggressive" (default: "comprehensive")

📋 Header Analysis

Analyze HTTP headers for security information and misconfigurations.

Parameters:

• url (required): Target URL to analyze

• include_security (optional): Include security header analysis (default: true)

🔐 SSL Analysis

Perform SSL/TLS security assessment using testssl.sh.

Parameters:

• url (required): Target URL to analyze

• port (optional): SSL port (default: 443)

🔍 Subdomain Enumeration

Perform subdomain enumeration using multiple tools (subfinder, amass, waybackurls).

Parameters:

• url (required): Target domain to enumerate

• enum_type (optional): Type of enumeration - "basic", "comprehensive", "aggressive" (default: "comprehensive")

🔍 Web Audit

Perform comprehensive web application security audit.

Parameters:

• url (required): Target URL to audit

• audit_type (optional): Type of audit - "basic", "comprehensive", "aggressive" (default: "comprehensive")

Tools Used in Web Audit:

• Nikto (web vulnerability scanner)

• Gobuster (directory/vhost enumeration)

• SQLMap (SQL injection testing)

• Dirb (directory enumeration)

• TestSSL.sh (SSL/TLS analysis)

• Curl (header analysis)

Session Management Tools

⚠️ Troubleshooting

🔌 Connection Issues

• Ensure port 8000 is available on your machine

• Check that the Docker container is running: docker ps

• Verify the URL in Claude Desktop configuration matches the container's port

⚙️ Command Execution Problems

• If commands timeout, try running them in the background: command > output.txt &

• Use /resources to see examples of properly formatted commands

• For permission errors, ensure you're not trying to access protected system areas

🔒 Security Considerations

This container provides access to powerful security tools. Please observe the following:

• Use responsibly and only in controlled environments

• The container is designed to be run locally and should not be exposed to the internet

• Commands are validated against an allowlist for security

• The server runs as a non-root user inside the container

• Only use this tool for legitimate security testing with proper authorization

📋 Requirements

• Docker

• Claude Desktop or other SSE enabled MCP clients

• Port 8000 available on your host machine

👨‍💻 Development

🛠️ Setting Up a Development Environment

🧪 Running Tests

🙏 Acknowledgements

• Kali Linux for their security-focused distribution

• Anthropic for Claude and the MCP protocol

• The open-source security tools community