ikaliMCP Server

A Model Context Protocol (MCP) server for educational penetration testing using authentic Kali Linux tools.

Purpose

This MCP server provides a secure interface for AI assistants to interact with penetration testing tools for educational purposes only. Designed for the sole usage and sell by HeWhoMustNBN, whobcode.

Features

Manually Scaffolded Tools (10 Primary Tools)

• hydra_bruteforce - Password brute force attacks against network services

• nmap_scan - Network discovery and port scanning

• sqlmap_injection - Automatic SQL injection detection and exploitation

• nikto_webscan - Web server vulnerability scanning

• wpscan_wordpress - WordPress security scanning

• dirb_directory_scan - Directory and file brute forcing

• searchsploit_exploits - Exploit database searching

• gobuster_directory_scan - Fast directory brute forcing

• john_password_crack - Password hash cracking

• hashcat_gpu_crack - GPU-accelerated password cracking

Dynamic Tool Registry (Additional Tools — CLI Only)

• Wireshark Suite: tshark

• Metasploit Suite: msfconsole, msfvenom

• Aircrack-ng Suite: aircrack-ng, airodump-ng, aireplay-ng

• Reconnaissance: theharvester, sherlock

• Network Tools: netcat, hping3

• Web Tools: whatweb, ffuf

• Enumeration: enum4linux, dnsrecon, fierce, sublist3r

Prerequisites

• Docker Desktop with MCP Toolkit enabled

• Docker MCP CLI plugin (docker mcp command)

• Proper authorization for penetration testing activities

Installation

See the step-by-step instructions provided with the files.

Usage Examples

In Claude Desktop, OpenAI's Codex, or Abacus.AI, you can ask:

• "Scan 192.168.1.1 for open ports using nmap"

• "Perform a directory scan on http://example.com using dirb"

• "Search for WordPress vulnerabilities on http://target.com"

• "Brute force SSH login on 192.168.1.100 with hydra"

• "Check for SQL injection vulnerabilities in http://site.com/page.php?id=1"

Architecture

AI Assistant → MCP Gateway → ikaliMCP Server → Kali Linux Tools ↓ Docker Container (Root Access) (Hydra, Nmap, SQLMap, Nikto, etc.)

Security & Legal Notice

CRITICAL WARNING: This tool is for authorized educational use only!

• Only use on systems you own or have explicit permission to test

• Unauthorized penetration testing is illegal

• Users are responsible for compliance with all applicable laws

• Tool includes input sanitization for safety (see code comments for transparency)

Development

Local Testing

# Run directly for testing
python3 ikaliMCP_server.py

# Test MCP protocol
echo '{"jsonrpc":"2.0","method":"tools/list","id":1}' | python3 ikaliMCP_server.py

Container Self-Check

After building the image, verify CLI tools are present:

docker build -t ikaliMCP-mcp-server .
docker run --rm ikaliMCP-mcp-server python3 /app/self_check.py

Warnings for some -h checks may be benign; Missing indicates an install issue.

Adding New Tools

• Add tool to TOOL_REGISTRY in ikaliMCP_server.py

• Include description and base command

• Rebuild Docker image

• Update catalog entry

Input Sanitization Transparency

All inputs are sanitized to prevent command injection. The code includes comments showing the "desanitized" version for educational transparency:

# DESANITIZED: 
nmap -sS -p 80 192.168.1.1
# This shows what the command would look like without sanitization

Troubleshooting

Tools Not Appearing

• Verify Docker image built successfully

• Check catalog and registry files

• Ensure AI assistant config includes custom catalog

• Restart AI assistant

• Run container self-check: docker run --rm ikaliMCP-mcp-server python3 /app/self_check.py

macOS Intel Setup (Command Line)

Use the included script to install Docker Desktop (via Homebrew), build the image, and run self-check:

bash scripts/setup_mac_intel.sh

If you don't have the repo locally, provide your repo URL:

REPO_URL="git@github.com:your-org/ikaliMCP.git" bash -c "curl -fsSL https://raw.githubusercontent.com/your-org/ikaliMCP/main/scripts/setup_mac_intel.sh | bash"

Replace the URL above with your actual repository path if different.

macOS Intel Setup (No Homebrew)

Install Docker Desktop directly (no Homebrew), then build and self-check:

bash scripts/setup_mac_intel_no_brew.sh

If you don't have the repo locally, provide your repo URL env var:

REPO_URL="git@github.com:your-org/ikaliMCP.git" bash -c "curl -fsSL https://raw.githubusercontent.com/your-org/ikaliMCP/main/scripts/setup_mac_intel_no_brew.sh | bash"

Replace the URL above with your actual repository path if different. For Apple Silicon, use the appropriate Docker Desktop download URL (arm64) by setting DOCKER_DMG_URL.

Permission Errors

• Container runs as root for full tool access

• Verify Docker has necessary privileges

• Check tool installation in container

License

MIT License - Educational Use Only

Disclaimer

This software is provided for educational purposes only. The authors assume no liability for misuse or damage caused by this program. Users must comply with all applicable laws and regulations.