MCP-Kali

MCP-Kali exposes a standardized MCP server interface that lets clients interact with Kali Linux penetration testing tooling through a consistent API. The server coordinates access to a range of tools (Nmap, Gobuster, Dirb, Nikto, Hydra, SQLMap, WPScan, John the Ripper, Enum4linux, Metasploit, and more) and provides structured capabilities for managing SSH sessions, reverse shells, and secure file transfers with integrity verification. Clients can start and monitor SSH sessions, spawn reverse shells, execute commands, and perform file uploads/downloads to and from the Kali host via the MCP API. The architecture is designed so MCP clients can run on different machines and still securely orchestrate actions on the Kali server through HTTP, enabling centralized management of security workflows across environments.

Prerequisites:

• Python 3.8+ and pip installed on the machine hosting the MCP server.
• Access to the Kali host (for the kali-server) and network connectivity between MCP host and Kali host.

Installation steps:

1. Clone the repository (or download the MCP-Kali server directory).
2. Install MCP server dependencies:
   • On the host running the MCP server: pip install -r requirements.mcp.txt
3. Ensure the Kali server dependencies are installed on the Kali host:
   • On the Kali host: pip install -r requirements.kali.txt
4. Start the MCP server:
   • Navigate to the mcp-server directory and run: python -m mcp_server
5. Start the Kali server (kali-server) if not already running, following its own setup instructions in kali-server/ (e.g., ensuring Docker components and dependent tools are available).
6. Configure your MCP client to target the MCP Kali server endpoint (e.g., http://<mcp-host>:<port>/) as per the MCP client documentation.

Notes and tips:

• The MCP Kali server relies on secure communication and proper network routing between the MCP host and the Kali host. If using WSL or a VM, ensure localhost and port mappings are configured correctly so the MCP client can reach the Kali server.
• When operating with root privileges on the Kali host, exercise caution: the Kali API and commands execute with system-access rights. Prefer least-privilege configurations where possible.
• Use the provided MCP-mcp client interface definitions to understand available endpoints for SSH management, reverse shell control, and file transfer operations.
• If you encounter connectivity issues, verify firewall rules, network routes, and that the MCP server process is listening on the expected port. Check logs for any authentication or permission errors.
• The installation splits Python dependencies into kali and MCP components to optimize environments. Remember to install requirements.kali.txt on the Kali host and requirements.mcp.txt on the MCP host.