- Home
- MCP servers
- Kali Security
Kali Security
- python
3
GitHub Stars
python
Language
5 months ago
First Indexed
2 months ago
Catalog Refreshed
Documentation & install
Readme and setup notes from the catalogue, plus a client-ready config you can copy for your MCP host.
You run an AI-enhanced security testing server that combines 193 Kali Linux tools with Claude AI to automate intelligent testing, CTF solving, and defensive analysis. This MCP server lets you connect locally via stdio or remotely via SSE, enabling practical, end-to-end automation for both rapid assessment and advanced campaigns.
How to use
Set up the MCP server and connect your MCP client to start automating tasks. If you run locally, you use a stdio connection and the server starts with a simple Python command. If you need an external AI integration, you run an SSE server that exposes endpoints for the client to communicate with over HTTP.
Key usage patterns include launching CTf solving, performing comprehensive web security scans, conducting intelligent penetration testing, and automating PWN workflows. You can initiate tasks through the MCP client using the available commands or by configuring a remote client to target the SSE endpoints. The server maintains attack history to improve strategy over time and provides a dedicated CTF mode for automatic flag detection.
How to install
# Prerequisites: Python 3.x and Git
# 1) Clone the repository
git clone https://github.com/your-repo/kali-mcp-server.git
cd kali-mcp-server/deploy
# 2) Run the one-click installer (recommended)
chmod +x install.sh
./install.sh
# Manual installation steps
# 1. Install Python dependencies
pip3 install mcp pydantic aiohttp aiofiles
# 2. Copy MCP server to local data directory
mkdir -p ~/.local/share/kali-mcp
cp mcp_server.py ~/.local/share/kali-mcp/
# 3. Copy Claude configuration (for Claude Desktop integration)
cp -r deploy/claude-config/* ~/.claude/
# 4. Configure MCP server (prepare for your run mode)
Configuration and run modes
Two run modes are supported: local stdio mode for Claude Desktop/Code connections, and remote SSE mode for external AI connections.
Mode 1 — Local stdio (default): run the server directly for local Claude integrations.
python3 mcp_server.py
Claude Code configuration example for local stdio connections.
{
"mcpServers": {
"kali-intelligent-ctf": {
"command": "python3",
"args": ["mcp_server.py"],
"env": {}
}
}
}
Mode 2 — Remote SSE (external AI): start the SSE server to expose endpoints over HTTP.
# Start SSE server on default port 8765
python3 mcp_server.py --transport=sse --port=8765
# Or bind to a specific host/port
python3 mcp_server.py --transport=sse --host=0.0.0.0 --port=9000
External AI configuration example (remote) for SSE.
{
"mcpServers": {
"kali-mcp": {
"url": "http://192.168.1.100:8765/sse",
"transport": "sse"
}
}
}
Security, firewall, and maintenance notes
If you run in SSE mode, ensure the host firewall allows inbound connections to the SSE port. For Kali-based deployments, open the port and limit access to trusted sources.
To stop and cleanly remove the server, use the provided uninstall script from the deployment package.
Quick start and usage patterns
Once connected, you can invoke fast-track commands for CTF solving, comprehensive web security scanning, and intelligent penetration testing. Example capabilities include automated flag extraction in CTF mode, deep vulnerability assessment, and AI-assisted attack planning that adapts based on tool outputs.
Available tools
intelligent_ctf_solve
Automatically solves CTF challenges by applying predefined strategies and analyzing outputs from available tools.
intelligent_xss_payloads
Generates and tests advanced XSS payloads to assess web application resilience.
metasploit_run
Launches Metasploit workflows to identify and exploit missing defenses.
hydra_attack
Performs password attack workflows against services using Hydra.
sqlmap_scan
Automates SQL injection testing and data extraction with sqlmap.
gobuster_scan
Brute-forces discovery of hidden files and directories on web apps.
nmap_scan
Performs network discovery and service enumeration with Nmap.
masscan_fast_scan
Delivers high-speed network scans to map live hosts and services.
subfinder_scan
Enumerates subdomains for a target to broaden attack surface awareness.
radare2_analyze_binary
Analyzes binaries for reverse engineering insights using Radare2.
intelligent_ctf_solve
Smart CTF solver that leverages the full knowledge base to retrieve flags.
pwnpasi_auto_pwn
Automates PWN exploitation workflows against a given binary or service.