Kali-MCP-Server-Walkthrough
by MrQauckQauck
Overview
A walkthrough for setting up a client-server architecture using Kali Linux and 5ire to control Kali server tools (like Nmap) via an LLM.
Installation
cd MCP-Kali-Server/kali-server && python3 kali_server.pySecurity Notes
The system is critically vulnerable to Remote Code Execution (RCE) on both the Kali VM and the client machine. The 'kali_server.py' uses 'subprocess.run(command, shell=True)' to execute commands received from the client, with no apparent input sanitization or command whitelisting. This allows an LLM to execute arbitrary system commands on the Kali machine. Furthermore, 'mcp_server.py' on the client side contains 'eval(tool_code)', which can execute arbitrary Python code if 'tool_code' originates from an untrusted source, such as an LLM's output. The design inherently trusts all LLM outputs for command execution, making it extremely dangerous and prone to compromise.
Similar Servers
MCP-Kali-Server
Enabling AI-driven offensive security testing by bridging AI agents to a Kali Linux terminal for command execution.
burp-mcp-agents
Connects Burp Suite MCP Server to AI backends (Codex, Gemini, Ollama, LM Studio) for assisted, non-destructive vulnerability analysis using real Burp traffic.
pentestMCP
This MCP server enables AI agents to perform automated and interactive penetration testing tasks by exposing a suite of security assessment utilities as callable tools.
Instability
An AI-powered local chatbot for network diagnostics and pentesting, leveraging Ollama to keep all analysis private and on-premise.