Kali MCP

The Kali MCP Server is an AI-driven network security testing platform that integrates over 55 professional security tools and supports multiple AI interfaces for intelligent penetration testing and vulnerability discovery.

Security Developer tools #Penetration Testing #AI Security #Vulnerability Discovery #Tool Integration .Python

rating : 2.5 points

downloads : 7.6K

update time : 2025-11-12

Open Site

What is Kali MCP Server?

Kali MCP Server is a revolutionary AI-driven network security platform that bridges the gap between artificial intelligence and penetration testing. This system directly integrates over 55 professional security tools through multiple AI interfaces, providing intelligent security testing solutions for network security researchers, penetration testers, and vulnerability bounty hunters.

How to use Kali MCP Server?

Users can describe their security testing requirements to the AI assistant in natural language. The AI will automatically select the appropriate tool combination and execute the corresponding security testing commands. The system supports multiple AI platforms such as Claude Desktop, 5ire, and Ollama, allowing non-technical users to easily conduct professional-level security tests.

Applicable Scenarios

Scenarios such as vulnerability bounty hunting, penetration testing, CTF challenge problem-solving, red team operations, security research, automated security assessment, and network security teaching.

Main Features

AI Intelligent Integration

Supports multiple AI platforms such as Claude Desktop, 5ire, and Ollama, converting natural language into security tool execution commands.

Professional Tool Library

Integrates over 55 industry-standard security tools, covering the entire testing process including reconnaissance, scanning, vulnerability detection, and exploitation.

Workflow Automation

The AI automatically orchestrates the execution order of tools, achieving a complete automated process from reconnaissance to vulnerability verification.

Real-time Execution

Direct command execution with real-time output results, supporting result analysis and interpretation.

Cross-platform Support

Supports Linux, Windows, and macOS clients with flexible deployment options.

Comprehensive Coverage

Covers the entire lifecycle of network security testing from information collection to vulnerability exploitation.

Advantages

Lower the technical threshold: Non-security experts can also conduct professional-level security tests.

Improve efficiency: The AI automatically selects tool combinations, reducing manual configuration time.

Comprehensive coverage: Over 55 tools cover the entire security testing process.

Intelligent analysis: The AI interprets tool outputs, providing actionable insights.

Flexible integration: Supports multiple AI platforms and clients.

Limitations

Dependent on the quality of AI models: The tool selection and execution effects are affected by AI capabilities.

Learning curve: Requires an understanding of basic security testing concepts and terms.

Resource requirements: Running multiple security tools requires sufficient system resources.

Network dependency: Some tools require an Internet connection to obtain the latest data.

Possible false positives: Automated tools may produce false positives and require manual verification.

How to Use

Environment Preparation

Prepare a Kali Linux or similar Linux environment, ensuring that Python 3.8+ and Git are installed.

Clone the Project

Clone the project from the GitHub repository to the local machine.

Install Security Tools

Run the installation script to automatically install all necessary security tools (this may take 15 - 30 minutes).

Install Python Dependencies

Install the Python libraries required by the project.

Start the Server

Start the Kali MCP server.

Configure the AI Client

Configure the MCP server connection according to the AI platform used (Claude Desktop, 5ire, or Ollama).

Usage Examples

Complete Vulnerability Bounty Reconnaissance

Conduct comprehensive security reconnaissance on the target website, including subdomain discovery, service detection, content discovery, and vulnerability scanning.

Subdomain Takeover Detection

Check if the target domain has a subdomain takeover vulnerability, which is a common high-risk vulnerability in vulnerability bounty hunting.

Web Application Security Testing

Conduct comprehensive security testing on the Web application, including crawling, parameter discovery, and vulnerability detection.

CTF Challenge Problem-solving

Help solve Web security challenges in CTF (Capture The Flag) competitions.

Frequently Asked Questions

Do I need a network security background to use this tool?

Which AI platforms are supported?

Is the installation process complicated?

On which systems can it run?

Is this tool legal?

Are the vulnerabilities detected by the tool accurate?

How to add new security tools?

What should I do if a tool execution fails?

Related Resources

GitHub Repository

Project source code, issue tracking, and latest updates.

Demo Video - CTF Problem-solving

A complete demonstration of using Kali MCP Server to solve the RamadanCTF Web challenge.

Demo Video - HTB Machine

A complete process demonstration of solving the HackTheBox machine 'code'.

MCP Protocol Documentation

Official specification documentation for the Model Context Protocol.

Kali Linux Official

Official website and documentation for Kali Linux.

