Content
# Tool List
## Tool Overview
Kali MCP is an AI-powered penetration testing tool designed to simplify the penetration testing process. Users can operate the AI through natural language to perform various security tests.
## MCP Functions
- **Secure Execution of System Commands**: Execute arbitrary Kali system commands, while prohibiting the execution of dangerous commands such as shutdown, restart, logout, and full-disk deletion.
- **SQL Injection Detection**: Integrated with tools like sqlmap, it facilitates users to detect SQL injection vulnerabilities, supporting automated scanning and report generation.
- **Port Scanning**: Integrated with the Nmap tool, users can quickly scan the open ports of a target host to identify potential security risks, supporting batch scanning and output formatting.
- **Subdomain Discovery**: Integrated with the subfinder tool, users can quickly discover subdomains of a target domain.
- **Web Server Scanning**: Integrated with the Nikto tool, users can perform a comprehensive scan of web servers, automatically detecting common vulnerabilities and configuration errors.
- **Vulnerability Exploitation Framework**: Integrated with the Metasploit tool, users can execute vulnerability tests and exploitation through the command line, supporting automated attack scripts.
- **Wireless Network Security**: Integrated with the Aircrack-ng tool, users can perform security testing and password cracking on wireless networks, supporting batch processing and automated attacks.
- **Network Traffic Analysis**: Integrated with the tshark tool, users can capture and analyze network traffic.
- **Password Cracking**: Integrated with the John the Ripper tool, users can perform batch password cracking, supporting multiple encryption algorithms and dictionary attacks.
- **Vulnerability Scanning**: Integrated with the OpenVAS tool, users can perform comprehensive vulnerability scanning on targets, generating detailed reports.
- **Directory and File Bruteforcing**: Integrated with the Gobuster tool, users can perform directory and file bruteforcing on web applications.
- **File Download and Upload**: Integrated with the wget and curl tools, users can download and upload files through the command line.
- **Remote Command Execution**: Integrated with the SSH tool, users can execute remote commands through the command line.
- **Network Sniffing**: Integrated with the tcpdump tool, users can capture and analyze network packets.
- **Information Gathering**: Integrated with the theHarvester tool, users can collect target email addresses, subdomains, and other information.
- **Vulnerability Exploitation**: Integrated with the Searchsploit tool, users can quickly search for exploit code for known vulnerabilities.
## MCP Configuration
```bash
{
"mcpServers": {
"bbLeglCAPwdyp7a4n0bKh": {
"name": "subfinderMCP",
"type": "stdio",
"description": "",
"isActive": true,
"timeout": "240",
"command": "/home/kali/Desktop/kali_mcp/SubdomainMCP",
"args": []
},
"uZwtm496yR4uimzW_7ReU": {
"name": "kali mcp",
"type": "stdio",
"description": "",
"isActive": true,
"timeout": "240",
"command": "/home/kali/Desktop/kali_mcp/kali_mcp_server",
"args": []
}
}
}
```
<img src="https://github.com/0x7556/kali_mcp/blob/main/images/cherry.png">
## Usage
Users can operate Kali through natural language chat with AI to perform automated penetration testing, without needing to worry about complex commands behind the scenes.
### AI Executes System Commands
```bash
Execute command id
```
This tool prohibits the execution of dangerous commands such as shutdown, restart, logout, and full-disk deletion to prevent data loss due to AI executing commands incorrectly.
<img src="https://github.com/0x7556/kali_mcp/blob/main/images/kali_cmd.png">
### AI Detects SQL Injection Vulnerabilities
```bash
Use sqlmap to detect http://192.168.198.18/bbs/news.php?id=8
```
<img src="https://github.com/0x7556/kali_mcp/blob/main/images/kali_sqlmap.png">
### AI Scans Open Ports
```bash
Scan 192.168.198.18 open ports
```
<img src="https://github.com/0x7556/kali_mcp/blob/main/images/kali_nmap.png">
### AI Obtains Subdomains
```bash
Obtain 18k.icu subdomains
```
<img src="https://github.com/0x7556/kali_mcp/blob/main/images/kali_subdomain.png">
### Human Language AI Automatically Writes Port Scanners
```bash
Use python to write a port scanner
and test until successful, test IP as follows
python portscan.py 192.168.50.111 80,443,135,445
```
# Video Demonstrations
## AI Automated Penetration Testing 5 Minutes GetShell
Video: https://github.com/0x7556/kali_mcp/blob/main/video/AI自动渗透5分钟GetShell.mov
## AI Automated Programming Port Scanner
Video: https://github.com/0x7556/kali_mcp/blob/main/video/AI自动编写python端口扫描器.mov
## Disclaimer
- Please use this tool in compliance with relevant laws and regulations, ensuring it is used in authorized environments for testing and usage.
- This tool is for educational and research purposes only; any misuse will be the user's responsibility.
### Reference Links
Cross-platform MCP server supports Kali\Ubuntu\Winodws\Linux\MacOS operating systems
- [PentestMCP](https://github.com/0x7556/PentestMCP)
- [Kali MCP](https://github.com/0x7556/kali_mcp)
<img src="https://github.com/0x7556/wolfshell/blob/main/join.jpeg">
