{"id":"mcp-kali-server","name":"MCP Kali Server","homepage":"https://github.com/Wh0am123/MCP-Kali-Server","repo_url":"https://github.com/Wh0am123/MCP-Kali-Server","category":"security","subcategories":["penetration-testing","ctf","offensive-security","mcp-server"],"tags":["kali","pentest","ctf","security","nmap","metasploit","sqlmap","gobuster","offensive","linux","mcp-server","flask"],"what_it_does":"A lightweight Flask API bridge that connects Claude Desktop (or any MCP-compatible client) to a Kali Linux machine, enabling AI-assisted command execution for authorized penetration testing and CTF challenges. The server exposes a thin HTTP API on port 5000 that accepts arbitrary shell commands and returns their output, effectively giving an AI assistant a live Kali terminal. Tools like Nmap, Metasploit, sqlmap, Gobuster, enum4linux, and any other Kali tool are accessible by name. The architecture is intentionally minimal — a single Flask server with no auth, no sandboxing, and no command filtering — making it fast to set up for isolated testing environments but completely unsuitable for production or shared infrastructure.","use_cases":["AI-guided CTF challenge solving with real-time command execution on a dedicated Kali VM","Penetration testing reconnaissance automation with iterative feedback: scan, analyze, pivot","HackTheBox / TryHackMe machine exploitation with AI suggesting tool chains based on service output","Bug bounty hunting: AI-assisted recon workflow with Nmap, whatweb, and subdomain enumeration","Security training: AI coach demonstrates tool usage and explains output in educational labs"],"not_for":["Production security operations or enterprise SOC environments","Shared infrastructure — no access controls means any user with network access can execute arbitrary commands","Any testing against systems without explicit written authorization","Environments requiring audit logging, command allowlisting, or compliance"],"best_when":"You are running authorized penetration testing or CTF challenges in a fully isolated, single-user Kali VM and want an AI to iteratively suggest and execute recon/exploitation commands.","avoid_when":"You need any form of access control, audit logging, or safe command sandboxing — the complete absence of authentication makes this unsuitable for anything beyond a dedicated personal lab VM.","alternatives":[{"id":"mcp-security-hub","reason":"Docker-based approach with 36 containerized security tools — better isolation than bare Kali access"},{"id":"mcp-terminal","reason":"Generic terminal MCP server with potentially better sandboxing options"},{"id":"mcp-shell","reason":"Lighter-weight shell execution MCP with configurable restrictions"}],"af_score":52.8,"security_score":18.0,"reliability_score":null,"package_type":"mcp_server","discovery_source":["github"],"priority":"low","status":"evaluated","version_evaluated":"latest","last_evaluated":"2026-03-01T09:50:05.867871+00:00","performance":{"latency_p50_ms":100,"latency_p99_ms":60000,"uptime_sla_percent":null,"rate_limits":null,"data_source":"llm_estimated","measured_on":null}}