/ Directory / Playground / MCP-Kali-Server
← All servers ↗ GitHub
● Community Wh0am123 ⚡ Instant

MCP-Kali-Server

by Wh0am123 · Wh0am123/MCP-Kali-Server

Lightweight API bridge connecting AI agents to Kali Linux for AI-assisted pentesting and CTF challenges in real time.

MCP-Kali-Server is a Python-based API bridge that connects AI agents (Claude, GPT, DeepSeek, Ollama) to a Kali Linux machine. It provides a controlled command execution interface for running security tools like Nmap, Metasploit, Hydra, SQLMap, and more. Designed for authorized penetration testing, bug bounty hunting, and CTF competitions.

▶ Watch demo 📦 Install 💡 Use Cases

Why use it

Key features

Live Demo

What it looks like in practice

mcp-kali-server.replay ▶ ready
0/0

Install

Pick your client

~/Library/Application Support/Claude/claude_desktop_config.json  · Windows: %APPDATA%\Claude\claude_desktop_config.json
{
  "mcpServers": {
    "mcp-kali-server": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/Wh0am123/MCP-Kali-Server"
      ]
    }
  }
}

Open Claude Desktop → Settings → Developer → Edit Config. Restart after saving.

~/.cursor/mcp.json · .cursor/mcp.json
{
  "mcpServers": {
    "mcp-kali-server": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/Wh0am123/MCP-Kali-Server"
      ]
    }
  }
}

Cursor uses the same mcpServers schema as Claude Desktop. Project config wins over global.

VS Code → Cline → MCP Servers → Edit
{
  "mcpServers": {
    "mcp-kali-server": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/Wh0am123/MCP-Kali-Server"
      ]
    }
  }
}

Click the MCP Servers icon in the Cline sidebar, then "Edit Configuration".

~/.codeium/windsurf/mcp_config.json
{
  "mcpServers": {
    "mcp-kali-server": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/Wh0am123/MCP-Kali-Server"
      ]
    }
  }
}

Same shape as Claude Desktop. Restart Windsurf to pick up changes.

~/.continue/config.json
{
  "mcpServers": [
    {
      "name": "mcp-kali-server",
      "command": "TODO",
      "args": [
        "See README: https://github.com/Wh0am123/MCP-Kali-Server"
      ]
    }
  ]
}

Continue uses an array of server objects rather than a map.

~/.config/zed/settings.json
{
  "context_servers": {
    "mcp-kali-server": {
      "command": {
        "path": "TODO",
        "args": [
          "See README: https://github.com/Wh0am123/MCP-Kali-Server"
        ]
      }
    }
  }
}

Add to context_servers. Zed hot-reloads on save.

claude mcp add mcp-kali-server -- TODO 'See README: https://github.com/Wh0am123/MCP-Kali-Server'

One-liner. Verify with claude mcp list. Remove with claude mcp remove.

Use Cases

Real-world ways to use MCP-Kali-Server

How to solve CTF challenges with AI-assisted Kali Linux

👤 CTF participants who want AI help running security tools ⏱ ~60 min intermediate

When to use: You're in a CTF competition and want AI to help run and interpret Kali tools.

Prerequisites
  • Kali Linux with MCP server running — Clone repo, pip install -r requirements.txt, ./server.py
  • MCP client connected — Run ./client.py --server http://kali-ip:5000
Flow
  1. Enumerate the target
    Run an nmap scan on 10.10.10.1 with service detection and OS fingerprinting. What services are running?✓ Copied
    → Nmap results with open ports, services, and version info
  2. Exploit a finding
    Port 80 has a PHP application. Run nikto for vulnerability scanning and gobuster for directory enumeration.✓ Copied
    → Scan results with interesting findings
  3. Crack credentials
    Found a login at /admin. Use hydra with rockyou.txt to brute-force the login.✓ Copied
    → Credentials found or exhausted

Outcome: Systematic CTF enumeration and exploitation with AI interpreting results.

Pitfalls
  • Running too many concurrent scans — Run one tool at a time to avoid overloading the target and confusing results

Combinations

Pair with other MCPs for X10 leverage

mcp-kali-server + filesystem

Save scan results and CTF writeups to local files

Save all our scan results and the solution steps to ~/ctf/htb-machine-writeup.md.✓ Copied

Tools

What this MCP exposes

ToolInputsWhen to callCost
execute_command command: str Run any terminal command on the Kali machine 0
nmap target: str, options?: str Network scanning and service detection 0
sqlmap url: str, options?: str SQL injection testing 0
hydra target: str, service: str, wordlist?: str Brute-force authentication testing 0

Cost & Limits

What this costs to run

API quota
N/A — all tools run locally on Kali
Tokens per call
300–2000 tokens per command output
Monetary
Free — requires a Kali Linux installation
Tip
Use targeted scans instead of full-range sweeps to get faster, cleaner results.

Security

Permissions, secrets, blast radius

Credential storage: N/A — connects to local Kali instance
Data egress: Commands execute on the Kali machine. Network scans reach target IPs.

Troubleshooting

Common errors and fixes

Connection refused to server

Ensure server.py is running on the Kali machine and the port is accessible. Check firewall rules.

Verify: curl http://kali-ip:5000/health
Command timeout

Some security tools take a long time. Increase the timeout or use less aggressive scan options.

Verify: Try a simple command like 'whoami' to test connectivity
Tool not found

Install missing tools via apt: sudo apt install <tool-name>. Kali includes most tools by default.

Verify: which <tool-name>

Alternatives

MCP-Kali-Server vs others

AlternativeWhen to use it insteadTradeoff
hexstrike-aiYou want AI agents that autonomously decide which tools to runMore intelligence but less direct control
mcp-security-hubYou want Dockerized security tools with better isolationBetter isolation but more setup overhead

More

Resources

📖 Read the official README on GitHub

🐙 Browse open issues

🔍 Browse all 400+ MCP servers and Skills