Skip to main content
Glama
asarlashmit

MCP-Connect — Kali Agent MCP v2

by asarlashmit

hydra_attack

Perform brute-force password attacks against network services using username and password lists, with support for custom arguments and multiple service types.

Instructions

Kali Agent MCP tool: hydra_attack Explicit execution timing is supported. Before calling, deliberately choose expected_runtime_seconds, timeout_seconds, check_after_seconds, poll_interval_seconds, and on_timeout. Use on_timeout='continue_background' for long work that should return a durable job_id for later job_status/job_logs/job_wait checks; use 'kill' or 'return_partial' for bounded synchronous work.

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
targetYes
serviceYes
passwordNo
usernameNo
on_timeoutNocontinue_background
service_argsNo
password_fileNo
username_fileNo
additional_argsNo
timeout_secondsNo
check_after_secondsNo
poll_interval_secondsNo
expected_runtime_secondsNo

Output Schema

TableJSON Schema
NameRequiredDescriptionDefault

No arguments

Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

No annotations are provided, so the description carries full burden. It mentions explicit execution timing and on_timeout behavior, but it does not disclose potential destructive impact on the target, required permissions (e.g., root, network access), or that it performs password cracking attacks. The behavioral transparency is insufficient.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness3/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is relatively short (2-3 sentences), but it is not well-structured. It begins with a label and then jumps into execution timing details without a logical flow. There is some repetition in explaining the same on_timeout options. It could be more concise and better organized.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness2/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the tool's complexity (13 parameters, no annotations, and an output schema referenced but not described), the description is incomplete. It only covers timing aspects and fails to explain the tool's core purpose, parameter semantics, output, or behavioral implications. The description does not provide a complete picture for correct usage.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters2/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema description coverage is 0%, yet the description only explains the timing/execution parameters (expected_runtime_seconds, timeout_seconds, etc.) and on_timeout. It does not clarify core parameters like 'target', 'service', 'password', 'username', or their expected formats. With 13 parameters and no schema descriptions, the description fails to compensate adequately.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose3/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description starts with 'Kali Agent MCP tool: hydra_attack', which provides context but does not explicitly state the tool's function. The name suggests a Hydra attack, but the description focuses on execution timing rather than specifying what the tool does (e.g., password cracking). It is distinguishable from siblings like nmap_scan or sqlmap_scan but lacks a clear purpose statement.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines2/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description gives explicit guidance on when to use 'continue_background' vs 'kill' or 'return_partial' for execution timing, but it does not provide any comparative guidance for choosing this tool over sibling attack tools (e.g., nmap_scan, sqlmap_scan). It misses when-not-to-use and alternatives.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/asarlashmit/MCP-Connect'

If you have feedback or need assistance with the MCP directory API, please join our Discord server