Content
# Kali AI Pentest MCP Tools
## Tool Overview
Kali MCP is an AI penetration testing tool designed to simplify the penetration testing process. Users can interact with the AI using natural language to perform various security tests.
## MCP Features
- **Secure Execution of System Commands**: Execute any Kali system command while prohibiting dangerous commands such as shutdown/reboot/logout/full disk deletion.
- **SQL Injection Detection**: Integrated with tools like sqlmap, allowing users to detect SQL injection vulnerabilities, supporting automated scanning and report generation.
- **Port Scanning**: Integrated with the Nmap tool, users can quickly scan open ports on target hosts to identify potential security risks, supporting batch scanning and formatted output.
- **Subdomain Discovery**: Integrated with the subfinder tool, users can quickly discover subdomains of target domains.
- **Web Server Scanning**: Integrated with the Nikto tool, users can perform comprehensive scans of web servers to automatically detect common vulnerabilities and configuration errors.
- **Exploitation Framework**: Integrated with the Metasploit tool, users can execute vulnerability tests and exploits via the command line, supporting automated attack scripts.
- **Wireless Network Security**: Integrated with the Aircrack-ng tool, users can conduct security tests and password cracking on wireless networks, supporting batch processing and automated attacks.
- **Network Traffic Analysis**: Integrated with the tshark tool, users can capture and analyze network traffic.
- **Password Cracking**: Integrated with the John the Ripper tool, users can perform batch password cracking, supporting various encryption algorithms and dictionary attacks.
- **Vulnerability Scanning**: Integrated with the OpenVAS tool, users can conduct comprehensive vulnerability scans on targets, generating detailed reports.
- **Directory and File Bruteforcing**: Integrated with the Gobuster tool, users can perform directory and file bruteforcing on web applications.
- **File Download and Upload**: Integrated with wget and curl tools, users can download and upload files via the command line.
- **Remote Command Execution**: Integrated with SSH tools, users can execute commands remotely via the command line.
- **Network Sniffing**: Integrated with the tcpdump tool, users can capture and analyze network packets.
- **Information Gathering**: Integrated with the theHarvester tool, users can collect emails, subdomains, and other information about the target.
- **Exploitation**: Integrated with the Searchsploit tool, users can quickly find exploit code for known vulnerabilities.
## MCP Configuration
```bash
{
"mcpServers": {
"bbLeglCAPwdyp7a4n0bKh": {
"name": "subfinderMCP",
"type": "stdio",
"description": "",
"isActive": true,
"timeout": "240",
"command": "/home/kali/Desktop/kali_mcp/SubdomainMCP",
"args": []
},
"uZwtm496yR4uimzW_7ReU": {
"name": "kali mcp",
"type": "stdio",
"description": "",
"isActive": true,
"timeout": "240",
"command": "/home/kali/Desktop/kali_mcp/kali_mcp_server",
"args": []
}
}
}
```

## Usage Instructions
Users can operate Kali for automated penetration testing by chatting with the AI in natural language, without needing to worry about the complex commands behind the scenes.
### AI Executes System Commands
```bash
Execute command id
```
This tool prohibits the execution of dangerous commands such as shutdown/reboot/logout/full disk deletion to prevent data loss due to unintended command execution by the AI.

### AI Detects SQL Injection Vulnerabilities
```bash
Use sqlmap to detect http://192.168.198.18/bbs/news.php?id=8
```

### AI Scans Open Ports
```bash
Scan open ports on 192.168.198.18
```

### AI Retrieves Subdomains
```bash
Get subdomains of 18k.icu
```

### Conversational AI Automatically Writes a Port Scanner
```bash
Write a port scanning program in Python
and test until successful. Test IPs are as follows:
python portscan.py 192.168.50.111 80,443,135,445
```
# Video Demonstration
## AI Automated Penetration Testing GetShell in 5 Minutes
Video: https://github.com/0x7556/kali_mcp/blob/main/video/AI自动渗透5分钟GetShell.mov
## AI Automatically Programs a Port Scanner
Video: https://github.com/0x7556/kali_mcp/blob/main/video/AI自动编写python端口扫描器.mov
### Reference Links
Cross-platform MCP server supporting Windows, Linux, and MacOS operating systems
- [PentestMCP](https://github.com/0x7556/PentestMCP)
- [Kali MCP](https://github.com/0x7556/kali_mcp)
You Might Also Like
Ollama
Ollama enables easy access to large language models on various platforms.

n8n
n8n is a secure workflow automation platform for technical teams with 400+...
OpenWebUI
Open WebUI is an extensible web interface for customizable applications.

Dify
Dify is a platform for AI workflows, enabling file uploads and self-hosting.

Zed
Zed is a high-performance multiplayer code editor from the creators of Atom.
MarkItDown MCP
markitdown-mcp is a lightweight MCP server for converting various URIs to Markdown.