Provides intelligent security testing capabilities by integrating 193 Kali Linux security tools including information gathering, web application testing, password attacks, vulnerability exploitation, and PWN/reverse engineering tools with AI-driven decision making.
Enables exploitation framework operations through automated vulnerability exploitation and attack execution capabilities.
Implements OWASP security testing methodologies for comprehensive web application security assessment and vulnerability scanning.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@Kali Security MCPscan example.com for vulnerabilities"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
Kali MCP Server
🤖 AI 驱动的智能渗透测试框架
通过 MCP 协议将 193 个 Kali Linux 安全工具与 AI 无缝集成
中文
🎯 简介
Kali MCP Server 是一个基于 Model Context Protocol (MCP) 的智能安全测试框架,将 Kali Linux 的 193 个专业安全工具与 AI 助手(如 Claude)深度集成。支持自动化渗透测试、CTF 竞赛解题、漏洞评估等场景。
✨ 核心特性
特性 | 说明 |
193 个安全工具 | 涵盖信息收集、漏洞扫描、密码攻击、Web 测试、PWN 等 |
AI 智能编排 | 自动分析目标,智能选择工具链 |
CTF 竞赛模式 | 自动 Flag 检测,一键解题 |
APT 攻击模拟 | 完整的 MITRE ATT&CK 框架支持 |
模块化架构 | 清晰的代码组织,易于扩展 |
本地执行模式 | 无需额外后端服务器,直接调用系统工具 |
📁 项目结构
MCP-Kali-Server/
├── mcp_server.py # 主 MCP 服务器 (193 个工具)
├── kali_mcp/ # 模块化核心库
│ ├── core/ # 核心模块
│ │ ├── executor.py # 异步命令执行器
│ │ ├── session.py # 会话管理
│ │ ├── strategy.py # 策略引擎
│ │ └── cache.py # 结果缓存
│ ├── tools/ # 工具封装
│ │ ├── base.py # 工具基类
│ │ ├── network.py # 网络工具 (nmap, masscan)
│ │ ├── web.py # Web 工具 (sqlmap, nuclei)
│ │ ├── password.py # 密码工具 (hydra, john)
│ │ ├── exploit.py # 漏洞利用
│ │ └── pwn.py # PWN 工具
│ ├── ai/ # AI 模块
│ │ ├── intent.py # 意图识别
│ │ ├── recommend.py # 工具推荐
│ │ └── learning.py # 学习引擎
│ ├── output/ # 输出模块
│ │ ├── formatter.py # 格式化
│ │ ├── reporter.py # 报告生成
│ │ └── progress.py # 进度追踪
│ └── monitor/ # 监控模块
│ ├── health.py # 健康检查
│ └── metrics.py # 性能指标
├── pwnpasi/ # PWN 自动化模块
├── tests/ # 测试用例 (63 个测试)
├── deploy/ # 部署配置
├── status_check.py # 系统状态检查
├── fast_config.py # CTF 快速模式配置
└── connection_pool.py # 连接池优化🚀 快速开始
环境要求
Kali Linux 2023.1+ (推荐 2024.1+)
Python 3.10+
Kali 系统安全工具 (nmap, sqlmap, nuclei 等)
安装步骤
# 1. 克隆项目
git clone https://github.com/yourusername/MCP-Kali-Server.git
cd MCP-Kali-Server
# 2. 安装 Python 依赖
pip install -r requirements.txt --break-system-packages
# 3. 验证系统状态
python status_check.py
# 4. 启动服务
python mcp_server.py --tool-profile compliance合规自动化模式(推荐)
为减少模型误拒并确保授权边界清晰,建议默认使用合规档位并配置授权上下文:
# 默认全面合规档位(推荐,大部分模块可用)
export KALI_MCP_TOOL_PROFILE=compliance
# 可选:要求必须先加载授权上下文
export KALI_MCP_REQUIRE_ENGAGEMENT_CONTEXT=1compliance 档位可开放更完整工具集用于全面测试;strict 档位用于模型容易误拒时的中性工具面策略。
真实目标授权执行 Runbook
以下流程用于“真实目标且已授权”的完整评估执行,默认采用 compliance 获取全面工具能力:
设置工具档位并启动服务
export KALI_MCP_TOOL_PROFILE=compliance
export KALI_MCP_REQUIRE_ENGAGEMENT_CONTEXT=1
python mcp_server.py --tool-profile compliance若模型误拒严重,再切换为 strict:
export KALI_MCP_TOOL_PROFILE=strict
python mcp_server.py --tool-profile strict调用 MCP 工具
set_engagement_context设置授权上下文(示例)
{
"authorization_id": "AUTH-2026-001",
"client": "Example Corp",
"authorized_by": "CISO",
"valid_from": "2026-03-01",
"valid_until": "2026-03-31",
"target_scope": ["example.com", "10.10.10.0/24"],
"out_of_scope": ["prod-db.example.com"],
