kali-mcp
by PugazhTheHacker
Overview
Provides a web-based remote terminal for Kali Linux, integrated with a Gemini AI assistant and full filesystem access for cybersecurity tasks.
Installation
./start.shEnvironment Variables
- GEMINI_API_KEY
- API_PORT
- KALI_SERVER_URL
- DEBUG_MODE
Security Notes
CRITICAL: The `kali-server.py` component uses `subprocess.Popen(self.command, shell=True)` to execute user-provided commands directly. The `command` variable originates from `request.json` and is passed without any sanitization. This allows for arbitrary command injection and full remote code execution by any user who can access the Kali server API endpoint. While the README warns about using it only on trusted networks, the fundamental vulnerability remains in the code. No strong authentication or authorization mechanisms are present for the API endpoints.
Similar Servers
lamda
AI-powered Android automation framework for mobile data and task automation.
MCP-Kali-Server
Enabling AI-driven offensive security testing by bridging AI agents to a Kali Linux terminal for command execution.
pentest-mcp-server
The Pentest MCP Server enables AI agents to perform autonomous penetration testing operations on remote Linux distributions by managing persistent tmux sessions via SSH.
gbox-mcp-server
Enable AI agents to automate Android devices, Linux environments, and browser sessions.