Problem Feedback

Report bugs, request features, or seek technical support.

🚀 MCP Kali Server - Bug Hunting Arsenal

MCP Kali Server is a revolutionary AI - powered cybersecurity platform that bridges the gap between artificial intelligence and penetration testing. It provides direct integration with 55+ professional security tools through multiple AI interfaces, enabling efficient bug hunting and security assessments.

🚀 Quick Start

Prerequisites

Linux Machine (Kali Linux recommended)
Python 3.8+
Git
Internet Connection (for tool downloads)

Step 1: Clone Repository

git clone https://github.com/letchupkt/kali-mcp.git
cd kali-mcp

Step 2: Install Security Tools

# Make installation script executable
chmod +x install_tools.sh

# Run comprehensive tool installation (takes 15 - 30 minutes)
sudo ./install_tools.sh

Step 3: Install Python Dependencies

pip3 install -r requirements.txt

Step 4: Start the Kali Server

python3 kali_server.py

Expected Output:

======================================================================
🚀 KALI LINUX API SERVER - BUG HUNTING ARSENAL
👨‍💻 Author: LAKSHMIKANTHAN K (letchupkt)
© 2025 LAKSHMIKANTHAN K (letchupkt)
======================================================================
INFO:__main__:Starting  Kali Linux Tools API Server on port 5000
INFO:__main__:25+ Security tools ready for bug hunting and penetration testing
======================================================================
 * Running on all addresses (0.0.0.0)
 * Running on http://127.0.0.1:5000
 * Running on http://192.168.1.100:5000

✨ Features

🧠 AI Integration Capabilities

Multi - Platform Support: Claude Desktop, 5ire, Ollama, and custom MCP clients
Natural Language Processing: Convert plain English to security tool execution
Intelligent Parameter Extraction: Automatically parse targets, options, and configurations
Contextual Tool Selection: AI suggests appropriate tools based on objectives
Result Analysis: AI interprets and explains tool outputs

🛡️ Security Arsenal

55+ Professional Tools: Industry - standard security testing utilities
Real - time Execution: Direct command execution with live output streaming
Comprehensive Coverage: From reconnaissance to exploitation
Automated Workflows: Chain multiple tools for complete assessments
Custom Tool Integration: Easy addition of new security tools

🔧 Technical Features

RESTful API: Clean, documented API for all tool interactions
Health Monitoring: Real - time tool availability and status checking
Error Handling: Graceful handling of timeouts and failures
Logging: Comprehensive logging for audit and debugging
Cross - Platform: Works on Linux, Windows, and macOS clients

🏗️ Architecture

┌─────────────────┐    ┌─────────────────┐    ┌─────────────────┐
│   AI Client     │    │   MCP Server    │    │  Kali Server    │
│                 │    │                 │    │                 │
│ • Claude        │◄──►│ • Tool Mapping  │◄──►│ • Tool Execution│
│ • 5ire          │    │ • Parameter     │    │ • Result        │
│ • Ollama        │    │   Processing    │    │   Processing    │
│ • Custom        │    │ • Result        │    │ • Health Check  │
│                 │    │   Formatting    │    │                 │
└─────────────────┘    └─────────────────┘    └─────────────────┘

Component Breakdown

AI Client Layer: Interfaces with various AI models and platforms
MCP Server Layer: Translates AI requests to tool - specific API calls
Kali Server Layer: Executes security tools and returns formatted results

📦 Installation

Prerequisites

Linux Machine (Kali Linux recommended)
Python 3.8+
Git
Internet Connection (for tool downloads)

Step 1: Clone Repository

git clone https://github.com/letchupkt/kali-mcp.git
cd kali-mcp

Step 2: Install Security Tools

# Make installation script executable
chmod +x install_tools.sh

# Run comprehensive tool installation (takes 15 - 30 minutes)
sudo ./install_tools.sh

Step 3: Install Python Dependencies

pip3 install -r requirements.txt

Step 4: Start the Kali Server

python3 kali_server.py

💻 Usage Examples

Method 1: Claude Desktop Integration

Setup:

Edit Claude Desktop configuration:

# Windows
C:\Users\USERNAME\AppData\Roaming\Claude\claude_desktop_config.json

# macOS
~/Library/Application Support/Claude/claude_desktop_config.json

Add MCP server configuration:

{
    "mcpServers": {
        "kali_mcp": {
            "command": "python3",
            "args": [
                "/absolute/path/to/mcp_server.py",
                "--server",
                "http://KALI_IP:5000"
            ]
        }
    }
}

Restart Claude Desktop

Usage Example:

You: "Perform comprehensive subdomain enumeration for example.com"

Claude: I'll help you enumerate subdomains for example.com using multiple tools.

