Happy slice of mcp pizzaMCP.pizza
Fire in da houseTop Tip:Paying $100+ per month for Perplexity, MidJourney, Runway, ChatGPT and other tools is crazy - get all your AI tools in one site starting at $15 per month with Galaxy AI Fire in da houseCheck it out free

MCP-Kali-Server

MCP.Pizza Chef: Wh0am123

MCP-Kali-Server is a lightweight API bridge that connects MCP clients to a Linux terminal, enabling AI models to execute commands like nmap, curl, and wget. It facilitates real-time AI-assisted penetration testing, CTF challenge solving, and interaction with web applications, making it ideal for offensive security workflows and hands-on hacking platforms like HTB and THM.

Use This MCP server To

Execute Linux terminal commands via AI models Perform AI-assisted penetration testing workflows Solve CTF web challenges in real time Interact with web applications using terminal tools Automate reconnaissance using tools like nmap and gobuster Assist in solving machines on HTB and THM platforms

README

MCP Kali Server

Kali MCP Server is a lightweight API bridge that connects MCP Clients (e.g: Claude Desktop, 5ire) to the API server which allows excuting commands on a Linux terminal.

This allows the MCP to run terminal commands like nmap, nxc or any other tool, interact with web applications using tools like curl, wget, gobuster. And perform AI-assisted penetration testing, solving CTF web challenge in real time, helping in solving machines from HTB or THM.

My Medium Article on This Tool

How MCP is Revolutionizing Offensive Security

👉 How MCP is Revolutionizing Offensive Security

🔍 Use Case

The goal is to enable AI-driven offensive security testing by:

  • Letting the MCP interact with AI endpoints like OpenAI, Claude, DeepSeek, or any other models.
  • Exposing an API to execute commands on a Kali machine.
  • Using AI to suggest and run terminal commands to solve CTF challenges or automate recon/exploitation tasks.
  • Allowing MCP apps to send custom requests (e.g., curl, nmap, ffuf, etc.) and receive structured outputs.

Here are some example for my testing (I used google's AI gemini 2.0 flash)

Example solving my web CTF challenge in RamadanCTF

Solving.Web.CTF.Challenge.mp4

Trying to solve machine "code" from HTB

Testing.on.HTB.Machine.Code.mp4

🚀 Features

  • 🧠 AI Endpoint Integration: Connect your kali to any MCP of your liking such as claude desktop or 5ier.
  • 🖥️ Command Execution API: Exposes a controlled API to execute terminal commands on your Kali Linux machine.
  • 🕸️ Web Challenge Support: AI can interact with websites and APIs, capture flags via curl and any other tool AI the needs.
  • 🔐 Designed for Offensive Security Professionals: Ideal for red teamers, bug bounty hunters, or CTF players automating common tasks.

🛠️ Installation

On your Linux Machine (Will act as MCP Server)

git clone https://github.com/Wh0am123/MCP-Kali-Server.git
cd MCP-Kali-Server
python3 kali_server.py

On your MCP Client (You can run on Windows or Linux)

  • You will want to run python3 /absolute/path/to/mcp_server.py http://LINUX_IP:5000
Configuration for claude desktop:

edit (C:\Users\USERNAME\AppData\Roaming\Claude\claude_desktop_config.json)

{
    "mcpServers": {
        "kali_mcp": {
            "command": "python3",
            "args": [
                "/absolute/path/to/mcp_server.py",
                "http://LINUX_IP:5000/"
            ]
        }
    }
}
Configuration for 5ire Desktop Application:
  • Simply add an MCP with the command python3 /absolute/path/to/mcp_server.py http://LINUX_IP:5000 and it will automatically generate the needed configuration files.

🔮 Other Possibilities

There are more possibilites than described since the AI model can now execute commands on the terminal. Here are some example:

  • Memory forensics using Volatility

    • Automating memory analysis tasks such as process enumeration, DLL injection checks, and registry extraction from memory dumps.

  • Disk forensics with SleuthKit

    • Automating analysis from disk images, timeline generation, file carving, and hash comparisons.

⚠️ Disclaimer:

This project is intended solely for educational and ethical testing purposes. Any misuse of the information or tools provided — including unauthorized access, exploitation, or malicious activity — is strictly prohibited. The author assumes no responsibility for misuse.

MCP-Kali-Server FAQ

How does MCP-Kali-Server enable AI to run Linux commands?
It acts as an API bridge allowing MCP clients to send terminal commands to a Linux machine for execution.
Can MCP-Kali-Server run any Linux terminal command?
Yes, it supports running any command available on the connected Linux system, including security tools like nmap and curl.
Is MCP-Kali-Server suitable for penetration testing?
Absolutely, it is designed to facilitate AI-assisted penetration testing and security assessments.
How does MCP-Kali-Server integrate with AI models?
It connects MCP clients to the Linux terminal, enabling models like Claude, GPT-4, and Gemini to execute commands and receive outputs.
What security considerations are there when using MCP-Kali-Server?
Proper access controls and network security should be enforced to prevent unauthorized command execution.
Can MCP-Kali-Server help with Capture The Flag (CTF) challenges?
Yes, it supports real-time AI interaction to solve CTF web challenges and hacking machines.
Does MCP-Kali-Server support interaction with web tools?
Yes, it can run tools like curl, wget, and gobuster to interact with web applications.
Is MCP-Kali-Server limited to Kali Linux?
While optimized for Kali, it can run on any Linux machine with the required tools installed.