🛡️ CTF-Solver

AI-Powered Offensive Security Toolkit

Bridge your AI assistant to 55+ Kali Linux security tools via Model Context Protocol

Features • Quick Start • Documentation • Architecture • Legal

Language: English | 한국어

📖 Overview

MCP Kali Server transforms your AI assistant into a powerful offensive security companion by providing seamless access to professional penetration testing and CTF-solving tools from Kali Linux.

Built on the Model Context Protocol (MCP), this server enables AI assistants like Claude, ChatGPT, and others to orchestrate complex security workflows, automate CTF challenge solving, and perform intelligent penetration testing through natural language.

🎯 What Can It Do?

You: "I found an RSA challenge with n=12345..., e=65537. Can you decrypt it?"

AI: *Automatically queries FactorDB → runs RsaCtfTool → decrypts ciphertext → extracts flag*
    "Flag found: CTF{...}"

You: "Scan this web app for vulnerabilities: http://target.com"

AI: *Runs nmap → gobuster → nikto → sqlmap → provides comprehensive security report*

✨ Features

🎓 7 Major CTF Categories Supported

🔓 Pwnable (80% coverage)

• Buffer overflow exploitation

• ROP chain building

• Format string attacks

• Heap exploitation

• Tools: checksec, ROPgadget, pwntools, radare2

🔐 Cryptography (50-80% coverage)

• RSA attacks (factorization, Wiener, Hastad)

• Hash cracking (MD5, SHA, bcrypt)

• Mathematical cryptanalysis

• Tools: hashcat, RsaCtfTool, SageMath, john

🔍 Forensics (43-70% coverage)

• Automated memory analysis (Volatility workflows)

• Automated disk forensics (SleuthKit workflows)

• Automated malware hunting (YARA + IOC extraction)

• Memory dump analysis & steganography detection

• File carving & recovery

• Tools: Volatility3, SleuthKit, YARA, binwalk, steghide, foremost

🌐 Web Security (90% coverage)

• SQL injection testing

• Directory enumeration

• Vulnerability scanning

• Tools: sqlmap, gobuster, nikto, wpscan

☁️ Cloud Security (52-85% coverage)

• AWS/GCP/Azure enumeration

• S3 bucket scanning

• IAM privilege escalation

• Tools: aws-cli, pacu, s3scanner

⛓️ Web3 & Blockchain (40-75% coverage)

• Smart contract analysis

• Reentrancy attacks

• Integer overflow detection

• Tools: Slither, Mythril, web3.py, solc

🔄 Reversing (67% coverage)

• Binary disassembly

• Dynamic analysis

• Deobfuscation

• Tools: radare2, ltrace, strace, objdump

🛠️ 55+ Professional Security Tools

• Network Recon: nmap, masscan, enum4linux

• Web Testing: gobuster, dirb, nikto, sqlmap, wpscan, ffuf

• Password Attacks: hydra, john, hashcat

• Binary Analysis: checksec, ROPgadget, radare2, pwntools, Ghidra

• Forensics: Volatility3, SleuthKit (mmls, fls, mactime), YARA, binwalk, foremost, steghide, exiftool, tesseract, md5deep

• Cryptography: RsaCtfTool, SageMath, hashcat, openssl

• Cloud: AWS CLI, Pacu, s3scanner, ScoutSuite

• Web3: Slither, Mythril, web3.py, solc, Ganache

• Exploitation: metasploit, searchsploit

• And many more...

🤖 AI-Powered Automation

• Automatic Vulnerability Detection: AI analyzes binaries and identifies exploitable weaknesses

• Multi-Step Attack Chains: Orchestrate complex exploitation workflows

• Automated Forensics Workflows: Multi-stage memory analysis, disk forensics, and malware hunting

• Session Management: Persistent workspaces for multi-step analysis

• Interactive Shells: Bidirectional communication with running exploits

• Intelligent Tool Selection: AI chooses appropriate tools based on context

📚 Comprehensive Guidance

• Workflow Prompts: Pre-built templates for common CTF scenarios

• Problem-Solving Guide: Ready-to-use prompts for each category

• Tool Installation: Automated setup scripts for Kali Linux

• Best Practices: Security testing guidelines and ethics

🚀 Quick Start

Prerequisites

Option 1: Docker (Recommended) 🐳

• Docker & Docker Compose installed

• AI Assistant with MCP support (Claude Desktop, 5ire, etc.)

