kali_mcp-mcp-server

Overview

Kali MCP Server is an MCP server that exposes common penetration testing tools (nmap, nikto, sqlmap, gobuster, searchsploit, binwalk, apktool/jadx) through a secure, controlled JSON-based protocol. It provides a reproducible environment for running pentest tooling with input sanitization, ephemeral job workspaces, and artifact management.

Key Features

• Comprehensive Tool Suite — Exposes nmap, nikto, sqlmap, gobuster, searchsploit, binwalk, and apktool+jadx as structured MCP tools with strict JSON payloads
• Security Controls — Input sanitization with argument-list execution (no shell interpolation), API key authentication, simple RBAC, and configurable per-user concurrency limits
• Artifact Management — Per-job ephemeral workspaces with automatic artifact collection and upload to S3/MinIO or local storage, including signed URL generation for downloads
• Configurable Environment — Dockerized for reproducibility with environment variables controlling job timeout, concurrent limits, artifact TTL, and storage backend

Who is this for?

Security professionals and penetration testers who want to integrate pentest tooling into AI-assisted workflows for educational and internal testing purposes. Useful for teams that need controlled, auditable execution of security scanning tools with proper artifact retention.