kali_mcp-mcp-server
by PaulGG-Code
Overview
A Model Context Protocol (MCP) server that exposes common pentest tools as FastMCP tools for educational and internal testing purposes.
Installation
python3 kali_mcp_server.pyEnvironment Variables
- KALI_MCP_JOB_TIMEOUT
- KALI_MCP_CONCURRENT_PER_USER
- KALI_MCP_ARTIFACT_TTL_DAYS
- KALI_MCP_ARTIFACT_MAX_MB
- KALI_MCP_ARTIFACT_STORE
- KALI_MCP_BUCKET
- KALI_MCP_ARTIFACT_LOCAL
- KALI_MCP_MINIO_ENDPOINT
- KALI_MCP_MINIO_ACCESS_KEY
- KALI_MCP_MINIO_SECRET_KEY
- KALI_MCP_API_KEYS_CSV
Security Notes
The server uses `subprocess.run` with argument lists, mitigating shell injection risks. Input sanitization is mentioned and observed in command construction. However, it ships with insecure default API keys ('changeme_admin_key', 'changeme_operator_key') and MinIO credentials ('minioadmin'). The README explicitly warns against exposing the server publicly without proper network controls and advises rotating API keys. Artifacts containing sensitive information are stored and require proper retention policies. The tools themselves (nmap, sqlmap, etc.) are powerful and inherently risky if misused or pointed at unintended targets. The `binwalk_extract` and `apk_static` tools process files by path inside the container, requiring careful management of container mounts.
Similar Servers
mcp-devcontainers
Provides a Model Context Protocol (MCP) server for integrating with and managing devcontainer environments via the devcontainers CLI.
kali-mcp
Provides a Dockerized Kali Linux environment with a Python server (MCP server) to programmatically access and orchestrate various penetration testing tools.
MCP-Server-Oferta
This server exposes a set of domain-specific tools, resources, and prompts via the FastMCP protocol to be consumed by Large Language Models (LLMs) or other multi-agent automation engines.
test_mcp
Simple MCP server for testing FastMCP connectivity and demonstrating basic tool functionality.