kali-mcp-server
Verified Safeby Shimmy0530
Overview
Facilitates automated security testing and vulnerability assessments by exposing Kali Linux tools via the Model Context Protocol to AI assistants and development environments.
Installation
docker run -i --rm --cap-add=NET_RAW --cap-add=NET_ADMIN --memory=4g --memory-reservation=1g --cpus=4.0 kali-mcp-serverEnvironment Variables
- DEBUG_MCP
- DETACHED_MODE
- MCP_SSE_MODE
- MCP_PORT
- MCP_HOST
Security Notes
The server's core `run_command` function utilizes `subprocess.run(shell=True)`, which poses a potential command injection risk if input is not meticulously sanitized. Although efforts are made to escape specific parameters within tool wrappers, relying on `shell=True` without comprehensive `shlex.quote` on all user-supplied components is less secure than `shell=False`. The container requires elevated Docker capabilities (`NET_RAW`, `NET_ADMIN`), inherently increasing the attack surface. However, the project mitigates this by providing extensive legal/ethical warnings, implementing Docker-level and per-process resource limits, and explicitly detailing security best practices and isolation recommendations.
Similar Servers
mcp-security-scanner
A Python-based penetration testing tool designed to scan and identify vulnerabilities in Model Context Protocol (MCP) servers.
Mcpwn
Automated security testing framework for Model Context Protocol (MCP) servers, detecting RCE, path traversal, prompt injection, and protocol vulnerabilities.
MCP-Security-Framework
Automated security assessment and vulnerability detection for Model Context Protocol (MCP) servers.
mcplint
A comprehensive security and quality assurance platform for Model Context Protocol (MCP) servers, supporting protocol validation, vulnerability scanning, fuzzing, and AI-assisted explanations to integrate security into development pipelines.