Provides comprehensive access to the Kali Linux security toolset, enabling AI assistants to perform network scanning, web enumeration, and vulnerability assessments in a containerized security environment.
Integrates the Metasploit Framework, allowing AI agents to search for security exploits and conduct penetration testing operations.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@Kali MCP ServerRun a quick vulnerability scan on example.com"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
Kali MCP Server
A production-ready MCP (Model Context Protocol) server running in a Kali Linux Docker container, providing AI assistants with access to 35 security tools covering the full offensive security lifecycle.
Overview
This project provides a Docker containerized MCP server that runs on Kali Linux, giving AI assistants (like Claude) access to a full suite of security and penetration testing tools. The server communicates via Server-Sent Events (SSE) or stdio and allows AI to execute commands in a controlled environment.
Quick Start
Building and Running the Container
# Quick start with the helper script
./run_docker.sh
# Or manually:
docker build -t kali-mcp-server .
docker run -p 8000:8000 kali-mcp-serverConnecting to Claude Desktop
Edit your Claude Desktop config file at
~/Library/Application Support/Claude/claude_desktop_config.json:
{
"mcpServers": {
"kali-mcp-server": {
"transport": "sse",
"url": "http://localhost:8000/sse",
"command": "docker run -p 8000:8000 kali-mcp-server"
}
}
}Restart Claude Desktop
Test with:
/run nmap -F localhost
Available MCP Tools (35)
Core Tools
Tool | Description |
| Execute shell commands in the Kali Linux environment |
| Fetch and analyze web content from URLs |
| List available system resources and command examples |
Reconnaissance & Scanning
Tool | Description |
| Smart nmap wrapper with scan presets (quick, full, stealth, udp, service, aggressive) |
| Comprehensive DNS enumeration with zone transfer attempts |
| Multi-stage network reconnaissance and discovery |
| Subdomain enumeration using subfinder, amass, waybackurls |
| Automated multi-stage reconnaissance pipeline |
Web Application Testing
Tool | Description |
| Automated vulnerability assessment with multiple tools |
| Web application discovery and enumeration |
| Comprehensive web application security audit |
| Web crawling and spidering using gospider |
| Discover and analyze web forms |
| HTTP header security analysis |
| SSL/TLS security assessment using testssl.sh |
Credential & Brute-Force Attacks
Tool | Description |
| Brute-force credential testing via hydra (SSH, FTP, HTTP, SMB, MySQL, RDP, etc.) |
| Store/retrieve discovered credentials tied to sessions |
Payload & Exploit Tools
Tool | Description |
| Generate payloads using msfvenom (reverse shell, bind shell, meterpreter) |
| Generate reverse shell one-liners for bash, python, php, perl, powershell, nc, ruby, java |
| Search for exploits using searchsploit |
Encoding & Hash Tools
Tool | Description |
| Multi-format encoding/decoding (base64, URL, hex, HTML, ROT13) |
| Identify hash types with Hashcat mode and John format lookup |
Share Enumeration
Tool | Description |
| SMB/NFS share enumeration (smbclient, enum4linux, showmount) |
Output Parsing
Tool | Description |
| Parse nmap text/XML output into structured JSON findings |
| Parse output from nikto, gobuster, dirb, hydra, or sqlmap |
Evidence & Reporting
Tool | Description |
| Save content to timestamped files for evidence collection |
| Generate structured reports (markdown, text, JSON) |
| Analyze files (type detection, strings, hashes, metadata) |
| Download files from URLs with hash verification |
Session Management
Tool | Description |
| Create a new pentest session |
| List all sessions with metadata |
| Switch between sessions |
| Show current session status |
| Delete a session and its evidence |
| Show command history for current session |
Tool Details
port_scan - Smart Nmap Wrapper
Runs nmap with predefined scan presets, generating both text and XML output.
/port_scan target=192.168.1.1 scan_type=quick
/port_scan target=10.0.0.0/24 scan_type=aggressive ports=80,443,8080Scan Presets:
Preset | Nmap Flags |
|
|
|
|
|
|
|
|
|
|
|
|
dns_enum - DNS Enumeration
Queries all DNS record types and attempts zone transfers.
/dns_enum domain=example.com
/dns_enum domain=target.com record_types=a,mx,ns,txtrecon_auto - Automated Recon Pipeline
Runs a multi-stage reconnaissance pipeline with configurable depth.
/recon_auto target=example.com depth=quick
/recon_auto target=10.0.0.1 depth=standard
/recon_auto target=target.com depth=deepDepth Levels:
Depth | Phases |
| DNS enumeration, quick port scan, header analysis |
| + service scan, SSL analysis, exploit search |
| + subdomain enumeration, web enumeration, vulnerability scan |
hydra_attack - Brute-Force Testing
/hydra_attack target=192.168.1.1 service=ssh username=admin passlist=/usr/share/wordlists/rockyou.txt
/hydra_attack target=10.0.0.1 service=ftp userlist=users.txt passlist=passwords.txt threads=32Supported Services: ssh, ftp, http-get, http-post-form, smb, mysql, rdp, telnet, vnc, pop3, imap, smtp
payload_generate - Msfvenom Payloads
/payload_generate payload_type=reverse_shell platform=linux lhost=10.0.0.1 lport=4444 format=elf
/payload_generate payload_type=meterpreter platform=windows lhost=10.0.0.1 format=exePayload Types: reverse_shell, bind_shell, meterpreter Platforms: linux, windows, osx, php, python Formats: elf, exe, raw, python, php, war
reverse_shell - Shell One-Liners
Generates ready-to-use reverse shell commands with listener hints.
