Install missing tools via apt: sudo apt install . Kali includes most tools by default.

MCP-Kali-Server MCP — ユースケース, インストール & ライブデモ

なぜ使うのか

主な機能

Lightweight API bridge to Kali Linux terminal commands
Compatible with multiple AI backends (OpenAI, Claude, DeepSeek, Ollama)
Built-in support for Nmap, Metasploit, Hydra, SQLMap, WPScan, and more
Web challenge support — AI can interact with websites and APIs to capture flags
Simple client-server architecture with configurable host/port

ライブデモ

実際の動作

mcp-kali-server.replay ▶ 準備完了

0/0

インストール

クライアントを選択

~/Library/Application Support/Claude/claude_desktop_config.json · Windows: %APPDATA%\Claude\claude_desktop_config.json

{
  "mcpServers": {
    "mcp-kali-server": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/Wh0am123/MCP-Kali-Server"
      ]
    }
  }
}

Claude Desktop → Settings → Developer → Edit Config を開く。保存後、アプリを再起動。

~/.cursor/mcp.json · .cursor/mcp.json

{
  "mcpServers": {
    "mcp-kali-server": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/Wh0am123/MCP-Kali-Server"
      ]
    }
  }
}

Cursor は Claude Desktop と同じ mcpServers スキーマを使用。プロジェクト設定はグローバルより優先。

VS Code → Cline → MCP Servers → Edit

{
  "mcpServers": {
    "mcp-kali-server": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/Wh0am123/MCP-Kali-Server"
      ]
    }
  }
}

Cline サイドバーの MCP Servers アイコンをクリックし、"Edit Configuration" を選択。

~/.codeium/windsurf/mcp_config.json

{
  "mcpServers": {
    "mcp-kali-server": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/Wh0am123/MCP-Kali-Server"
      ]
    }
  }
}

Claude Desktop と同じ形式。Windsurf を再起動して反映。

~/.continue/config.json

{
  "mcpServers": [
    {
      "name": "mcp-kali-server",
      "command": "TODO",
      "args": [
        "See README: https://github.com/Wh0am123/MCP-Kali-Server"
      ]
    }
  ]
}

Continue はマップではなくサーバーオブジェクトの配列を使用。

~/.config/zed/settings.json

{
  "context_servers": {
    "mcp-kali-server": {
      "command": {
        "path": "TODO",
        "args": [
          "See README: https://github.com/Wh0am123/MCP-Kali-Server"
        ]
      }
    }
  }
}

context_servers に追加。保存時に Zed がホットリロード。

claude mcp add mcp-kali-server -- TODO 'See README: https://github.com/Wh0am123/MCP-Kali-Server'

ワンライナー。claude mcp list で確認、claude mcp remove で削除。

ユースケース

実用的な使い方： MCP-Kali-Server

How to solve CTF challenges with AI-assisted Kali Linux

👤 CTF participants who want AI help running security tools ⏱ ~60 min intermediate

使うタイミング： You're in a CTF competition and want AI to help run and interpret Kali tools.

前提条件

Kali Linux with MCP server running — Clone repo, pip install -r requirements.txt, ./server.py
MCP client connected — Run ./client.py --server http://kali-ip:5000

フロー

Enumerate the target

Run an nmap scan on 10.10.10.1 with service detection and OS fingerprinting. What services are running?✓ コピーしました

→ Nmap results with open ports, services, and version info
Exploit a finding

Port 80 has a PHP application. Run nikto for vulnerability scanning and gobuster for directory enumeration.✓ コピーしました

→ Scan results with interesting findings
Crack credentials

Found a login at /admin. Use hydra with rockyou.txt to brute-force the login.✓ コピーしました

→ Credentials found or exhausted

結果： Systematic CTF enumeration and exploitation with AI interpreting results.

注意点

Running too many concurrent scans — Run one tool at a time to avoid overloading the target and confusing results

組み合わせ

他のMCPと組み合わせて10倍の力を

mcp-kali-server + filesystem

Save scan results and CTF writeups to local files

Save all our scan results and the solution steps to ~/ctf/htb-machine-writeup.md.✓ コピーしました

ツール

このMCPが提供する機能

ツール	入力	呼び出すタイミング
execute_command	command: str	Run any terminal command on the Kali machine
nmap	target: str, options?: str	Network scanning and service detection
sqlmap	url: str, options?: str	SQL injection testing
hydra	target: str, service: str, wordlist?: str	Brute-force authentication testing

コストと制限

運用コスト

APIクォータ: N/A — all tools run locally on Kali
呼び出しあたりのトークン: 300–2000 tokens per command output
金額: Free — requires a Kali Linux installation
ヒント: Use targeted scans instead of full-range sweeps to get faster, cleaner results.

セキュリティ

権限、シークレット、影響範囲

認証情報の保管： N/A — connects to local Kali instance

データ送信先： Commands execute on the Kali machine. Network scans reach target IPs.

⚠ This tool is designed for authorized security research, CTF competitions, and defensive analysis only. Do not use it against systems you don't own or have written authorization to test.
This server provides direct terminal access to a Kali machine — it can execute any command.
Always run in an isolated lab environment, never on production networks.
Unauthorized penetration testing is illegal in most jurisdictions.

トラブルシューティング

よくあるエラーと対処法

Connection refused to server

Ensure server.py is running on the Kali machine and the port is accessible. Check firewall rules.

確認： curl http://kali-ip:5000/health

Command timeout

Some security tools take a long time. Increase the timeout or use less aggressive scan options.

確認： Try a simple command like 'whoami' to test connectivity

Tool not found

Install missing tools via apt: sudo apt install <tool-name>. Kali includes most tools by default.

確認： which <tool-name>

代替案

MCP-Kali-Server 他との比較

代替案	代わりに使う場面	トレードオフ
hexstrike-ai	You want AI agents that autonomously decide which tools to run	More intelligence but less direct control
mcp-security-hub	You want Dockerized security tools with better isolation	Better isolation but more setup overhead

その他

リソース

📖 GitHub の公式 README を読む

🐙 オープンな issue を見る

🔍 400以上のMCPサーバーとSkillsを見る