AI-Powered Offensive Security Toolkit
Bridge your AI assistant to 55+ Kali Linux security tools via Model Context Protocol
Features • Quick Start • Documentation • Architecture • Legal
Language: English | 한국어
MCP Kali Server transforms your AI assistant into a powerful offensive security companion by providing seamless access to professional penetration testing and CTF-solving tools from Kali Linux.
Built on the Model Context Protocol (MCP), this server enables AI assistants like Claude, ChatGPT, and others to orchestrate complex security workflows, automate CTF challenge solving, and perform intelligent penetration testing through natural language.
You: "I found an RSA challenge with n=12345..., e=65537. Can you decrypt it?"
AI: *Automatically queries FactorDB → runs RsaCtfTool → decrypts ciphertext → extracts flag*
"Flag found: CTF{...}"
You: "Scan this web app for vulnerabilities: http://target.com"
AI: *Runs nmap → gobuster → nikto → sqlmap → provides comprehensive security report*
|
🔓 Pwnable (80% coverage)
🔐 Cryptography (50-80% coverage)
🔍 Forensics (43-70% coverage)
🌐 Web Security (90% coverage)
|
☁️ Cloud Security (52-85% coverage)
⛓️ Web3 & Blockchain (40-75% coverage)
🔄 Reversing (67% coverage)
|
- Network Recon: nmap, masscan, enum4linux
- Web Testing: gobuster, dirb, nikto, sqlmap, wpscan, ffuf
- Password Attacks: hydra, john, hashcat
- Binary Analysis: checksec, ROPgadget, radare2, pwntools, Ghidra
- Forensics: Volatility3, SleuthKit (mmls, fls, mactime), YARA, binwalk, foremost, steghide, exiftool, tesseract, md5deep
- Cryptography: RsaCtfTool, SageMath, hashcat, openssl
- Cloud: AWS CLI, Pacu, s3scanner, ScoutSuite
- Web3: Slither, Mythril, web3.py, solc, Ganache
- Exploitation: metasploit, searchsploit
- And many more...
- Automatic Vulnerability Detection: AI analyzes binaries and identifies exploitable weaknesses
- Multi-Step Attack Chains: Orchestrate complex exploitation workflows
- Automated Forensics Workflows: Multi-stage memory analysis, disk forensics, and malware hunting
- Session Management: Persistent workspaces for multi-step analysis
- Interactive Shells: Bidirectional communication with running exploits
- Intelligent Tool Selection: AI chooses appropriate tools based on context
- Workflow Prompts: Pre-built templates for common CTF scenarios
- Problem-Solving Guide: Ready-to-use prompts for each category
- Tool Installation: Automated setup scripts for Kali Linux
- Best Practices: Security testing guidelines and ethics
Option 1: Docker (Recommended) 🐳
- Docker & Docker Compose installed
- AI Assistant with MCP support (Claude Desktop, 5ire, etc.)
Option 2: Native Installation
- Kali Linux (or any Linux with security tools installed)
- Python 3.12+
- AI Assistant with MCP support (Claude Desktop, 5ire, etc.)
One-command setup - all tools included!
1. Clone and start
git clone https://github.com/foxibu/CTF-Solver.git
cd CTF-Solver
docker-compose up -dThat's it! The server is now running on http://localhost:5000 with all 55+ security tools pre-installed.
2. Configure your MCP client
For Claude Desktop (edit ~/.config/Claude/claude_desktop_config.json):
{
"mcpServers": {
"kali_mcp": {
"command": "python3",
"args": [
"/absolute/path/to/src/my_server/mcp_server.py",
"--server",
"http://localhost:5000/"
]
}
}
}3. Start solving CTFs! 🎉
1. Clone the repository
git clone https://github.com/foxibu/CTF-Solver.git
cd CTF-Solver2. Install dependencies
pip install -e .