[Executes subfinder_scan, sublister_scan, amass_scan, assetfinder_scan]

Results show 47 unique subdomains discovered across all tools...

Method 2: 5ire Desktop Integration

Setup:

Open 5ire Desktop
Navigate to MCP Settings

Add new MCP server:

Command: python3 /absolute/path/to/mcp_server.py http://KALI_IP:5000

Method 3: Direct Ollama Integration (Recommended)

Setup:

# Install Ollama
curl -fsSL https://ollama.com/install.sh | sh

# Pull a capable model
ollama pull llama3.2
# or for better performance:
ollama pull codellama:13b

# Start the  Ollama client
python3 ollama_client.py --kali-server http://KALI_IP:5000 --model llama3.2

Interactive Session:

======================================================================
🚀  KALI MCP SERVER - BUG HUNTING ARSENAL
👨‍💻 Author: LAKSHMIKANTHAN K (letchupkt)
© 2025 LAKSHMIKANTHAN K (letchupkt)
======================================================================
🤖 Model: llama3.2
🔗 Kali Server: http://192.168.1.100:5000
======================================================================
🎯  Bug Hunting Arsenal Ready!
📋 Type 'help' to see available tools and examples
🔧 Type 'tools' to list all available security tools
❌ Type 'exit' or 'quit' to end the session
======================================================================

🎯 You: Enumerate subdomains for example.com and check for takeovers

🔧 Executing detected tools...

⚡ Running subfinder with parameters: {'domain': 'example.com'}
🔧 **SUBFINDER Results**
==================================================
📋 **Output:**

admin.example.com api.example.com blog.example.com dev.example.com mail.example.com ...


⚡ Running subzy with parameters: {'target': 'example.com'}
🔧 **SUBZY Results**
==================================================
📋 **Output:**

[VULNERABLE] dev.example.com - GitHub Pages takeover possible [SAFE] admin.example.com - No takeover detected ...


🤖 Assistant: I've discovered 23 subdomains for example.com and found 1 potential subdomain takeover vulnerability on dev.example.com pointing to GitHub Pages. Here's what you should do next:

1. Verify the GitHub Pages takeover by checking if the repository exists
2. Probe the live subdomains with httpx for technology detection
3. Run nuclei scans on the active services

Would you like me to continue with these next steps?

📚 Documentation

🎯 Bug Hunting Workflows

Workflow 1: Complete Reconnaissance

AI Prompt:

"Perform complete reconnaissance on target.com including subdomain enumeration, 
HTTP probing, content discovery, and vulnerability scanning"

Execution Flow:

Subdomain Discovery
- subfinder -d target.com
- sublister -d target.com
- amass enum -d target.com
- assetfinder target.com
HTTP Service Probing
- httpx -l subdomains.txt -title -tech - detect -status - code
- katana -u target.com -depth 3
Content Discovery
- ffuf -u https://target.com/FUZZ -w wordlist.txt
- feroxbuster -u https://target.com
- gobuster dir -u https://target.com
Vulnerability Scanning
- nuclei -l live_urls.txt -t cves,exposures
- nikto -h target.com

Workflow 2: Subdomain Takeover Hunt

AI Prompt:

"Check target.com for subdomain takeover vulnerabilities"

Execution Flow:

Subdomain Enumeration
- Multiple subdomain discovery tools
- Consolidate unique results
Takeover Detection
- subzy run --targets subdomains.txt
- subjack -w subdomains.txt -t 100 -timeout 30 -o results.txt
Verification
- Manual verification of flagged subdomains
- Service identification and exploitation assessment

🛠️ Tool Categories

🔍 Reconnaissance & Subdomain Enumeration

Subfinder: Fast subdomain discovery using passive sources. Usage: subfinder -d example.com
Sublister (Sublist3r): Subdomain enumeration using OSINT techniques. Usage: sublist3r -d example.com
OWASP Amass: Network mapping and attack surface discovery. Usage: amass enum -d example.com
Assetfinder: Find domains and subdomains related to a given domain. Usage: assetfinder example.com

📋 Complete Tool List (55+ Tools)

Reconnaissance & Enumeration (15 tools)

