Provides an MCP server exposing 20+ Kali security tools with safe, structured, type-safe execution.
Configuration
View docs{
"mcpServers": {
"azza39925-kali-mcp-server": {
"command": "node",
"args": [
"/path/to/kali-mcp-server/dist/index.js"
],
"env": {
"NMAP_PATH": "/usr/bin/nmap",
"SQLMAP_PATH": "/usr/bin/sqlmap",
"GOBUSTER_PATH": "/usr/bin/gobuster"
}
}
}
}You can run Kali MCP Server locally to access 20+ security tools through a structured, AI-friendly interface. It provides a safe, type-checked environment for running security tools, with input validation, output sanitization, and execution isolation so you can perform recon, web testing, password assessment, and exploitation tasks in a controlled way.
Start by installing and running the MCP server locally. Once running, connect your MCP client (or Claude Desktop) to the local server endpoint to issue tool actions in a structured format. You will execute tools through the MCP server, which enforces an allowlist, handles timeouts, and returns sanitized results.
Typical workflow you can follow: 1) Start the server, 2) Use the MCP inspector for interactive testing, 3) Configure your MCP client to point to the local server, and 4) Run tools such as network scans, web enumeration, password checks, or exploit searches through clearly defined actions. The server is designed to be accessible from your automation or AI assistant workflows while keeping control over what commands are allowed and how results are delivered.
Prerequisites: You need a Kali Linux environment (or any Linux with security tools installed), Node.js 18+ and npm, and the security tools installed on your system.
Install security tools (on Kali Linux or equivalent):
sudo apt update
sudo apt install -y \
nmap masscan netdiscover tcpdump tshark \
gobuster sqlmap nikto wpscan ffuf nuclei \
hydra john hashcat \
exploitdb metasploit-frameworkInstall the MCP server locally:
cd kali-mcp-server
npm install
npm run buildRun the MCP server:
# Start the server
npm start
# Or run directly
node dist/index.jsTest with the MCP Inspector for interactive testing:
# Launch the MCP Inspector for interactive testing
npm run inspector
# Or
npx @modelcontextprotocol/inspector node dist/index.jsIntegrate with Claude Desktop by adding the local MCP config to your Claude Desktop configuration. Use the following example as a starting point and adjust the path to your server file accordingly:
{
"mcpServers": {
"kali-security": {
"command": "node",
"args": ["/path/to/kali-mcp-server/dist/index.js"]
}
}
}Environment variables shown for tool path customization can be set to point to your installed security tools. Examples include path variables for common tools, which you can export in your shell before starting the MCP server.
Wordlists commonly used with the tools can be found at standard Kali locations, such as /usr/share/wordlists/rockyou.txt, /usr/share/wordlists/dirb/common.txt, and /usr/share/seclists/Discovery/Web-Content/common.txt.
Security features include a command allowlist, input validation, output sanitization, configurable timeouts, output size limits, and rate limiting to prevent abuse. Commands are executed in isolated child processes with proper resource cleanup.
If a tool cannot be found or a command fails due to permissions, verify tool installation and paths. You can either install missing tools or set custom paths via environment variables. For example, check if a tool is installed with which nmap, install missing tools with your package manager, or set a custom path like export NMAP_PATH=/custom/path/to/nmap.
Network reconnaissance and web testing, password assessment, and exploitation workflow suggestions are provided to help you structure your tasks with the MCP server. Use the available actions to discover hosts, scan ports, enumerate web content, test for vulnerabilities, brute-force credentials (where authorized), and search exploitation databases.
To run tests locally, build and run the server, then test with the MCP Inspector or your own client to ensure the tool actions return structured results.
Project structure and how to extend the server are described in the tool reference and development notes, including how to add new tools, wire them into the index, and keep the command allowlist up to date.
Perform network port scanning and service detection using Nmap with options for port ranges, timing, and service/version probing.
Discover live hosts on a network using Nmap host discovery methods.
High-speed port scanning to quickly identify open ports on targets.
ARP reconnaissance to map active devices on a local network.
Packet capture for network traffic analysis.
Wireshark CLI for deep packet inspection.
Directory and file enumeration on web servers.
Subdomain enumeration to discover related domains.
Automated SQL injection testing on web applications.
Web server vulnerability scanning to identify common misconfigurations.
WordPress security assessment to identify themes/plugins weaknesses.
Web fuzzer for content discovery and parameter probing.
Template-based vulnerability scanner for rapid checks.
Network login brute-forcer for various services.
John the Ripper password cracker for hash cracking tasks.
Advanced password recovery using GPU-accelerated techniques.
Exploit database search to find publicly disclosed exploits.
View details of listed exploits.
Payload generator for Metasploit framework to craft payloads.