Labsco
cyberillo logo

Kali MCP Server

β˜… 7

from cyberillo

A Python MCP Server that connects Large Language Models natively to a comprehensive suite of offensive security tools.

πŸ”₯πŸ”₯πŸ”₯βœ“ VerifiedFreeAdvanced setup
<img alt="image" src="https://raw.githubusercontent.com/cyberillo/kali-mcp-server/refs/heads/main/resources/kali-mcp-server-banner.png">

πŸ‰ Kali Linux MCP Server

πŸ“– Project Overview

The Kali Linux MCP Server is a specialized Model Context Protocol (MCP) implementation designed to connect Large Language Models natively to a comprehensive suite of offensive security, reconnaissance, and enumeration tools. Powered by the FastMCP Python SDK, this server translates natural language requests into safe, encapsulated command-line executions of standard Kali Linux utilities.

By exposing these tools as MCP resources, AI agents can autonomously perform WHOIS lookups, run Nmap scans, fuzz web directories, search exploit databases, and even interface with the Metasploit Framework, all while returning structured standard output and error logs back to the LLM's context window.

Key Features

  • 🎯 Comprehensive Offensive Security Toolkit: Natively exposes distinct categories of penetration testing tools to your LLM. The server logically categorizes capabilities, including dedicated modules for Password Cracking & Brute Forcing, as well as Exploitation & Sniffing.
  • πŸ“¦ Automated & Isolated Containerization: The included Docker configuration ensures a frictionless, reproducible setup. It utilizes the DEBIAN_FRONTEND=noninteractive environment variable to suppress manual prompts during Debian package installations, guaranteeing a fully automated build process.
  • Native MCP SDK Integration: Built robustly on top of the official mcp Python SDK. The environment is flexible, allowing the SDK to be installed globally within the isolated container (--break-system-packages) or via a localized Python virtual environment.
  • ⚑ Standardized stdio Transport: Utilizes direct standard input/output for JSON-RPC communication, bypassing complex network configurations and ensuring out-of-the-box compatibility with AI IDEs (like Cursor and VS Code) and desktop clients (like Claude Desktop).

Demo

Hash Crack

<img alt="image" src="https://raw.githubusercontent.com/cyberillo/kali-mcp-server/refs/heads/main/resources/claude-hash-crack-demo.gif">

Vulnerability Scan

 Autonomous Vulnerability Scanning with GitHub Copilot & Kali MCP Server

MCP Tool Definitions

The server exposes 21 specialized tools categorized by their operational phase.

CategoryTool NameDescription & Parameters
Reconwhois_lookupPerforms a WHOIS lookup. Params: domain (str).
Recondnsenum_scanEnumerates DNS records. Params: domain (str).
Reconwhatweb_scanIdentifies CMS and headers. Params: target_url (str).
Reconamass_enumPassive subdomain enumeration. Params: domain (str).
Reconnetdiscover_scanFinds active hosts. Params: ip_range (str).
Scanningnmap_scanNetwork discovery and port scanning. Params: target (str), flags (str, default: -sV -F).
Scanningenum4linux_scanEnumerates Windows/Samba systems. Params: target_ip (str).
Scanningsmbclient_listLists SMB shares. Params: target_ip (str), user (str), password (str).
Web Secnikto_scanWeb vulnerability scan. Params: target_url (str).
Web Secgobuster_dirDirectory brute-forcing. Params: target_url (str), wordlist (str).
Web Secdirb_scanWeb content scanning. Params: target_url (str), wordlist (str).
Web Secffuf_scanFast web directory fuzzing. Params: target_url (str), wordlist (str).
Web Secwfuzz_scanWeb parameter/directory fuzzing. Params: target_url (str), wordlist (str).
Web Secsqlmap_scanSQL injection detection/exploitation. Params: target_url (str), params (str).
Web Secwpscan_enumWordPress vulnerability scanner. Params: target_url (str).
Crackinghydra_bruteforceBrute force login credentials. Params: target (str), service (str), user (str), wordlist (str).
Crackingjohn_crackCracks password hashes. Params: hash_file (str), wordlist (str).
Crackinghashcat_crackResource-intensive hash cracking. Params: hash_file (str), hash_type (str), wordlist (str).
Exploitsearchsploit_querySearches Exploit Database. Params: query (str).
Exploittcpdump_sniffCaptures network packets. Params: interface (str), packet_count (str).
Exploitmetasploit_exploitExecutes an MSF module. Params: module (str), options (str).

Pro-Tip for LLMs: When asking the LLM to run metasploit_exploit, format options carefully as comma-separated KEY=VALUE pairs (e.g., RHOSTS=192.168.1.5, LHOST=10.0.0.2).

βš™οΈ Environment Variables

While the Python server script does not enforce custom application-level environment variables, the Docker environment relies on the following standard Linux variable:

DEBIAN_FRONTEND: Set to noninteractive in the Dockerfile to prevent the build process from hanging on interactive prompt requests during apt installations.