Subfinder - Subdomain discovery using passive sources
Sublister - OSINT - based subdomain enumeration
Amass - Network mapping and attack surface discovery
Assetfinder - Find domains and subdomains
DNSx - Fast DNS toolkit with multiple features
ShuffleDNS - DNS bruteforcing wrapper
PureDNS - Fast domain resolver and bruteforcer
Alterx - Subdomain wordlist generator
GitHub Subdomains - Find subdomains from GitHub
Shosubgo - Shodan - based subdomain discovery
Chaos - ProjectDiscovery's Chaos dataset
Uncover - Multi - engine search (Shodan, Censys, Fofa)
ASNmap - ASN to CIDR lookup
Mapcidr - CIDR manipulation utility
Enum4linux - SMB/Windows enumeration

🎨 Advanced Examples

Example 1: Complete Bug Bounty Reconnaissance

Scenario: You're testing target.com for a bug bounty program.

AI Conversation:

You: "I'm starting a bug bounty assessment on target.com. Perform comprehensive reconnaissance including subdomain enumeration, HTTP probing, content discovery, and vulnerability scanning. Focus on finding high - impact vulnerabilities."

AI: I'll perform a comprehensive bug bounty reconnaissance on target.com. Let me start with subdomain enumeration using multiple tools for maximum coverage.

[Executes subfinder, sublister, amass, assetfinder]

Found 127 unique subdomains. Now probing for live HTTP services...

[Executes httpx with technology detection]

Discovered 89 live HTTP services. Interesting findings:
- admin.target.com (Apache 2.4.41)
- api.target.com (Nginx 1.18.0) 
- dev.target.com (GitHub Pages - potential takeover!)

Let me check for subdomain takeovers...

[Executes subzy and subjack]

🚨 CRITICAL: dev.target.com is vulnerable to subdomain takeover via GitHub Pages!

Now performing content discovery on high - value targets...

[Executes ffuf, feroxbuster on key subdomains]

Found several interesting endpoints:
- admin.target.com/backup/ (403 Forbidden)
- api.target.com/v1/users (200 OK)
- api.target.com/swagger.json (200 OK)

Running vulnerability scans...

[Executes nuclei with comprehensive templates]

🚨 HIGH: SQL injection detected on api.target.com/v1/search
🚨 MEDIUM: XSS vulnerability on blog.target.com/search
🚨 LOW: Information disclosure via server headers

Summary of findings:
1. Subdomain takeover: dev.target.com
2. SQL injection: api.target.com/v1/search  
3. XSS: blog.target.com/search
4. Exposed API documentation: api.target.com/swagger.json
5. Backup directory: admin.target.com/backup/

Recommended next steps:
1. Exploit the subdomain takeover for maximum impact
2. Test the SQL injection for data extraction
3. Verify XSS exploitability
4. Analyze API documentation for additional endpoints

🔧 Technical Details

Architecture

┌─────────────────┐    ┌─────────────────┐    ┌─────────────────┐
│   AI Client     │    │   MCP Server    │    │  Kali Server    │
│                 │    │                 │    │                 │
│ • Claude        │◄──►│ • Tool Mapping  │◄──►│ • Tool Execution│
│ • 5ire          │    │ • Parameter     │    │ • Result        │
│ • Ollama        │    │   Processing    │    │   Processing    │
│ • Custom        │    │ • Result        │    │ • Health Check  │
│                 │    │   Formatting    │    │                 │
└─────────────────┘    └─────────────────┘    └─────────────────┘

Component Breakdown

AI Client Layer: Interfaces with various AI models and platforms
MCP Server Layer: Translates AI requests to tool - specific API calls
Kali Server Layer: Executes security tools and returns formatted results

📄 License

This project is released under the MIT License. See LICENSE file for details.

📚 API Reference

Health Endpoint

GET /health

Response:

{
    "status": "healthy",
    "message": "Kali Linux Tools API Server is running",
    "tools_status": {
        "nmap": true,
        "subfinder": true,
        "nuclei": true
    },
    "all_essential_tools_available": true
}

Tool Execution Endpoints

Subdomain Enumeration

POST /api/tools/subfinder
Content - Type: application/json

{
    "domain": "example.com",
    "additional_args": "-sources censys,shodan"
}

Vulnerability Scanning

POST /api/tools/nuclei
Content - Type: application/json

{
    "target": "https://example.com",
    "templates": "cves,exposures",
    "additional_args": "-severity critical,high"
}

⚠️ Legal Disclaimer

This project is intended solely for educational and ethical testing purposes. Any misuse of the information or tools provided — including unauthorized access, exploitation, or malicious activity — is strictly prohibited. Users are solely responsible for ensuring their activities comply with applicable laws and regulations.