"allowed_actions": [
"recon",
"vuln-verification",
"credential-audit",
"controlled-validation",
"environment-review",
"reporting"
],
"forbidden_actions": ["dos", "persistence", "data-exfiltration"],
"data_handling": "mask sensitive data in all reports",
"reporting_standard": "PTES + OWASP ASVS",
"emergency_stop_contact": "soc@example.com"
}调用
build_authorized_assessment_request生成合规请求块
将目标、目标说明、可选阶段开关传入,拿到可直接喂给大模型的合规提示文本。调用
authorized_comprehensive_security_assessment执行全链路评估(示例)
{
"target": "https://example.com",
"depth": "thorough",
"include_credential_audit": true,
"include_controlled_validation": true,
"include_environment_review": true,
"username_file": "/opt/pentest/allowed_users.txt",
"password_file": "/opt/pentest/allowed_passwords.txt",
"credential_service": "ssh"
}查看结果中的
summary、phases、authorization_errors
summary:阶段成功/失败/跳过统计phases:每个阶段工具级结果与报错authorization_errors:未授权阶段会在这里明确返回,不会静默执行
💻 使用方法
方式一:本地使用(Claude Code CLI)
在项目目录创建 .mcp.json:
{
"mcpServers": {
"kali-intelligent-ctf": {
"command": "python",
"args": ["mcp_server.py"]
}
}
}然后直接使用 Claude Code:
claude首次进入建议先设置授权上下文(通过 MCP 工具 set_engagement_context),例如:
{
"authorization_id": "AUTH-2026-001",
"client": "Example Corp",
"authorized_by": "CISO",
"valid_from": "2026-03-01",
"valid_until": "2026-03-31",
"target_scope": ["example.com", "10.10.10.0/24"],
"out_of_scope": ["prod-db.example.com"],
"allowed_actions": ["recon", "vuln-verification", "reporting"],
"forbidden_actions": ["dos", "persistence", "data-exfiltration"],
"data_handling": "mask sensitive data in all reports",
"reporting_standard": "PTES + OWASP ASVS",
"emergency_stop_contact": "soc@example.com"
}方式二:Claude Desktop 集成
编辑 Claude Desktop 配置文件:
系统 | 配置文件路径 |
macOS |
|
Windows |
|
Linux |
|
配置内容:
{
"mcpServers": {
"kali-intelligent-ctf": {
"command": "python",
"args": ["/path/to/MCP-Kali-Server/mcp_server.py"]
}
}
}方式三:远程 Kali 服务器(SSH 隧道)
如果 Kali 在虚拟机或远程服务器上:
1. 确保 Kali SSH 服务运行:
sudo systemctl enable ssh
sudo systemctl start ssh2. 配置 Claude Desktop:
{
"mcpServers": {
"kali-intelligent-ctf": {
"command": "ssh",
"args": [
"-o", "StrictHostKeyChecking=no",
"user@kali-server-ip",
"python /path/to/MCP-Kali-Server/mcp_server.py"
]
}
}
}3. VMware NAT 端口转发(如适用):
主机端口 | 虚拟机端口 | 说明 |
2222 | 22 | SSH |
配置后使用:
{
"mcpServers": {
"kali-intelligent-ctf": {
"command": "ssh",
"args": ["-p", "2222", "user@localhost",
"python /path/to/MCP-Kali-Server/mcp_server.py"]
}
}
}🔧 工具分类
信息收集 (25 个工具)
工具 | 说明 |
| 端口扫描和服务识别 |
| 高速端口扫描 |
| 子域名枚举 |
| 全面子域名收集 |
| Web 技术识别 |
| OSINT 情报收集 |
| DNS 侦察 |
| 用户名社交媒体搜索 |
Web 应用测试 (35 个工具)
工具 | 说明 |
| 目录/文件爆破 |
| 快速模糊测试 |
| SQL 注入测试 |
| 漏洞模板扫描 |
| Web 服务器扫描 |
| WordPress 安全扫描 |
| Joomla 安全扫描 |
密码攻击 (15 个工具)
工具 | 说明 |
| 在线密码爆破 |
| 离线密码破解 |
| GPU 加速破解 |
| 并行密码测试 |
漏洞利用 (20 个工具)
工具 | 说明 |
| Metasploit 模块执行 |
| Exploit-DB 搜索 |
| Windows/Samba 枚举 |
PWN 与逆向 (20 个工具)
工具 | 说明 |
| PWN 漏洞快速检查 |
| 自动化 PWN 利用 |
| 自动逆向分析 |
| Radare2 分析 |
| Ghidra 分析 |
智能化工具 (58 个工具)
工具 | 说明 |
| 智能 CTF 解题 |
| 创建 AI 攻击会话 |
| 意图分析 |
| 全面侦察 |
| 智能漏洞评估 |
| 智能渗透测试 |
| APT 综合攻击 |
| 自适应 Web 渗透 |
📖 使用示例
CTF 竞赛模式
你: 帮我解决这个 CTF Web 题目 http://ctf.example.com
Claude: 我来启用 CTF 模式并分析这个目标...