Option 2: Native Installation

• Kali Linux (or any Linux with security tools installed)

• Python 3.12+

• AI Assistant with MCP support (Claude Desktop, 5ire, etc.)

Option 1: Docker Installation (Recommended) 🐳

One-command setup - all tools included!

1. Clone and start

git clone https://github.com/foxibu/CTF-Solver.git
cd CTF-Solver
docker-compose up -d

That's it! The server is now running on http://localhost:5000 with all 55+ security tools pre-installed.

2. Configure your MCP client

For Claude Desktop (edit ~/.config/Claude/claude_desktop_config.json):

{
  "mcpServers": {
    "kali_mcp": {
      "command": "python3",
      "args": [
        "/absolute/path/to/src/my_server/mcp_server.py",
        "--server",
        "http://localhost:5000/"
      ]
    }
  }
}

3. Start solving CTFs! 🎉

Option 2: Native Installation

1. Clone the repository

git clone https://github.com/foxibu/CTF-Solver.git
cd CTF-Solver

2. Install dependencies

pip install -e .
# OR use uv for faster installation
uv pip install -e .

3. Install security tools (see KALI_TOOLS_INSTALLATION.md)

# Quick install essential tools
sudo apt install -y nmap gobuster dirb nikto sqlmap wpscan hydra john \
    checksec binwalk steghide volatility3 radare2

# See installation guide for complete setup

4. Start the Kali server

python3 kali_server.py
# Server runs on http://0.0.0.0:5000

5. Configure your MCP client

For Claude Desktop (edit ~/.config/Claude/claude_desktop_config.json):

{
  "mcpServers": {
    "kali_mcp": {
      "command": "python3",
      "args": [
        "/absolute/path/to/src/my_server/mcp_server.py",
        "--server",
        "http://KALI_IP:5000/"
      ]
    }
  }
}

For 5ire Desktop:

• Add MCP server with command: python3 /path/to/src/my_server/mcp_server.py --server http://KALI_IP:5000

6. Start solving CTFs! 🎉

🏗️ Architecture

┌─────────────────────┐         HTTP/JSON        ┌─────────────────────┐
│  MCP Client         │◄──────────────────────────│  Kali Linux Server  │
│  (Claude Desktop,   │        Port 5000          │  (Flask API)        │
│   5ire, etc.)       │                           │                     │
│                     │                           │  - Command Executor │
│  - FastMCP Server   │                           │  - Tool Endpoints   │
│  - Tool Definitions │                           │  - Session Manager  │
│  - Workflow Prompts │                           │  - Timeout Handler  │
└─────────────────────┘                           └─────────────────────┘
     Windows/Mac/Linux                                Kali Linux

Components

Kali Server (kali_server.py)

• Flask HTTP API server (port 5000)

• 73+ security tool endpoints

• Advanced forensics automation (memory, disk, malware)

• Session-based workspaces

• Interactive shell management

• Graceful timeout handling (180s default)

MCP Client (src/my_server/mcp_server.py)

• FastMCP protocol implementation

• 55+ MCP tool wrappers

• AI-guided workflow prompts

• Resources (server status, wordlists, guides)

💡 Usage Examples

Example 1: RSA Cryptography Challenge

User: "I have an RSA challenge:
       n = 85188995949975973...
       e = 65537
       c = 34577152691579622...
       Can you decrypt it?"

