/ Verzeichnis / Playground / MCP-Kali-Server
← Alle Server ↗ GitHub
● Community Wh0am123 ⚡ Sofort

MCP-Kali-Server

von Wh0am123 · Wh0am123/MCP-Kali-Server

Lightweight API bridge connecting AI agents to Kali Linux for AI-assisted pentesting and CTF challenges in real time.

MCP-Kali-Server is a Python-based API bridge that connects AI agents (Claude, GPT, DeepSeek, Ollama) to a Kali Linux machine. It provides a controlled command execution interface for running security tools like Nmap, Metasploit, Hydra, SQLMap, and more. Designed for authorized penetration testing, bug bounty hunting, and CTF competitions.

▶ Demo ansehen 📦 Installieren 💡 Anwendungsfälle

Warum nutzen

Hauptfunktionen

Live-Demo

In der Praxis

mcp-kali-server.replay ▶ bereit
0/0

Installieren

Wählen Sie Ihren Client

~/Library/Application Support/Claude/claude_desktop_config.json  · Windows: %APPDATA%\Claude\claude_desktop_config.json
{
  "mcpServers": {
    "mcp-kali-server": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/Wh0am123/MCP-Kali-Server"
      ]
    }
  }
}

Öffne Claude Desktop → Settings → Developer → Edit Config. Nach dem Speichern neu starten.

~/.cursor/mcp.json · .cursor/mcp.json
{
  "mcpServers": {
    "mcp-kali-server": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/Wh0am123/MCP-Kali-Server"
      ]
    }
  }
}

Cursor nutzt das gleiche mcpServers-Schema wie Claude Desktop. Projektkonfiguration schlägt die globale.

VS Code → Cline → MCP Servers → Edit
{
  "mcpServers": {
    "mcp-kali-server": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/Wh0am123/MCP-Kali-Server"
      ]
    }
  }
}

Klicken Sie auf das MCP-Servers-Symbol in der Cline-Seitenleiste, dann "Edit Configuration".

~/.codeium/windsurf/mcp_config.json
{
  "mcpServers": {
    "mcp-kali-server": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/Wh0am123/MCP-Kali-Server"
      ]
    }
  }
}

Gleiche Struktur wie Claude Desktop. Windsurf neu starten zum Übernehmen.

~/.continue/config.json
{
  "mcpServers": [
    {
      "name": "mcp-kali-server",
      "command": "TODO",
      "args": [
        "See README: https://github.com/Wh0am123/MCP-Kali-Server"
      ]
    }
  ]
}

Continue nutzt ein Array von Serverobjekten statt einer Map.

~/.config/zed/settings.json
{
  "context_servers": {
    "mcp-kali-server": {
      "command": {
        "path": "TODO",
        "args": [
          "See README: https://github.com/Wh0am123/MCP-Kali-Server"
        ]
      }
    }
  }
}

In context_servers hinzufügen. Zed lädt beim Speichern neu.

claude mcp add mcp-kali-server -- TODO 'See README: https://github.com/Wh0am123/MCP-Kali-Server'

Einzeiler. Prüfen mit claude mcp list. Entfernen mit claude mcp remove.

Anwendungsfälle

Praxisnahe Nutzung: MCP-Kali-Server

How to solve CTF challenges with AI-assisted Kali Linux

👤 CTF participants who want AI help running security tools ⏱ ~60 min intermediate

Wann einsetzen: You're in a CTF competition and want AI to help run and interpret Kali tools.

Voraussetzungen
  • Kali Linux with MCP server running — Clone repo, pip install -r requirements.txt, ./server.py
  • MCP client connected — Run ./client.py --server http://kali-ip:5000
Ablauf
  1. Enumerate the target
    Run an nmap scan on 10.10.10.1 with service detection and OS fingerprinting. What services are running?✓ Kopiert
    → Nmap results with open ports, services, and version info
  2. Exploit a finding
    Port 80 has a PHP application. Run nikto for vulnerability scanning and gobuster for directory enumeration.✓ Kopiert
    → Scan results with interesting findings
  3. Crack credentials
    Found a login at /admin. Use hydra with rockyou.txt to brute-force the login.✓ Kopiert
    → Credentials found or exhausted

Ergebnis: Systematic CTF enumeration and exploitation with AI interpreting results.

Fallstricke
  • Running too many concurrent scans — Run one tool at a time to avoid overloading the target and confusing results

Kombinationen

Mit anderen MCPs für 10-fache Wirkung

mcp-kali-server + filesystem

Save scan results and CTF writeups to local files

Save all our scan results and the solution steps to ~/ctf/htb-machine-writeup.md.✓ Kopiert

Werkzeuge

Was dieses MCP bereitstellt

WerkzeugEingabenWann aufrufenKosten
execute_command command: str Run any terminal command on the Kali machine 0
nmap target: str, options?: str Network scanning and service detection 0
sqlmap url: str, options?: str SQL injection testing 0
hydra target: str, service: str, wordlist?: str Brute-force authentication testing 0

Kosten & Limits

Was der Betrieb kostet

API-Kontingent
N/A — all tools run locally on Kali
Tokens pro Aufruf
300–2000 tokens per command output
Kosten in €
Free — requires a Kali Linux installation
Tipp
Use targeted scans instead of full-range sweeps to get faster, cleaner results.

Sicherheit

Rechte, Secrets, Reichweite

Credential-Speicherung: N/A — connects to local Kali instance
Datenabfluss: Commands execute on the Kali machine. Network scans reach target IPs.

Fehlerbehebung

Häufige Fehler und Lösungen

Connection refused to server

Ensure server.py is running on the Kali machine and the port is accessible. Check firewall rules.

Prüfen: curl http://kali-ip:5000/health
Command timeout

Some security tools take a long time. Increase the timeout or use less aggressive scan options.

Prüfen: Try a simple command like 'whoami' to test connectivity
Tool not found

Install missing tools via apt: sudo apt install <tool-name>. Kali includes most tools by default.

Prüfen: which <tool-name>

Alternativen

MCP-Kali-Server vs. andere

AlternativeWann stattdessenKompromiss
hexstrike-aiYou want AI agents that autonomously decide which tools to runMore intelligence but less direct control
mcp-security-hubYou want Dockerized security tools with better isolationBetter isolation but more setup overhead

Mehr

Ressourcen

📖 Offizielle README auf GitHub lesen

🐙 Offene Issues ansehen

🔍 Alle 400+ MCP-Server und Skills durchsuchen