Content
# Tool List
## Tool Overview
Kali MCP is an AI-powered penetration testing tool designed to simplify the penetration testing process. Users can operate the AI through natural language to perform various security tests.
## MCP Functionality
- **Secure Execution of System Commands**: Execute arbitrary Kali system commands, while prohibiting the execution of dangerous commands such as shutdown, restart, logout, and full-disk deletion.
- **SQL Injection Detection**: Integrated with tools like sqlmap, it facilitates users in detecting SQL injection vulnerabilities, supporting automated scanning and report generation.
- **Port Scanning**: Integrated with the Nmap tool, users can quickly scan the open ports of a target host to identify potential security risks, supporting batch scanning and output formatting.
- **Subdomain Discovery**: Integrated with the subfinder tool, users can quickly discover subdomains of a target domain.
- **Web Server Scanning**: Integrated with the Nikto tool, users can perform comprehensive scans on web servers, automatically detecting common vulnerabilities and configuration errors.
- **Vulnerability Exploitation Framework**: Integrated with the Metasploit tool, users can execute vulnerability tests and exploitation through the command line, supporting automated attack scripts.
- **Wireless Network Security**: Integrated with the Aircrack-ng tool, users can perform security tests and password cracking on wireless networks, supporting batch processing and automated attacks.
- **Network Traffic Analysis**: Integrated with the tshark tool, users can capture and analyze network traffic.
- **Password Cracking**: Integrated with the John the Ripper tool, users can perform batch password cracking, supporting multiple encryption algorithms and dictionary attacks.
- **Vulnerability Scanning**: Integrated with the OpenVAS tool, users can perform comprehensive vulnerability scans on targets, generating detailed reports.
- **Directory and File Bruteforcing**: Integrated with the Gobuster tool, users can perform directory and file bruteforcing on web applications.
- **File Download and Upload**: Integrated with the wget and curl tools, users can download and upload files through the command line.
- **Remote Command Execution**: Integrated with the SSH tool, users can execute commands remotely through the command line.
- **Network Sniffing**: Integrated with the tcpdump tool, users can capture and analyze network packets.
- **Information Gathering**: Integrated with the theHarvester tool, users can collect target email addresses, subdomains, and other information.
- **Vulnerability Exploitation**: Integrated with the Searchsploit tool, users can quickly search for exploit code for known vulnerabilities.
## MCP Configuration
```bash
{
"mcpServers": {
"bbLeglCAPwdyp7a4n0bKh": {
"name": "subfinderMCP",
"type": "stdio",
"description": "",
"isActive": true,
"timeout": "240",
"command": "/home/kali/Desktop/kali_mcp/SubdomainMCP",
"args": []
},
"uZwtm496yR4uimzW_7ReU": {
"name": "kali mcp",
"type": "stdio",
"description": "",
"isActive": true,
"timeout": "240",
"command": "/home/kali/Desktop/kali_mcp/kali_mcp_server",
"args": []
}
}
}
```
## Usage
Users can operate Kali for automated penetration through natural language conversations with the AI, without needing to worry about the complex commands behind the scenes.
### AI Execution of System Commands
```bash
Execute command id
```
This tool prohibits the execution of dangerous commands such as shutdown, restart, logout, and full-disk deletion to prevent data loss due to AI misexecution.
### AI Detection of SQL Injection Vulnerabilities
```bash
Use sqlmap to detect http://192.168.198.18/bbs/news.php?id=8
```
### AI Scanning of Open Ports
```bash
Scan 192.168.198.18 for open ports
```
### AI Acquisition of Subdomains
```bash
Get subdomains of 18k.icu
```
### Conversational AI Automatic Port Scanner
```bash
Use Python to write a port scanner
and test until successful with the following IPs
python portscan.py 192.168.50.111 80,443,135,445
```
# Video Demonstrations
## AI Automated Penetration in 5 Minutes to GetShell
Video: https://github.com/0x7556/kali_mcp/blob/main/video/AI自动渗透5分钟GetShell.mov
## AI Automated Programming of Port Scanner
Video: https://github.com/0x7556/kali_mcp/blob/main/video/AI自动编写python端口扫描器.mov
### Reference Links
Cross-platform MCP server supporting Kali, Ubuntu, Windows, Linux, and MacOS operating systems
- [PentestMCP](https://github.com/0x7556/PentestMCP)
- [Kali MCP](https://github.com/0x7556/kali_mcp)