/reverse_shell lhost=10.0.0.1 shell_type=bash lport=4444
/reverse_shell lhost=10.0.0.1 shell_type=python lport=9999Shell Types: bash, python, php, perl, powershell, nc, ruby, java
encode_decode - Encoding Utility
/encode_decode data="hello world" operation=encode format=base64
/encode_decode data="aGVsbG8gd29ybGQ=" operation=decode format=base64
/encode_decode data="<script>alert(1)</script>" operation=encode format=htmlFormats: base64, url, hex, html, rot13
hash_identify - Hash Identification
Identifies hash types by regex and returns Hashcat mode numbers and John format names.
/hash_identify hash_value=5d41402abc4b2a76b9719d911017c592
/hash_identify hash_value=$2y$10$abcdefghijklmnopqrstuuABCDEFGHIJKLMNOPQRSTUVWXYZ012345Supported Types: MD5, SHA-1, SHA-256, SHA-512, bcrypt, SHA-512/256/MD5 Crypt, NTLM, Apache APR1, MySQL, Django
enum_shares - Share Enumeration
/enum_shares target=192.168.1.1 enum_type=all
/enum_shares target=10.0.0.1 enum_type=smb username=admin password=passEnum Types: smb (smbclient + enum4linux), nfs (showmount), all
credential_store - Credential Management
Stores discovered credentials as JSON tied to the active session.
/credential_store action=add username=admin password=pass123 service=ssh target=10.0.0.1
/credential_store action=list
/credential_store action=search username=adminparse_nmap - Nmap Output Parser
Parses both text and XML nmap output into structured JSON with hosts, open ports, services, OS detection, and script output.
/parse_nmap filepath=port_scan_10_0_0_1_quick_20240101_120000.txt
/parse_nmap filepath=scan_results.xmlparse_tool_output - Generic Output Parser
Auto-detects and parses output from nikto, gobuster, dirb, hydra, or sqlmap.
/parse_tool_output filepath=nikto_results.txt
/parse_tool_output filepath=gobuster_output.txt tool_type=gobustervulnerability_scan
/vulnerability_scan target=127.0.0.1 scan_type=quick
/vulnerability_scan target=example.com scan_type=comprehensiveScan Types: quick, comprehensive, web, network
web_enumeration
/web_enumeration target=http://example.com enumeration_type=fullTypes: basic, full, aggressive
network_discovery
/network_discovery target=192.168.1.0/24 discovery_type=comprehensiveTypes: quick, comprehensive, stealth
Pre-installed Tools
The Docker container includes the following tools, all enabled for use through the run command:
Category | Tools |
Network Scanning | nmap, masscan, netcat, tcpdump, tshark |
Web Testing | nikto, gobuster, dirb, sqlmap, wfuzz, ffuf, feroxbuster, whatweb, wafw00f |
Exploitation | metasploit-framework (msfconsole, msfvenom), searchsploit |
Credential Attacks | hydra, hashcat, john |
Information Gathering | whois, dig, nslookup, amass, subfinder, theharvester, recon-ng, fierce, dnsenum, dnsrecon |
Web Crawling | gospider, waybackurls |
Share Enumeration | smbclient, enum4linux, showmount (nfs-common) |
SSL/TLS | testssl.sh, openssl |
HTTP Probing | httpx-toolkit, curl, wget |
File Analysis | file, strings, binwalk, exiftool, xxd, hexdump |
Utilities | python3, perl, ruby, php, git, base64, jq |
All commands are allowed by default inside the container. The container itself is the security boundary - it runs as a non-root user with no access to the host filesystem.
Security Considerations
Container isolation: The server runs inside an isolated Docker container as non-root user
mcpuserInput sanitization: Shell metacharacters (
;,&,|) are stripped from all command inputNo host access: The container has no access to the host filesystem or network stack
Authorization required: Only use for legitimate security testing with proper authorization
Local only: The container should not be exposed to the internet
Requirements
Docker
Claude Desktop or other MCP client (SSE or stdio)
Port 8000 available on your host machine
Development
Setup
git clone https://github.com/yourusername/kali-mcp-server.git
cd kali-mcp-server
python -m venv .venv
source .venv/bin/activate
pip install -e ".[dev]"Running Checks
# All checks
./run_tests.sh
# Individual
pyright # Type checking
ruff check . # Linting
ruff format . # Formatting
pytest # All tests
pytest tests/test_tools.py # Single file
pytest -k "session" # Pattern matchArchitecture
Adding a new tool requires changes in three places:
kali_mcp_server/tools.py- Implement the async functionkali_mcp_server/server.py- Add dispatch inhandle_tool_request()and schema inlist_available_tools()tests/- Add tests in bothtest_tools.pyandtest_server.py
Acknowledgements
Kali Linux for their security-focused distribution
Anthropic for Claude and the MCP protocol
The open-source security tools community