Provides comprehensive access to the Kali Linux security toolset, enabling AI assistants to perform network scanning, web enumeration, and vulnerability assessments in a containerized security environment.
Integrates the Metasploit Framework, allowing AI agents to search for security exploits and conduct penetration testing operations.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@Kali MCP ServerRun a quick vulnerability scan on example.com"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
Kali MCP Server
A production-ready MCP (Model Context Protocol) server running in a Kali Linux Docker container, providing AI assistants with access to 35 security tools covering the full offensive security lifecycle.
Overview
This project provides a Docker containerized MCP server that runs on Kali Linux, giving AI assistants (like Claude) access to a full suite of security and penetration testing tools. The server communicates via Server-Sent Events (SSE) or stdio and allows AI to execute commands in a controlled environment.
Quick Start
Building and Running the Container
Connecting to Claude Desktop
Edit your Claude Desktop config file at
~/Library/Application Support/Claude/claude_desktop_config.json:
Restart Claude Desktop
Test with:
/run nmap -F localhost
Available MCP Tools (35)
Core Tools
Tool | Description |
| Execute shell commands in the Kali Linux environment |
| Fetch and analyze web content from URLs |
| List available system resources and command examples |
Reconnaissance & Scanning
Tool | Description |
| Smart nmap wrapper with scan presets (quick, full, stealth, udp, service, aggressive) |
| Comprehensive DNS enumeration with zone transfer attempts |
| Multi-stage network reconnaissance and discovery |
| Subdomain enumeration using subfinder, amass, waybackurls |
| Automated multi-stage reconnaissance pipeline |
Web Application Testing
Tool | Description |
| Automated vulnerability assessment with multiple tools |
| Web application discovery and enumeration |
| Comprehensive web application security audit |
| Web crawling and spidering using gospider |
| Discover and analyze web forms |
| HTTP header security analysis |
| SSL/TLS security assessment using testssl.sh |
Credential & Brute-Force Attacks
Tool | Description |
| Brute-force credential testing via hydra (SSH, FTP, HTTP, SMB, MySQL, RDP, etc.) |
| Store/retrieve discovered credentials tied to sessions |
Payload & Exploit Tools
Tool | Description |
| Generate payloads using msfvenom (reverse shell, bind shell, meterpreter) |
| Generate reverse shell one-liners for bash, python, php, perl, powershell, nc, ruby, java |
| Search for exploits using searchsploit |
Encoding & Hash Tools
Tool | Description |
| Multi-format encoding/decoding (base64, URL, hex, HTML, ROT13) |
| Identify hash types with Hashcat mode and John format lookup |
Share Enumeration
Tool | Description |
| SMB/NFS share enumeration (smbclient, enum4linux, showmount) |
Output Parsing
Tool | Description |
| Parse nmap text/XML output into structured JSON findings |
| Parse output from nikto, gobuster, dirb, hydra, or sqlmap |
Evidence & Reporting
Tool | Description |
| Save content to timestamped files for evidence collection |
| Generate structured reports (markdown, text, JSON) |
| Analyze files (type detection, strings, hashes, metadata) |
| Download files from URLs with hash verification |
Session Management
Tool | Description |
| Create a new pentest session |
| List all sessions with metadata |
| Switch between sessions |
| Show current session status |
| Delete a session and its evidence |
| Show command history for current session |
Tool Details
port_scan - Smart Nmap Wrapper
Runs nmap with predefined scan presets, generating both text and XML output.
Scan Presets:
Preset | Nmap Flags |
|
|
|
|
|
|
|
|
|
|
|
|
dns_enum - DNS Enumeration
Queries all DNS record types and attempts zone transfers.
recon_auto - Automated Recon Pipeline
Runs a multi-stage reconnaissance pipeline with configurable depth.
Depth Levels:
Depth | Phases |
| DNS enumeration, quick port scan, header analysis |
| + service scan, SSL analysis, exploit search |
| + subdomain enumeration, web enumeration, vulnerability scan |
hydra_attack - Brute-Force Testing
Supported Services: ssh, ftp, http-get, http-post-form, smb, mysql, rdp, telnet, vnc, pop3, imap, smtp
payload_generate - Msfvenom Payloads
Payload Types: reverse_shell, bind_shell, meterpreter Platforms: linux, windows, osx, php, python Formats: elf, exe, raw, python, php, war
reverse_shell - Shell One-Liners
Generates ready-to-use reverse shell commands with listener hints.
Shell Types: bash, python, php, perl, powershell, nc, ruby, java
encode_decode - Encoding Utility
Formats: base64, url, hex, html, rot13
hash_identify - Hash Identification
Identifies hash types by regex and returns Hashcat mode numbers and John format names.
Supported Types: MD5, SHA-1, SHA-256, SHA-512, bcrypt, SHA-512/256/MD5 Crypt, NTLM, Apache APR1, MySQL, Django
enum_shares - Share Enumeration
Enum Types: smb (smbclient + enum4linux), nfs (showmount), all
credential_store - Credential Management
Stores discovered credentials as JSON tied to the active session.
parse_nmap - Nmap Output Parser
Parses both text and XML nmap output into structured JSON with hosts, open ports, services, OS detection, and script output.
parse_tool_output - Generic Output Parser
Auto-detects and parses output from nikto, gobuster, dirb, hydra, or sqlmap.
vulnerability_scan
Scan Types: quick, comprehensive, web, network
web_enumeration
Types: basic, full, aggressive
network_discovery
Types: quick, comprehensive, stealth
Pre-installed Tools
The Docker container includes the following tools, all enabled for use through the run command:
Category | Tools |
Network Scanning | nmap, masscan, netcat, tcpdump, tshark |
Web Testing | nikto, gobuster, dirb, sqlmap, wfuzz, ffuf, feroxbuster, whatweb, wafw00f |
Exploitation | metasploit-framework (msfconsole, msfvenom), searchsploit |
Credential Attacks | hydra, hashcat, john |
Information Gathering | whois, dig, nslookup, amass, subfinder, theharvester, recon-ng, fierce, dnsenum, dnsrecon |
Web Crawling | gospider, waybackurls |
Share Enumeration | smbclient, enum4linux, showmount (nfs-common) |
SSL/TLS | testssl.sh, openssl |
HTTP Probing | httpx-toolkit, curl, wget |
File Analysis | file, strings, binwalk, exiftool, xxd, hexdump |
Utilities | python3, perl, ruby, php, git, base64, jq |
All commands are allowed by default inside the container. The container itself is the security boundary - it runs as a non-root user with no access to the host filesystem.
Security Considerations
Container isolation: The server runs inside an isolated Docker container as non-root user
mcpuserInput sanitization: Shell metacharacters (
;,&,|) are stripped from all command inputNo host access: The container has no access to the host filesystem or network stack
Authorization required: Only use for legitimate security testing with proper authorization
Local only: The container should not be exposed to the internet
Requirements
Docker
Claude Desktop or other MCP client (SSE or stdio)
Port 8000 available on your host machine
Development
Setup
Running Checks
Architecture
Adding a new tool requires changes in three places:
kali_mcp_server/tools.py- Implement the async functionkali_mcp_server/server.py- Add dispatch inhandle_tool_request()and schema inlist_available_tools()tests/- Add tests in bothtest_tools.pyandtest_server.py
Acknowledgements
Kali Linux for their security-focused distribution
Anthropic for Claude and the MCP protocol
The open-source security tools community