Ligolo-ng MCP Server
Manages Ligolo-ng operations on a remote Kali Linux machine via SSH, enabling proxy management, agent control, tunnel setup, route management, and port forwarding for network pivoting during security assessments.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@Ligolo-ng MCP ServerStart the ligolo proxy with self-cert enabled"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
Ligolo-ng MCP Server
A Model Context Protocol (MCP) server for managing Ligolo-ng - a lightweight and fast tunneling tool for establishing reverse TCP/TLS tunnels during penetration testing and red team engagements.
Overview
This MCP server enables AI assistants to control Ligolo-ng operations on a remote Kali Linux machine via SSH. It provides tools for managing the proxy server, agents, tunnels, routes, and listeners - all the core functionality needed for network pivoting during security assessments.
Features
Proxy Management: Start, stop, and monitor the Ligolo-ng proxy server
Agent Control: List connected agents and manage sessions
Network Interface: Create and manage TUN interfaces for tunneling
Tunnel Operations: Start/stop tunnels through agent sessions
Route Management: Add and remove routes to target networks
Listener Configuration: Set up port forwarding through agents
Agent Command Generation: Generate agent connection commands for targets
Prerequisites
Node.js 18+
SSH access to a Kali Linux machine with Ligolo-ng installed
SSH key-based authentication configured (passwordless SSH)
Installation
# Clone the repository
git clone https://github.com/schwarztim/sec-ligolo-ng-mcp.git
cd sec-ligolo-ng-mcp
# Install dependencies
npm install
# Build the project
npm run buildConfiguration
Environment Variables
Variable | Default | Description |
|
| SSH hostname or alias for your Kali machine |
|
| Port for agent connections |
|
| Port for the Ligolo-ng web API |
|
| Default TUN interface name |
SSH Configuration
Ensure your SSH config (~/.ssh/config) has an entry for your Kali machine:
Host kali
HostName 192.168.1.100
User root
IdentityFile ~/.ssh/id_rsaClaude Desktop Integration
Add to your claude_desktop_config.json:
{
"mcpServers": {
"ligolo-ng": {
"command": "node",
"args": ["/path/to/sec-ligolo-ng-mcp/dist/index.js"],
"env": {
"KALI_HOST": "kali",
"LIGOLO_PROXY_PORT": "11601"
}
}
}
}Available Tools
Proxy Management
Tool | Description |
| Start the Ligolo-ng proxy server with optional self-signed certs and API |
| Stop the running proxy server |
| Check proxy status and view recent logs |
Session Management
Tool | Description |
| List all connected agents |
| Select an agent session to work with |
| Get network information from the selected agent |
Network Configuration
Tool | Description |
| Create a TUN interface for tunneling |
| List all TUN interfaces |
| Start a tunnel through the selected session |
| Stop the active tunnel |
Routing
Tool | Description |
| Add a route to access target networks |
| Remove a route |
| List all Ligolo routes |
Port Forwarding
Tool | Description |
| Add a listener for reverse connections |
| List active listeners |
| Remove a listener |
Utilities
Tool | Description |
| Generate agent command for target deployment |
| Get certificate fingerprint for secure connections |
| Send raw commands to the proxy console |
Usage Example
Basic Pivoting Workflow
Start the proxy on Kali:
Use ligolo_proxy_start with selfcert enabledGenerate agent command:
Use ligolo_agent_command with your Kali IPCreate TUN interface:
Use ligolo_interface_createAfter agent connects, add routes:
Use ligolo_route_add with network 10.10.10.0/24Start the tunnel:
Use ligolo_tunnel_start
Now you can access the 10.10.10.0/24 network through your Kali machine.
Setting Up Reverse Shell Callback
Use listeners to receive reverse shells through the pivot:
Use ligolo_listener_add with:
localAddress: 0.0.0.0:4444
remoteAddress: 127.0.0.1:4444This forwards connections from port 4444 on the agent back to your Kali's port 4444.
Security Considerations
This tool is designed for authorized security testing only
Always use certificate verification in production environments
The proxy runs with elevated privileges to manage network interfaces
SSH keys should be properly secured and not shared
Development
# Watch mode for development
npm run dev
# Build
npm run build
# Start the server
npm startLicense
MIT License - See LICENSE for details.
Acknowledgments
Ligolo-ng by Nicolas Chatelain
Model Context Protocol by Anthropic
Disclaimer
This tool is intended for authorized security testing and educational purposes only. Users are responsible for ensuring they have proper authorization before using this tool against any systems. The authors are not responsible for any misuse or damage caused by this tool.
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/schwarztim/sec-ligolo-ng-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server