Kali Linux MCP Server

#!/bin/bash # Setup script for Kali MCP Server capabilities # This script configures the necessary capabilities for network tools to run as non-root set -e echo "Setting up Kali MCP Server capabilities..." # Create dedicated user for MCP server if it doesn't exist if ! id "mcp-server" &>/dev/null; then echo "Creating mcp-server user..." sudo useradd -r -s /bin/false -d /var/lib/mcp-server mcp-server sudo mkdir -p /var/lib/mcp-server sudo chown mcp-server:mcp-server /var/lib/mcp-server fi # Set capabilities for network tools that need raw socket access echo "Setting capabilities for network tools..." # Nmap needs raw socket capabilities if command -v nmap >/dev/null 2>&1; then sudo setcap cap_net_raw,cap_net_admin,cap_net_bind_service+eip $(which nmap) echo "✓ Set capabilities for nmap" fi # Some versions of netcat need special permissions if command -v nc >/dev/null 2>&1; then sudo setcap cap_net_bind_service+eip $(which nc) echo "✓ Set capabilities for netcat" fi # Ensure the tools directory is accessible if [ -d "/usr/share/wordlists" ]; then sudo chmod -R a+r /usr/share/wordlists echo "✓ Made wordlists readable" fi # Create output directories with proper permissions sudo mkdir -p /tmp/mcp-output sudo chown mcp-server:mcp-server /tmp/mcp-output sudo chmod 755 /tmp/mcp-output # Create systemd service file sudo tee /etc/systemd/system/kali-mcp-server.service > /dev/null << 'EOF' [Unit] Description=Kali Linux MCP Server After=network.target [Service] Type=simple User=mcp-server Group=mcp-server WorkingDirectory=/opt/kali-mcp-server ExecStart=/opt/kali-mcp-server/venv/bin/python -m kali_mcp_server.server Environment=MCP_HOST=127.0.0.1 Environment=MCP_PORT=8000 Environment=MCP_MAX_EXEC_TIME=300 Environment=MCP_OUTPUT_LIMIT=10000 Environment=MCP_ALLOWED_NETWORKS= Restart=always RestartSec=10 # Security settings NoNewPrivileges=yes PrivateTmp=yes ProtectSystem=strict ProtectHome=yes ReadWritePaths=/tmp/mcp-output [Install] WantedBy=multi-user.target EOF echo "✓ Created systemd service file" # Create environment configuration sudo mkdir -p /etc/kali-mcp-server sudo tee /etc/kali-mcp-server/config.env > /dev/null << 'EOF' # Kali MCP Server Configuration # Server settings MCP_HOST=127.0.0.1 MCP_PORT=8000 # Security settings MCP_MAX_EXEC_TIME=300 MCP_OUTPUT_LIMIT=10000 # Network restrictions (comma-separated list of allowed networks) # Example: MCP_ALLOWED_NETWORKS=192.168.1.0/24,10.0.0.0/8 MCP_ALLOWED_NETWORKS= # Tool paths MCP_TOOLS_PATH=/usr/bin EOF sudo chown root:mcp-server /etc/kali-mcp-server/config.env sudo chmod 640 /etc/kali-mcp-server/config.env echo "✓ Created configuration file" echo "Setup complete! You can now run the MCP server with proper permissions." echo "Configuration file: /etc/kali-mcp-server/config.env" echo "Service file: /etc/systemd/system/kali-mcp-server.service"