AI Assistant:
1. Creates analysis session
2. Queries FactorDB for factorization of n
3. Runs RsaCtfTool with multiple attack methods
4. Successfully decrypts using Wiener's attack
5. Returns: "Plaintext: CTF{weak_rsa_exponent}"

Example 2: Web Application Testing

User: "Test http://target.com for vulnerabilities"

AI Assistant:
1. Runs nmap port scan
2. Discovers web server on ports 80, 443
3. Runs gobuster for directory enumeration
4. Finds /admin, /backup, /api endpoints
5. Runs nikto for vulnerability scanning
6. Tests SQLi with sqlmap on login form
7. Provides comprehensive security report

Example 3: Binary Exploitation (Pwnable)

User: "Analyze this binary: challenge.bin"

AI Assistant:
1. Uploads binary to session workspace
2. Runs checksec (finds: No canary, NX enabled, No PIE)
3. Auto-detects buffer overflow vulnerability
4. Finds ROP gadgets for NX bypass
5. Locates system() and "/bin/sh"
6. Generates pwntools exploit script
7. Tests locally and captures flag

Example 4: Memory Forensics

User: "Analyze this memory dump: memory.dmp (Windows)"

AI Assistant:
1. Runs Volatility3 windows.info
2. Lists running processes (windows.pslist)
3. Identifies suspicious process: malware.exe
4. Dumps process memory
5. Scans for network connections
6. Extracts command line arguments
7. Finds hidden flag in process memory

Example 5: Automated Forensics Workflow

User: "Run automated forensics analysis on this memory dump"

AI Assistant (using auto_memory_analysis):
✓ Phase 1: OS Detection - Identified Windows 10 x64
✓ Phase 2: Process Analysis - 47 processes found
✓ Phase 3: Network Connections - 12 active connections
✓ Phase 4: Malware Detection - 2 suspicious injections found
✓ Phase 5: Registry Analysis - Persistence mechanisms detected
✓ Phase 6: DLL Analysis - Malicious DLL identified

Summary: Found malware persistence in Run key, extracted C2 server: 192.168.1.100:4444

User: "Hunt for malware in this suspicious executable"

AI Assistant (using auto_malware_hunt):
✓ Phase 1: YARA Scanning - Matched: Trojan.Generic
✓ Phase 2: IOC Extraction - Found 3 IPs, 5 domains, 2 registry keys
✓ Phase 3: File Type - PE32 executable (stripped)
✓ Phase 4: Entropy Analysis - HIGH ENTROPY (7.8) - likely packed
✓ Phase 5: Hash Generation - MD5: a1b2c3..., SHA256: d4e5f6...
✓ Phase 6: Metadata - Compiled: 2024-01-15, Language: C++
✓ Phase 7: Binary Analysis - Embedded ELF detected at 0x2000

Threat Assessment: High-risk packed malware with embedded payloads

📚 Documentation

• PROBLEM_SOLVING_PROMPTS.md - Ready-to-use AI prompts for each CTF category

• KALI_TOOLS_INSTALLATION.md - Complete tool installation guide with automated scripts

• CTF_ENHANCEMENT.md - Advanced features and capability analysis

• CLAUDE.md - Comprehensive guide for AI assistants working with this codebase

🎮 Supported CTF Platforms

This tool works with all major CTF platforms:

• HackTheBox (HTB)

• TryHackMe (THM)

• PicoCTF

• CTFtime competitions

• OverTheWire

• pwnable.kr / pwnable.tw

• Root-Me

• RingZer0 CTF

• VulnHub

• And many more!

