Install missing tools via apt: sudo apt install . Kali includes most tools by default.

MCP-Kali-Server MCP — 사용 사례, 설치 & 라이브 데모

왜 쓰나요

핵심 기능

Lightweight API bridge to Kali Linux terminal commands
Compatible with multiple AI backends (OpenAI, Claude, DeepSeek, Ollama)
Built-in support for Nmap, Metasploit, Hydra, SQLMap, WPScan, and more
Web challenge support — AI can interact with websites and APIs to capture flags
Simple client-server architecture with configurable host/port

라이브 데모

실제 사용 모습

mcp-kali-server.replay ▶ 준비됨

0/0

설치

클라이언트 선택

~/Library/Application Support/Claude/claude_desktop_config.json · Windows: %APPDATA%\Claude\claude_desktop_config.json

{
  "mcpServers": {
    "mcp-kali-server": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/Wh0am123/MCP-Kali-Server"
      ]
    }
  }
}

Claude Desktop → Settings → Developer → Edit Config 열기. 저장 후 앱 재시작.

~/.cursor/mcp.json · .cursor/mcp.json

{
  "mcpServers": {
    "mcp-kali-server": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/Wh0am123/MCP-Kali-Server"
      ]
    }
  }
}

Cursor는 Claude Desktop과 동일한 mcpServers 스키마 사용. 프로젝트 설정이 전역보다 우선.

VS Code → Cline → MCP Servers → Edit

{
  "mcpServers": {
    "mcp-kali-server": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/Wh0am123/MCP-Kali-Server"
      ]
    }
  }
}

Cline 사이드바의 MCP Servers 아이콘 클릭 후 "Edit Configuration" 선택.

~/.codeium/windsurf/mcp_config.json

{
  "mcpServers": {
    "mcp-kali-server": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/Wh0am123/MCP-Kali-Server"
      ]
    }
  }
}

Claude Desktop과 같은 형식. Windsurf 재시작 후 적용.

~/.continue/config.json

{
  "mcpServers": [
    {
      "name": "mcp-kali-server",
      "command": "TODO",
      "args": [
        "See README: https://github.com/Wh0am123/MCP-Kali-Server"
      ]
    }
  ]
}

Continue는 맵이 아닌 서버 오브젝트 배열 사용.

~/.config/zed/settings.json

{
  "context_servers": {
    "mcp-kali-server": {
      "command": {
        "path": "TODO",
        "args": [
          "See README: https://github.com/Wh0am123/MCP-Kali-Server"
        ]
      }
    }
  }
}

context_servers에 추가. 저장 시 Zed가 핫 리로드.

claude mcp add mcp-kali-server -- TODO 'See README: https://github.com/Wh0am123/MCP-Kali-Server'

한 줄 명령. claude mcp list로 확인, claude mcp remove로 제거.

사용 사례

실전 활용법: MCP-Kali-Server

How to solve CTF challenges with AI-assisted Kali Linux

👤 CTF participants who want AI help running security tools ⏱ ~60 min intermediate

언제 쓸까: You're in a CTF competition and want AI to help run and interpret Kali tools.

사전 조건

Kali Linux with MCP server running — Clone repo, pip install -r requirements.txt, ./server.py
MCP client connected — Run ./client.py --server http://kali-ip:5000

흐름

Enumerate the target

Run an nmap scan on 10.10.10.1 with service detection and OS fingerprinting. What services are running?✓ 복사됨

→ Nmap results with open ports, services, and version info
Exploit a finding

Port 80 has a PHP application. Run nikto for vulnerability scanning and gobuster for directory enumeration.✓ 복사됨

→ Scan results with interesting findings
Crack credentials

Found a login at /admin. Use hydra with rockyou.txt to brute-force the login.✓ 복사됨

→ Credentials found or exhausted

결과: Systematic CTF enumeration and exploitation with AI interpreting results.

함정

Running too many concurrent scans — Run one tool at a time to avoid overloading the target and confusing results

조합

다른 MCP와 조합해 10배 효율

mcp-kali-server + filesystem

Save scan results and CTF writeups to local files

Save all our scan results and the solution steps to ~/ctf/htb-machine-writeup.md.✓ 복사됨

도구

이 MCP가 노출하는 것

도구	입력	언제 호출
execute_command	command: str	Run any terminal command on the Kali machine
nmap	target: str, options?: str	Network scanning and service detection
sqlmap	url: str, options?: str	SQL injection testing
hydra	target: str, service: str, wordlist?: str	Brute-force authentication testing

비용 및 제한

운영 비용

API 쿼터: N/A — all tools run locally on Kali
호출당 토큰: 300–2000 tokens per command output
금액: Free — requires a Kali Linux installation
팁: Use targeted scans instead of full-range sweeps to get faster, cleaner results.

보안

권한, 시크릿, 파급범위

자격 증명 저장: N/A — connects to local Kali instance

데이터 외부 송신: Commands execute on the Kali machine. Network scans reach target IPs.

⚠ This tool is designed for authorized security research, CTF competitions, and defensive analysis only. Do not use it against systems you don't own or have written authorization to test.
This server provides direct terminal access to a Kali machine — it can execute any command.
Always run in an isolated lab environment, never on production networks.
Unauthorized penetration testing is illegal in most jurisdictions.

문제 해결

자주 발생하는 오류와 해결

Connection refused to server

Ensure server.py is running on the Kali machine and the port is accessible. Check firewall rules.

확인: curl http://kali-ip:5000/health

Command timeout

Some security tools take a long time. Increase the timeout or use less aggressive scan options.

확인: Try a simple command like 'whoami' to test connectivity

Tool not found

Install missing tools via apt: sudo apt install <tool-name>. Kali includes most tools by default.

확인: which <tool-name>

대안

MCP-Kali-Server 다른 것과 비교

대안	언제 쓰나	단점/장점
hexstrike-ai	You want AI agents that autonomously decide which tools to run	More intelligence but less direct control
mcp-security-hub	You want Dockerized security tools with better isolation	Better isolation but more setup overhead

MCP-Kali-Server