kalilinuxmcp

Currently just a toy, only supports executing commands that can return, such as burp suite and metasploit, which cannot perform interface and command interaction. Metasploit can ask the AI agent to execute directly without entering command interaction mode. If you have time, you can take it and strengthen it 😜 # kalilinuxmcp kali linux mcp,pentest,penetration test # Update: 20250401 Update: Added simple interactive processing    # How to install: # 1: First, use ssh-keygen -t rsa to create a private key and a public key, replace the public key to the Dockerfile, and replace the private key to "C:\Users\[Username]\.ssh\\kali000". Go to src\index.ts and search for "kali000" to replace the path `'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCsoJo7WJIHDQgmEdKwm6IqS61xaGWa/OVVMCrMwcVh13xvYbAD7wdMufzNhWRxSso3SKvTHbQjIszvYQgkVFjRPiJW5vGCU0847CX0zZytGLnKpKWDZ5ccShMPlIxVuy2+WUQlKNL7f+w59PMX+3BLcikhtwk0xwG7tpS4kAtXHlrwt1B1vFj3CoF8rBofGJAahOuPvruRh9i1i73i5JJHJFeDdJVfNnY5/8HnBvtWtJzbsbmlyaTODfrDCeYZ32zxDZdsPVEls3RDsfgUadyC71mpXloJ8JTiUU37H5DY+xtIuz3XICwA7DsVm9jiKaSR96DZyogYxx+UKdrDsIH4JQwBNs3RDCX+t7ivKj75KkhhrW2X2h90EOjwQPQOhuVU2FtMXbWlfbZL5UwXGgA7Efe3N0ZzrKac+RGM6vY/jsnESgZaTayF/N/BysMpjI18xy6Y12CyPXVYsvF3v04d2XR1Fs5rduERjpot7o9N+i5FcoTfUb5WP5nVU9X0b2s= hack004@DESKTOP-H4HRI73'` # 2: Because it is a domestic environment, I added the use of the host's socks5 proxy in docker. Search and replace "192.168.31.110" yourself. Also, the dns server is forced to use dns2socks to transfer to the local 127.0.0.1 to use the socks5 proxy. You can replace or remove it in the Dockerfile yourself. # 3: The original image used is "booyaabes/kali-linux-full", but the software version inside is a bit old. Choose whether to perform the following operations to update (mainly takes a long time!) ```1: After entering the docker container, execute: 1:wget -q -O - https://archive.kali.org/archive-key.asc | gpg --import 2:curl -fsSL https://archive.kali.org/archive-key.asc | sudo gpg --dearmor -o /usr/share/keyrings/kali-archive-keyring.gpg 3:sudo apt update && sudo apt full-upgrade -y 4:(Download and update the latest version of all kali linux tools, note that it is very large and slow)sudo apt install kali-linux-everything -y 5:If you only need to update individual software, you do not need to execute 4 because it takes a long time, for example, sudo apt install wpscan 6:I have completed the latest update, but the container is too large, tens of G, so I won’t upload it. If you need it, operate it yourself``` ``` # 4: (Compile MCP), first npm install, then directly npm run build to get the build directory. The core is index.js # 5: (Compile Docker image), ``` 1: Compile image: "docker build -t kali-pentest-mcp ." 2: Deploy image: "docker run --name kali-container -d --privileged -p 2222:22 kali-pentest-mcp" ``` # 6: Install MCP: ``` "kali-pentest-mcp-server": { "command": "node", "args": ["D:/kalimcp/build/index.js"], "env": {} } ``` # Precautions: 1: Remember to refresh MCP every time you restart docker, because the SSH connection may be disconnected # Reference project: > https://github.com/weidwonder/terminal-mcp-server # Effect display: # 1: Lab: Blind SQL injection with out-of-band data exfiltration     # 2: command injection:     # 3: Lab: Web shell upload via Content-Type restriction bypass      # MCP Real-time Command Output Viewer User Guide ## Overview This real-time viewer solves the problem of not being able to see real-time output when executing long-running commands in AI tools like Cursor. Using WebSocket technology, you can monitor command execution progress in real-time in your browser. ## Quick Start ### 1. Start the Real-time Viewer **Windows Users:** ```bash # Double-click to run start-realtime-viewer.bat # Or run manually cd realtime-viewer npm install npm start ``` **Linux/Mac Users:** ```bash cd realtime-viewer npm install npm start ``` ### 2. Open the Web Interface After starting, visit in your browser: ``` http://localhost:3000 ``` ### 3. Enable Real-time Push for the MCP Server In Cursor or other AI tools, use the following command to