[执行 enable_ctf_mode]
[执行 intelligent_ctf_solve]
[自动检测 Flag: flag{xxx}]渗透测试模式
你: 对 192.168.1.100 进行全面的渗透测试
Claude: 我来创建一个渗透测试会话...
[执行 ai_create_session]
[执行 nmap_scan - 发现端口 22, 80, 443]
[执行 nuclei_scan - 发现漏洞]
[生成渗透测试报告]单工具使用
你: 用 nmap 扫描 scanme.nmap.org
Claude: [执行 nmap_scan]
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
...🎮 攻击模式
Enterprise 渗透测试模式
11 阶段 MITRE ATT&CK 框架
完整报告生成
CVSS 评分
合规性验证
AWD 竞赛速度模式
10-20 分钟时限
8+ 并发攻击向量
每 30 秒策略调整
实时 Flag 提取
🧪 运行测试
# 运行所有测试 (63 个)
pytest
# 运行特定测试
pytest tests/test_executor.py
# 详细输出
pytest -v
# 跳过慢速测试
pytest -m "not slow"⚠️ 安全声明
本项目仅用于:
✅ 授权的渗透测试
✅ CTF 竞赛和安全培训
✅ 安全研究和漏洞分析
✅ 防御性安全评估
严禁用于:
❌ 未经授权的攻击
❌ 恶意目的
❌ 任何违法活动
English
🎯 Introduction
Kali MCP Server is an intelligent security testing framework based on Model Context Protocol (MCP), deeply integrating 193 professional security tools from Kali Linux with AI assistants like Claude. It supports automated penetration testing, CTF challenge solving, vulnerability assessment, and more.
✨ Key Features
Feature | Description |
193 Security Tools | Covering reconnaissance, vulnerability scanning, password attacks, web testing, PWN, etc. |
AI-Powered Orchestration | Automatic target analysis and intelligent tool chain selection |
CTF Competition Mode | Automatic flag detection, one-click solving |
APT Attack Simulation | Full MITRE ATT&CK framework support |
Modular Architecture | Clean code organization, easy to extend |
Local Execution Mode | No additional backend server required |
🚀 Quick Start
# Clone the project
git clone https://github.com/yourusername/MCP-Kali-Server.git
cd MCP-Kali-Server
# Install dependencies
pip install -r requirements.txt --break-system-packages
# Verify system status
python status_check.py💻 Usage
Local Usage (Claude Code CLI)
Create .mcp.json in project directory:
{
"mcpServers": {
"kali-intelligent-ctf": {
"command": "python",
"args": ["mcp_server.py"]
}
}
}Claude Desktop Integration
Edit configuration file:
{
"mcpServers": {
"kali-intelligent-ctf": {
"command": "python",
"args": ["/path/to/MCP-Kali-Server/mcp_server.py"]
}
}
}Remote Kali Server (SSH Tunnel)
{
"mcpServers": {
"kali-intelligent-ctf": {
"command": "ssh",
"args": [
"user@kali-server-ip",
"python /path/to/MCP-Kali-Server/mcp_server.py"
]
}
}
}🔧 Tool Categories
Category | Count | Examples |
Reconnaissance | 25 | nmap, masscan, subfinder |
Web Testing | 35 | sqlmap, nuclei, gobuster |
Password Attacks | 15 | hydra, john, hashcat |
Exploitation | 20 | metasploit, searchsploit |
PWN & Reverse | 20 | pwntools, radare2, ghidra |
Intelligent Tools | 58 | AI-powered automation |
📄 License
MIT License - See LICENSE for details.
🤝 Contributing
Contributions are welcome! Please feel free to submit a Pull Request.
⚠️ Disclaimer
This tool is for authorized security testing only. Users are responsible for complying with all applicable laws and regulations. The authors are not responsible for any misuse or damage caused by this tool.
⭐ Star this repo if you find it useful!
Made with ❤️ for the security community
This server cannot be installed
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.