# OR use uv for faster installation
uv pip install -e .3. Install security tools (see KALI_TOOLS_INSTALLATION.md)
# Quick install essential tools
sudo apt install -y nmap gobuster dirb nikto sqlmap wpscan hydra john \
checksec binwalk steghide volatility3 radare2
# See installation guide for complete setup4. Start the Kali server
python3 kali_server.py
# Server runs on http://0.0.0.0:50005. Configure your MCP client
For Claude Desktop (edit ~/.config/Claude/claude_desktop_config.json):
{
"mcpServers": {
"kali_mcp": {
"command": "python3",
"args": [
"/absolute/path/to/src/my_server/mcp_server.py",
"--server",
"http://KALI_IP:5000/"
]
}
}
}For 5ire Desktop:
- Add MCP server with command:
python3 /path/to/src/my_server/mcp_server.py --server http://KALI_IP:5000
6. Start solving CTFs! 🎉
┌─────────────────────┐ HTTP/JSON ┌─────────────────────┐
│ MCP Client │◄──────────────────────────│ Kali Linux Server │
│ (Claude Desktop, │ Port 5000 │ (Flask API) │
│ 5ire, etc.) │ │ │
│ │ │ - Command Executor │
│ - FastMCP Server │ │ - Tool Endpoints │
│ - Tool Definitions │ │ - Session Manager │
│ - Workflow Prompts │ │ - Timeout Handler │
└─────────────────────┘ └─────────────────────┘
Windows/Mac/Linux Kali Linux
Kali Server (kali_server.py)
- Flask HTTP API server (port 5000)
- 73+ security tool endpoints
- Advanced forensics automation (memory, disk, malware)
- Session-based workspaces
- Interactive shell management
- Graceful timeout handling (180s default)
MCP Client (src/my_server/mcp_server.py)
- FastMCP protocol implementation
- 55+ MCP tool wrappers
- AI-guided workflow prompts
- Resources (server status, wordlists, guides)
User: "I have an RSA challenge:
n = 85188995949975973...
e = 65537
c = 34577152691579622...
Can you decrypt it?"
AI Assistant:
1. Creates analysis session
2. Queries FactorDB for factorization of n
3. Runs RsaCtfTool with multiple attack methods
4. Successfully decrypts using Wiener's attack
5. Returns: "Plaintext: CTF{weak_rsa_exponent}"
User: "Test http://target.com for vulnerabilities"
AI Assistant:
1. Runs nmap port scan
2. Discovers web server on ports 80, 443
3. Runs gobuster for directory enumeration
4. Finds /admin, /backup, /api endpoints
5. Runs nikto for vulnerability scanning
6. Tests SQLi with sqlmap on login form
7. Provides comprehensive security report
User: "Analyze this binary: challenge.bin"
AI Assistant:
1. Uploads binary to session workspace
2. Runs checksec (finds: No canary, NX enabled, No PIE)
3. Auto-detects buffer overflow vulnerability
4. Finds ROP gadgets for NX bypass
5. Locates system() and "/bin/sh"
6. Generates pwntools exploit script
7. Tests locally and captures flag
User: "Analyze this memory dump: memory.dmp (Windows)"
AI Assistant:
1. Runs Volatility3 windows.info
2. Lists running processes (windows.pslist)
3. Identifies suspicious process: malware.exe
4. Dumps process memory
5. Scans for network connections
6. Extracts command line arguments
7. Finds hidden flag in process memory
User: "Run automated forensics analysis on this memory dump"
AI Assistant (using auto_memory_analysis):
✓ Phase 1: OS Detection - Identified Windows 10 x64
✓ Phase 2: Process Analysis - 47 processes found
✓ Phase 3: Network Connections - 12 active connections
✓ Phase 4: Malware Detection - 2 suspicious injections found
✓ Phase 5: Registry Analysis - Persistence mechanisms detected
✓ Phase 6: DLL Analysis - Malicious DLL identified
Summary: Found malware persistence in Run key, extracted C2 server: 192.168.1.100:4444
User: "Hunt for malware in this suspicious executable"
AI Assistant (using auto_malware_hunt):
✓ Phase 1: YARA Scanning - Matched: Trojan.Generic
✓ Phase 2: IOC Extraction - Found 3 IPs, 5 domains, 2 registry keys
✓ Phase 3: File Type - PE32 executable (stripped)
✓ Phase 4: Entropy Analysis - HIGH ENTROPY (7.8) - likely packed
✓ Phase 5: Hash Generation - MD5: a1b2c3..., SHA256: d4e5f6...
✓ Phase 6: Metadata - Compiled: 2024-01-15, Language: C++
✓ Phase 7: Binary Analysis - Embedded ELF detected at 0x2000
Threat Assessment: High-risk packed malware with embedded payloads
- PROBLEM_SOLVING_PROMPTS.md - Ready-to-use AI prompts for each CTF category
- KALI_TOOLS_INSTALLATION.md - Complete tool installation guide with automated scripts
- CTF_ENHANCEMENT.md - Advanced features and capability analysis
- CLAUDE.md - Comprehensive guide for AI assistants working with this codebase
This tool works with all major CTF platforms:
- HackTheBox (HTB)
- TryHackMe (THM)
- PicoCTF
- CTFtime competitions
- OverTheWire
- pwnable.kr / pwnable.tw
- Root-Me
- RingZer0 CTF
- VulnHub
- And many more!
