- Home
- MCP servers
- Awsome Kali
Awsome Kali
- typescript
78
GitHub Stars
typescript
Language
6 months ago
First Indexed
2 months ago
Catalog Refreshed
Documentation & install
Readme and setup notes from the catalogue, plus a client-ready config you can copy for your MCP host.
Installation
Add the following to your MCP client configuration file.
Configuration
View docs{
"mcpServers": {
"ccq1-awsome_kali_mcpservers": {
"command": "docker",
"args": [
"run",
"-i",
"kali-mcps:latest"
]
}
}
}Awsome Kali MCP Server provides a set of Model Context Protocol (MCP) endpoints and tooling designed to run inside a Kali Linux workflow. It enables you to launch and orchestrate security-focused analysis tools in containers, perform network and binary analysis, and automate repetitive security tasks from a local MCP client.
How to use
You connect to the Kali MCP Server from your MCP client and run the provided tools to perform security analysis and automation tasks. The setup centers on a local Docker-based server you run in a Kali context. After you start the server, you can execute tools such as basic network scans, disassembly, string extraction, and live network capture through the MCP client interface. Typical usage patterns include starting the Kali MCP container, selecting the kali-docker server, and invoking the available endpoints like basic_scan, disassemble, and capture_live.
How to install
Prerequisites: ensure you have Docker installed on your system. You will build and run a Docker image that hosts the MCP servers.
Step 1: Build the Docker image for the MCP server.
Step 2: Configure your MCP client with the following server entry to run the container interactively.
{
"mcpServers": {
"kali-docker": {
"command": "docker",
"args": ["run", "-i", "kali-mcps:latest"]
}
}
}
Configuration and usage details
The server exposes a collection of tools organized by function, including network scanning, symbol analysis, binary analysis, string extraction, and network traffic analysis. A sandbox feature is available to run commands in isolated containers with configurable resource limits and automatic cleanup.
New features and capabilities
Network Scanning (Nmap): basic_scan, intense_scan, stealth_scan, quick_scan, vulnerability_scan.
Symbol Analysis (nm): basic_symbols, dynamic_symbols, demangle_symbols, numeric_sort, size_sort, undefined_symbols.
Binary Analysis (objdump): file_headers, disassemble, symbol_table, section_headers, full_contents.
String Extraction (strings): basic_strings, min_length_strings, offset_strings, encoding_strings.
Network Traffic Analysis (Wireshark/tshark): capture_live, analyze_pcap, extract_http, protocol_hierarchy, conversation_statistics, expert_info.
Sandbox Support (Docker): runs commands in isolated containers with a default ubuntu-systemd:22.04 image, configurable memory and CPU limits, network mode, timeout, bidirectional file copying, and automatic cleanup.
Notes and cautions
The project is in an early stage. You’ll find baseline server configurations and tool integrations expanding over time. When you start exploring, verify container resources and access controls to avoid unintended effects in your environment.
Troubleshooting and tips
If a container fails to start, check Docker daemon status and ensure the kali-mcps:latest image builds successfully. Verify that your MCP client is correctly configured to point at the kali-docker server name and that the CLI tools are available within the container.
Security considerations
Isolated sandbox execution is available to reduce risk when running potentially harmful analyses. Use the sandbox feature to confine commands within a dedicated container with controlled resources and automatic cleanup after execution.
Available tools
basic_scan
Performs a basic network scan to identify live hosts and open ports.
intense_scan
Conducts a more comprehensive network scan with deeper probing of hosts and services.
stealth_scan
Scans while attempting to minimize noise and avoid detection.
quick_scan
Provides a fast overview of the network with a lightweight probe set.
vulnerability_scan
Checks for common vulnerabilities across scanned hosts.
basic_symbols
Lists basic symbols present in a binary.
dynamic_symbols
Lists dynamic symbols loaded by the binary at runtime.
demangle_symbols
Converts mangled symbol names into human-readable form.
numeric_sort
Sorts symbols by numeric value.
size_sort
Sorts symbols by size.
undefined_symbols
Lists symbols that are undefined by the linker.
file_headers
Displays the headers of the target binary.
disassemble
Disassembles the target binary to show machine instructions.
symbol_table
Shows the symbol table within the binary.
section_headers
Displays section headers of the binary.
full_contents
Prints the full contents of the binary.
basic_strings
Extracts basic ASCII/Unicode strings from a binary.
min_length_strings
Extracts strings that meet a minimum length requirement.
offset_strings
Extracts strings with address offsets.
encoding_strings
Extracts strings based on specific encodings.
capture_live
Captures real-time network traffic for analysis.
analyze_pcap
Analyzes pcap files to extract meaningful statistics.
extract_http
Extracts HTTP data from captured traffic.
protocol_hierarchy
Shows the protocol hierarchy in captured traffic.
conversation_statistics
Provides statistics about conversations in captured traffic.
expert_info
Analyzes expert information from network captures.