playbooks

Home / MCP / Awsome Kali MCP Server

Awsome Kali MCP Server

Provides MCP servers for Kali Linux to streamline reverse engineering, security testing, and automation workflows.

typescript
78stars
View on GitHub
Installation
Add the following to your MCP client configuration file.

Configuration

View docs
{
    "mcpServers": {
        "kali_docker": {
            "command": "docker",
            "args": [
                "run",
                "-i",
                "kali-mcps:latest"
            ]
        }
    }
}

Awsome Kali MCP Server provides a set of Model Context Protocol (MCP) endpoints and tooling designed to run inside a Kali Linux workflow. It enables you to launch and orchestrate security-focused analysis tools in containers, perform network and binary analysis, and automate repetitive security tasks from a local MCP client.

How to use

You connect to the Kali MCP Server from your MCP client and run the provided tools to perform security analysis and automation tasks. The setup centers on a local Docker-based server you run in a Kali context. After you start the server, you can execute tools such as basic network scans, disassembly, string extraction, and live network capture through the MCP client interface. Typical usage patterns include starting the Kali MCP container, selecting the kali-docker server, and invoking the available endpoints like basic_scan, disassemble, and capture_live.

How to install

Prerequisites: ensure you have Docker installed on your system. You will build and run a Docker image that hosts the MCP servers.

Step 1: Build the Docker image for the MCP server.

Step 2: Configure your MCP client with the following server entry to run the container interactively.

{
  "mcpServers": {
    "kali-docker": {
      "command": "docker",
      "args": ["run", "-i", "kali-mcps:latest"]
    }
  }
}

Configuration and usage details

The server exposes a collection of tools organized by function, including network scanning, symbol analysis, binary analysis, string extraction, and network traffic analysis. A sandbox feature is available to run commands in isolated containers with configurable resource limits and automatic cleanup.

New features and capabilities

Network Scanning (Nmap): basic_scan, intense_scan, stealth_scan, quick_scan, vulnerability_scan.

Symbol Analysis (nm): basic_symbols, dynamic_symbols, demangle_symbols, numeric_sort, size_sort, undefined_symbols.

Binary Analysis (objdump): file_headers, disassemble, symbol_table, section_headers, full_contents.

String Extraction (strings): basic_strings, min_length_strings, offset_strings, encoding_strings.

Network Traffic Analysis (Wireshark/tshark): capture_live, analyze_pcap, extract_http, protocol_hierarchy, conversation_statistics, expert_info.

Sandbox Support (Docker): runs commands in isolated containers with a default ubuntu-systemd:22.04 image, configurable memory and CPU limits, network mode, timeout, bidirectional file copying, and automatic cleanup.

Notes and cautions

The project is in an early stage. You’ll find baseline server configurations and tool integrations expanding over time. When you start exploring, verify container resources and access controls to avoid unintended effects in your environment.

Troubleshooting and tips

If a container fails to start, check Docker daemon status and ensure the kali-mcps:latest image builds successfully. Verify that your MCP client is correctly configured to point at the kali-docker server name and that the CLI tools are available within the container.

Security considerations

Isolated sandbox execution is available to reduce risk when running potentially harmful analyses. Use the sandbox feature to confine commands within a dedicated container with controlled resources and automatic cleanup after execution.

Available tools

basic_scan

Performs a basic network scan to identify live hosts and open ports.

intense_scan

Conducts a more comprehensive network scan with deeper probing of hosts and services.

stealth_scan

Scans while attempting to minimize noise and avoid detection.

quick_scan

Provides a fast overview of the network with a lightweight probe set.

vulnerability_scan

Checks for common vulnerabilities across scanned hosts.

basic_symbols

Lists basic symbols present in a binary.

dynamic_symbols

Lists dynamic symbols loaded by the binary at runtime.

demangle_symbols

Converts mangled symbol names into human-readable form.

numeric_sort

Sorts symbols by numeric value.

size_sort

Sorts symbols by size.

undefined_symbols

Lists symbols that are undefined by the linker.

file_headers

Displays the headers of the target binary.

disassemble

Disassembles the target binary to show machine instructions.

symbol_table

Shows the symbol table within the binary.

section_headers

Displays section headers of the binary.

full_contents

Prints the full contents of the binary.

basic_strings

Extracts basic ASCII/Unicode strings from a binary.

min_length_strings

Extracts strings that meet a minimum length requirement.

offset_strings

Extracts strings with address offsets.

encoding_strings

Extracts strings based on specific encodings.

capture_live

Captures real-time network traffic for analysis.

analyze_pcap

Analyzes pcap files to extract meaningful statistics.

extract_http

Extracts HTTP data from captured traffic.

protocol_hierarchy

Shows the protocol hierarchy in captured traffic.

conversation_statistics

Provides statistics about conversations in captured traffic.

expert_info

Analyzes expert information from network captures.