🎯 Use Cases

✅ Authorized & Legal

• CTF competitions and wargames

• Authorized penetration testing (with written permission)

• Bug bounty programs (within scope)

• Security research and education

• Personal lab environments

• Capture The Flag training

❌ Prohibited

• Unauthorized access to systems

• Malicious hacking or attacks

• Testing without explicit permission

• Any illegal activities

🐳 Docker Deployment

Quick Start with Docker

Using Docker Compose (Recommended)

# Start the server
docker-compose up -d

# View logs
docker-compose logs -f

# Stop the server
docker-compose down

# Rebuild after code changes
docker-compose up -d --build

Using Docker directly

# Build the image
docker build -t foxibu/ctf-solver:latest .

# Run the container
docker run -d \
  --name ctf-solver \
  -p 5000:5000 \
  -v $(pwd)/sessions:/app/sessions \
  -v $(pwd)/workspaces:/app/workspaces \
  foxibu/ctf-solver:latest

# View logs
docker logs -f ctf-solver

# Stop and remove
docker stop ctf-solver && docker rm ctf-solver

Docker Commands

# Check container health
docker ps
docker exec ctf-solver curl http://localhost:5000/health

# Access container shell
docker exec -it ctf-solver /bin/bash

# View resource usage
docker stats ctf-solver

# Export/Import image
docker save foxibu/ctf-solver:latest | gzip > ctf-solver.tar.gz
docker load < ctf-solver.tar.gz

Benefits of Docker Deployment

✅ Zero Configuration - All 55+ tools pre-installed ✅ Cross-Platform - Works on Windows, Mac, Linux ✅ Isolated Environment - Safe malware analysis ✅ Version Control - Reproducible CTF environments ✅ Easy Updates - docker-compose pull && docker-compose up -d ✅ Resource Limits - Controlled CPU/memory usage

Persistent Data

The Docker setup automatically persists:

• Sessions: ./sessions/ - Active analysis sessions

• Workspaces: ./workspaces/ - Challenge files and results

• Custom wordlists: ./wordlists/ (mount your own)

🔧 Configuration

Environment Variables

export KALI_SERVER_URL="http://localhost:5000"
export KALI_REQUEST_TIMEOUT=300  # 5 minutes
export DEBUG_MODE=1  # Enable debug logging

Custom Port

# Kali server on custom port
python3 kali_server.py --port 8080

# MCP client with custom server
python3 src/my_server/mcp_server.py --server http://localhost:8080

Remote Access (SSH Tunnel)

# On client machine
ssh -L 5000:localhost:5000 user@kali-server.example.com

# Configure MCP client to use localhost:5000

🤝 Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

Development Setup

# Clone repository
git clone https://github.com/Wh0am123/MCP-Kali-Server.git
cd MCP-Kali-Server

# Install in development mode
pip install -e .

# Run tests
python3 kali_server.py --debug

📰 Media & Articles

📝 How MCP is Revolutionizing Offensive Security - Medium Article by Author

⚠️ Legal Notice

FOR AUTHORIZED SECURITY TESTING ONLY

This tool is designed exclusively for:

✅ Authorized penetration testing with written permission ✅ CTF competitions and educational wargames ✅ Security research in controlled environments ✅ Bug bounty programs within defined scope ✅ Personal lab environments you own

❌ Unauthorized access to systems ❌ Malicious hacking or attacks ❌ Testing without explicit permission ❌ Any illegal activities

By using this tool, you agree to:

• Obtain proper authorization before testing any systems

• Comply with all applicable laws and regulations

• Use this tool responsibly and ethically

• Accept full responsibility for your actions

The authors assume NO responsibility for misuse. Unauthorized access to computer systems is illegal and punishable by law.

📄 License

This project is licensed under the MIT License - see the LICENSE file for details.

🙏 Credits

• Author: Yousof Nahya

• Inspired by: Project Astro

• Built with: FastMCP, Flask, and the offensive security community

• Powered by: Kali Linux, Model Context Protocol

🔗 Links

• GitHub Repository: github.com/Wh0am123/MCP-Kali-Server

• Model Context Protocol: modelcontextprotocol.io

• Kali Linux: kali.org

• FastMCP: github.com/jlowin/fastmcp

📊 Statistics

• 55+ Security Tools integrated

• 7 CTF Categories supported

• 73+ API Endpoints available

• 3 Advanced Forensics Workflows automated

• 4 Workflow Prompts included

• 100+ Pages of documentation

⭐ Star this repo if you find it useful!

Made with ❤️ by the offensive security community