enable real-time push: ``` configure_realtime_viewer action=enable ``` Or configure a custom viewer URL: ``` configure_realtime_viewer action=configure viewer_url=http://localhost:3000 ``` ### 4. Execute Commands and View Real-time Output Now when you execute interactive commands, the output will be displayed in real-time in the Web interface: ``` start_interactive_command command="nmap -sS -O 192.168.1.1" ``` ## Features ### Web Interface Features - 📊 **Session List** - Displays all active command sessions on the left - 📺 **Real-time Output** - Displays the real-time command output of the selected session on the right - 🔄 **Auto Scroll** - Optional auto-scroll to the latest output - 🎨 **VS Code Style** - Dark theme, similar to the VS Code interface - 📱 **Responsive Design** - Supports different screen sizes ### MCP Tool Commands #### View Real-time Push Status ``` configure_realtime_viewer action=status ``` #### Enable Real-time Push ``` configure_realtime_viewer action=enable ``` #### Disable Real-time Push ``` configure_realtime_viewer action=disable ``` #### Configure Viewer URL ``` configure_realtime_viewer action=configure viewer_url=http://localhost:3000 ``` ## Usage Scenarios ### 1. Network Scanning ``` start_interactive_command command="nmap -sS -p- 192.168.1.0/24" ``` View the scanning progress and results in real-time in the Web interface. ### 2. Vulnerability Scanning ``` start_interactive_command command="nikto -h http://target.com" ``` Monitor the discovery process of vulnerability scanning in real-time. ### 3. Password Cracking ``` start_interactive_command command="hydra -l admin -P /usr/share/wordlists/rockyou.txt ssh://192.168.1.100" ``` View the progress of password cracking attempts in real-time. ### 4. Database Operations ``` start_interactive_command command="mysql -u root -p" ``` View the execution results of SQL queries in the Web interface. ## Environment Variable Configuration You can configure the MCP server through environment variables: ```bash # Enable real-time push (disabled by default) set REALTIME_PUSH_ENABLED=true # Configure viewer URL (default http://localhost:3000) set REALTIME_VIEWER_URL=http://localhost:8080 # Restart the MCP server npm run build npm start ``` ## Troubleshooting ### 1. Connection Issues - Ensure the real-time viewer server is running (http://localhost:3000) - Check firewall settings - Confirm that port 3000 is not occupied by other programs ### 2. Output Not Displaying - Confirm that real-time push is enabled: `configure_realtime_viewer action=status` - Check the MCP server logs for error messages - Confirm that the command is started via `start_interactive_command` ### 3. Performance Issues - For commands with a large amount of output, the system will automatically buffer the output to reduce network requests - You can clear the interface by clicking the clear output button - Close unnecessary sessions to free up resources ## Technical Architecture ``` ┌─────────────────┐ HTTP/WebSocket ┌──────────────────┐ │ MCP Server │ ──────────────────► │ Realtime Viewer │ │ │ │ │ │ - CommandExecutor│ │ - Express Server │ │ - RealtimePusher │ │ - WebSocket │ │ - SSH Sessions │ │ - Web Interface │ └─────────────────┘ └──────────────────┘ │ │ │ SSH │ Browser ▼ ▼ ┌─────────────────┐ ┌──────────────────┐ │ Kali Linux │ │ Web Browser │ │ │ │ │ │ - Security Tools│ │ - Real-time UI │ │ - Command Line │ │ - Session Mgmt │ └─────────────────┘ └──────────────────┘ ``` ## Security Considerations 1. **Local Use** - The real-time viewer only listens on localhost by default and is not open to the external network 2. **No Authentication** - The current version has no authentication, please do not use it in a production environment 3. **Sensitive Information** - Command output may contain sensitive information, please pay attention to protection 4. **Network Security** - If you need remote access, please configure appropriate network security measures ## Changelog ### v1.0.0 - Initial version released - Supports real-time command output display - WebSocket communication - Multi-session management - VS Code style interface