- CTF competitions and wargames
- Authorized penetration testing (with written permission)
- Bug bounty programs (within scope)
- Security research and education
- Personal lab environments
- Capture The Flag training
- Unauthorized access to systems
- Malicious hacking or attacks
- Testing without explicit permission
- Any illegal activities
Using Docker Compose (Recommended)
# Start the server
docker-compose up -d
# View logs
docker-compose logs -f
# Stop the server
docker-compose down
# Rebuild after code changes
docker-compose up -d --buildUsing Docker directly
# Build the image
docker build -t foxibu/ctf-solver:latest .
# Run the container
docker run -d \
--name ctf-solver \
-p 5000:5000 \
-v $(pwd)/sessions:/app/sessions \
-v $(pwd)/workspaces:/app/workspaces \
foxibu/ctf-solver:latest
# View logs
docker logs -f ctf-solver
# Stop and remove
docker stop ctf-solver && docker rm ctf-solver# Check container health
docker ps
docker exec ctf-solver curl http://localhost:5000/health
# Access container shell
docker exec -it ctf-solver /bin/bash
# View resource usage
docker stats ctf-solver
# Export/Import image
docker save foxibu/ctf-solver:latest | gzip > ctf-solver.tar.gz
docker load < ctf-solver.tar.gz✅ Zero Configuration - All 55+ tools pre-installed
✅ Cross-Platform - Works on Windows, Mac, Linux
✅ Isolated Environment - Safe malware analysis
✅ Version Control - Reproducible CTF environments
✅ Easy Updates - docker-compose pull && docker-compose up -d
✅ Resource Limits - Controlled CPU/memory usage
The Docker setup automatically persists:
- Sessions:
./sessions/- Active analysis sessions - Workspaces:
./workspaces/- Challenge files and results - Custom wordlists:
./wordlists/(mount your own)
export KALI_SERVER_URL="http://localhost:5000"
export KALI_REQUEST_TIMEOUT=300 # 5 minutes
export DEBUG_MODE=1 # Enable debug logging# Kali server on custom port
python3 kali_server.py --port 8080
# MCP client with custom server
python3 src/my_server/mcp_server.py --server http://localhost:8080# On client machine
ssh -L 5000:localhost:5000 user@kali-server.example.com
# Configure MCP client to use localhost:5000Contributions are welcome! Please feel free to submit a Pull Request.
# Clone repository
git clone https://github.com/Wh0am123/MCP-Kali-Server.git
cd MCP-Kali-Server
# Install in development mode
pip install -e .
# Run tests
python3 kali_server.py --debug
📝 How MCP is Revolutionizing Offensive Security - Medium Article by Author
This tool is designed exclusively for:
✅ Authorized penetration testing with written permission ✅ CTF competitions and educational wargames ✅ Security research in controlled environments ✅ Bug bounty programs within defined scope ✅ Personal lab environments you own
❌ Unauthorized access to systems ❌ Malicious hacking or attacks ❌ Testing without explicit permission ❌ Any illegal activities
By using this tool, you agree to:
- Obtain proper authorization before testing any systems
- Comply with all applicable laws and regulations
- Use this tool responsibly and ethically
- Accept full responsibility for your actions
The authors assume NO responsibility for misuse. Unauthorized access to computer systems is illegal and punishable by law.
This project is licensed under the MIT License - see the LICENSE file for details.
- Author: Yousof Nahya
- Inspired by: Project Astro
- Built with: FastMCP, Flask, and the offensive security community
- Powered by: Kali Linux, Model Context Protocol
- GitHub Repository: github.com/Wh0am123/MCP-Kali-Server
- Model Context Protocol: modelcontextprotocol.io
- Kali Linux: kali.org
- FastMCP: github.com/jlowin/fastmcp
- 55+ Security Tools integrated
- 7 CTF Categories supported
- 73+ API Endpoints available
- 3 Advanced Forensics Workflows automated
- 4 Workflow Prompts included
- 100+ Pages of documentation
⭐ Star this repo if you find it useful!
Made with ❤️ by the offensive security community