/ Annuaire / Playground / MCP-Kali-Server
← Tous les serveurs ↗ GitHub
● Communauté Wh0am123 ⚡ Instantané

MCP-Kali-Server

par Wh0am123 · Wh0am123/MCP-Kali-Server

Lightweight API bridge connecting AI agents to Kali Linux for AI-assisted pentesting and CTF challenges in real time.

MCP-Kali-Server is a Python-based API bridge that connects AI agents (Claude, GPT, DeepSeek, Ollama) to a Kali Linux machine. It provides a controlled command execution interface for running security tools like Nmap, Metasploit, Hydra, SQLMap, and more. Designed for authorized penetration testing, bug bounty hunting, and CTF competitions.

▶ Voir la démo 📦 Installer 💡 Cas d'usage

Pourquoi l'utiliser

Fonctionnalités clés

Démo en direct

Aperçu en pratique

mcp-kali-server.replay ▶ prêt
0/0

Installer

Choisissez votre client

~/Library/Application Support/Claude/claude_desktop_config.json  · Windows: %APPDATA%\Claude\claude_desktop_config.json
{
  "mcpServers": {
    "mcp-kali-server": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/Wh0am123/MCP-Kali-Server"
      ]
    }
  }
}

Ouvrez Claude Desktop → Settings → Developer → Edit Config. Redémarrez après avoir enregistré.

~/.cursor/mcp.json · .cursor/mcp.json
{
  "mcpServers": {
    "mcp-kali-server": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/Wh0am123/MCP-Kali-Server"
      ]
    }
  }
}

Cursor utilise le même schéma mcpServers que Claude Desktop. La config projet l'emporte sur la globale.

VS Code → Cline → MCP Servers → Edit
{
  "mcpServers": {
    "mcp-kali-server": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/Wh0am123/MCP-Kali-Server"
      ]
    }
  }
}

Cliquez sur l'icône MCP Servers dans la barre latérale Cline, puis "Edit Configuration".

~/.codeium/windsurf/mcp_config.json
{
  "mcpServers": {
    "mcp-kali-server": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/Wh0am123/MCP-Kali-Server"
      ]
    }
  }
}

Même format que Claude Desktop. Redémarrez Windsurf pour appliquer.

~/.continue/config.json
{
  "mcpServers": [
    {
      "name": "mcp-kali-server",
      "command": "TODO",
      "args": [
        "See README: https://github.com/Wh0am123/MCP-Kali-Server"
      ]
    }
  ]
}

Continue utilise un tableau d'objets serveur plutôt qu'une map.

~/.config/zed/settings.json
{
  "context_servers": {
    "mcp-kali-server": {
      "command": {
        "path": "TODO",
        "args": [
          "See README: https://github.com/Wh0am123/MCP-Kali-Server"
        ]
      }
    }
  }
}

Ajoutez dans context_servers. Zed recharge à chaud à la sauvegarde.

claude mcp add mcp-kali-server -- TODO 'See README: https://github.com/Wh0am123/MCP-Kali-Server'

Une seule ligne. Vérifiez avec claude mcp list. Supprimez avec claude mcp remove.

Cas d'usage

Usages concrets : MCP-Kali-Server

How to solve CTF challenges with AI-assisted Kali Linux

👤 CTF participants who want AI help running security tools ⏱ ~60 min intermediate

Quand l'utiliser : You're in a CTF competition and want AI to help run and interpret Kali tools.

Prérequis
  • Kali Linux with MCP server running — Clone repo, pip install -r requirements.txt, ./server.py
  • MCP client connected — Run ./client.py --server http://kali-ip:5000
Déroulement
  1. Enumerate the target
    Run an nmap scan on 10.10.10.1 with service detection and OS fingerprinting. What services are running?✓ Copié
    → Nmap results with open ports, services, and version info
  2. Exploit a finding
    Port 80 has a PHP application. Run nikto for vulnerability scanning and gobuster for directory enumeration.✓ Copié
    → Scan results with interesting findings
  3. Crack credentials
    Found a login at /admin. Use hydra with rockyou.txt to brute-force the login.✓ Copié
    → Credentials found or exhausted

Résultat : Systematic CTF enumeration and exploitation with AI interpreting results.

Pièges
  • Running too many concurrent scans — Run one tool at a time to avoid overloading the target and confusing results

Combinaisons

Associez-le à d'autres MCPs pour un effet X10

mcp-kali-server + filesystem

Save scan results and CTF writeups to local files

Save all our scan results and the solution steps to ~/ctf/htb-machine-writeup.md.✓ Copié

Outils

Ce que ce MCP expose

OutilEntréesQuand appelerCoût
execute_command command: str Run any terminal command on the Kali machine 0
nmap target: str, options?: str Network scanning and service detection 0
sqlmap url: str, options?: str SQL injection testing 0
hydra target: str, service: str, wordlist?: str Brute-force authentication testing 0

Coût et limites

Coût d'exécution

Quota d'API
N/A — all tools run locally on Kali
Tokens par appel
300–2000 tokens per command output
Monétaire
Free — requires a Kali Linux installation
Astuce
Use targeted scans instead of full-range sweeps to get faster, cleaner results.

Sécurité

Permissions, secrets, portée

Stockage des identifiants : N/A — connects to local Kali instance
Sortie de données : Commands execute on the Kali machine. Network scans reach target IPs.

Dépannage

Erreurs courantes et correctifs

Connection refused to server

Ensure server.py is running on the Kali machine and the port is accessible. Check firewall rules.

Vérifier : curl http://kali-ip:5000/health
Command timeout

Some security tools take a long time. Increase the timeout or use less aggressive scan options.

Vérifier : Try a simple command like 'whoami' to test connectivity
Tool not found

Install missing tools via apt: sudo apt install <tool-name>. Kali includes most tools by default.

Vérifier : which <tool-name>

Alternatives

MCP-Kali-Server vs autres

AlternativeQuand l'utiliserCompromis
hexstrike-aiYou want AI agents that autonomously decide which tools to runMore intelligence but less direct control
mcp-security-hubYou want Dockerized security tools with better isolationBetter isolation but more setup overhead

Plus

Ressources

📖 Lire le README officiel sur GitHub

🐙 Voir les issues ouvertes

🔍 Parcourir les 400+ serveurs MCP et Skills