-
securityF
license-
qualityA demonstration server that allows large language models to perform penetration testing tasks autonomously by interfacing with the Mythic C2 framework.
Last updated -
11
Python
The Kali Linux MCP Server enables remote command execution and management within a Kali Linux penetration testing environment:
- Execute Commands: Run non-interactive commands (like
ping 127.0.0.1) for security testing or general Linux tasks - Manage Interactive Sessions: Start, control, and terminate interactive commands (such as
mysql -u root -p) with session IDs - Send Input & Retrieve Output: Provide input to and collect output from active command sessions
- Access Security Tools: Leverage the full suite of built-in Kali Linux penetration testing tools remotely
- Docker-Based Deployment: Runs in a Docker container with SOCKS5 proxy support and SSH key configuration
Enables execution of Burp Suite commands for web application security testing, though with limitations on interactive features and UI-based interactions.
Provides access to Kali Linux penetration testing tools and commands via an SSH connection, allowing execution of security testing operations in a containerized environment.
Allows running Metasploit penetration testing commands in non-interactive mode, supporting security testing and exploitation workflows without entering interactive command mode.
目前只是个玩具,只支持执行可以返回的命令,如burp suite和metasploit等不能进行界面和命令交互,metasploit倒是可以叫ai agent直接执行不进入命令交互模式,有时间弄得的哥们可以拿去加强一下 😜
kalilinuxmcp
kali linux mcp,pentest,penetration test
更新:
20250401更新: 新增简单的交互式处理
如何安装:
1: 首先要用ssh-keygen -t rsa做一个私钥和公钥,替换公钥到Dockerfile的,替换私钥到"C:\Users[Username].ssh\kali000",这里自行去src\index.ts里搜索"kali000"替换路径
'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCsoJo7WJIHDQgmEdKwm6IqS61xaGWa/OVVMCrMwcVh13xvYbAD7wdMufzNhWRxSso3SKvTHbQjIszvYQgkVFjRPiJW5vGCU0847CX0zZytGLnKpKWDZ5ccShMPlIxVuy2+WUQlKNL7f+w59PMX+3BLcikhtwk0xwG7tpS4kAtXHlrwt1B1vFj3CoF8rBofGJAahOuPvruRh9i1i73i5JJHJFeDdJVfNnY5/8HnBvtWtJzbsbmlyaTODfrDCeYZ32zxDZdsPVEls3RDsfgUadyC71mpXloJ8JTiUU37H5DY+xtIuz3XICwA7DsVm9jiKaSR96DZyogYxx+UKdrDsIH4JQwBNs3RDCX+t7ivKj75KkhhrW2X2h90EOjwQPQOhuVU2FtMXbWlfbZL5UwXGgA7Efe3N0ZzrKac+RGM6vY/jsnESgZaTayF/N/BysMpjI18xy6Y12CyPXVYsvF3v04d2XR1Fs5rduERjpot7o9N+i5FcoTfUb5WP5nVU9X0b2s= hack004@DESKTOP-H4HRI73'
2:因为是国内环境,docker里我加了使用主机的socks5代理,自行搜索来替换"192.168.31.110",还有dns服务器也强制用dns2socks转到了本地127.0.0.1使用socks5代理,可自行去Dockerfile里替换或者去掉
3:原始使用的"booyaabes/kali-linux-full"镜像,但是里面软件版本有点老,自行选择是否要执行以下操作更新(主要需要更新很久!)
4:(编译MCP),先npm install后直接npm run build,得到build目录,核心是index.js
5:(编译Docker镜像),
6:安装MCP:
注意事项:
1: 每次重启docker后记得刷新MCP,因为可能SSH连接会断开
参考项目:
效果展示:
1:Lab: Blind SQL injection with out-of-band data exfiltration
2:command injection:
3:Lab: Web shell upload via Content-Type restriction bypass
You must be authenticated.
local-only server
The server can only run on the client's local machine because it depends on local resources.
Tools
A tool that allows penetration testing through Kali Linux commands executed via a Multi-Conversation Protocol server, supporting security testing operations like SQL injection and command execution.
- 更新:
- 如何安装:
- 1: 首先要用ssh-keygen -t rsa做一个私钥和公钥,替换公钥到Dockerfile的,替换私钥到"C:\Users\[Username]\.ssh\\kali000",这里自行去src\index.ts里搜索"kali000"替换路径
- 2:因为是国内环境,docker里我加了使用主机的socks5代理,自行搜索来替换"192.168.31.110",还有dns服务器也强制用dns2socks转到了本地127.0.0.1使用socks5代理,可自行去Dockerfile里替换或者去掉
- 3:原始使用的"booyaabes/kali-linux-full"镜像,但是里面软件版本有点老,自行选择是否要执行以下操作更新(主要需要更新很久!)
- 注意事项:
- 参考项目:
- 效果展示:
- 1:Lab: Blind SQL injection with out-of-band data exfiltration
- 2:command injection:
- 3:Lab: Web shell upload via Content-Type restriction bypass
Related MCP Servers
- AsecurityAlicenseAqualityA security testing tool that enables automated vulnerability detection including XSS and SQL injection, along with comprehensive browser interaction capabilities for web application penetration testing.Last updated -123275JavaScriptMIT License
- -securityFlicense-qualityA Model Context Protocol server that integrates with the Qase test management platform, allowing users to create and retrieve test cases, manage test runs, and interact with Qase projects.Last updated -1JavaScript
- AsecurityFlicenseAqualityA Model Context Protocol server that integrates essential penetration testing tools (Nmap, Gobuster, Nikto, John the Ripper) into a unified natural language interface, allowing security professionals to execute and chain multiple tools through conversational commands.Last updated -85231TypeScript