Is KALI_MCP_SERVER safe to use?

KALI_MCP_SERVER has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.

How do I install KALI_MCP_SERVER?

KALI_MCP_SERVER supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.

What AI clients work with KALI_MCP_SERVER?

KALI_MCP_SERVER is compatible with claude-desktop, cursor, claude-code. It uses sse and http transport.

Is KALI_MCP_SERVER actively maintained?

KALI_MCP_SERVER is less actively maintained — last commit was 258 days ago. It has 11 GitHub stars.

KALI_MCP_SERVER

Name: KALI_MCP_SERVER
Author: taopeng-life

by taopeng-life

KALI_MCP_SERVER —— 一个基于配置的容器化安全自动化平台，通过 JSON-RPC 统一编排和调用渗透测试工具。

11 0 tools GitHub

No known CVEs

MIT license

Stale

Last commit 258d ago

Works with most clients

Transport: sse, http

0 tools

Grade F

Edit this pageView history

Security

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopsse, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "kali-mcp": {
      "url": "http://localhost:8080",
      "headers": {
        "x-api-key": "your-secret-key"
      },
      "timeout": 0
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/kali-mcp-server)](https://mcppedia.org/s/kali-mcp-server)

Read me

What KALI_MCP_SERVER does

✅ Declarative tool definition in config.json - ✅ Async jobs with live logs (SSE / polling) - ✅ Self-describing /capabilities_ext

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

33/100across 5 weighted dimensions

How we score →

0255075100

−67

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is KALI_MCP_SERVER safe to use?: KALI_MCP_SERVER has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.
How do I install KALI_MCP_SERVER?: KALI_MCP_SERVER supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What AI clients work with KALI_MCP_SERVER?: KALI_MCP_SERVER is compatible with claude-desktop, cursor, claude-code. It uses sse and http transport.
Is KALI_MCP_SERVER actively maintained?: KALI_MCP_SERVER is less actively maintained — last commit was 258 days ago. It has 11 GitHub stars.

Similar servers

Others in security

View all →

Evil Mcp Server93

An evil MCP server used for redteam testing

30 1

Ida Pro Mcp92

AI-powered reverse engineering assistant that bridges IDA Pro with language models through MCP.

8.7k 3

Iam Policy Autopilot90

IAM Policy Autopilot is an open source static code analysis tool that helps you quickly create baseline AWS IAM policies that you can refine as your application evolves. This tool is available as a command-line utility and MCP server for use within AI coding assistants for quickly building IAM policies.

361 1

io.github.peacprotocol/peac90

Signed receipts for agent, API, and MCP interactions. Portable and offline-verifiable.

11 5

MCP Security Weekly

Get CVE alerts and security updates for KALI_MCP_SERVER and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Edit this pageView history

Security

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopsse, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "kali-mcp": {
      "url": "http://localhost:8080",
      "headers": {
        "x-api-key": "your-secret-key"
      },
      "timeout": 0
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/kali-mcp-server)](https://mcppedia.org/s/kali-mcp-server)

Read me

What KALI_MCP_SERVER does

✅ Declarative tool definition in config.json - ✅ Async jobs with live logs (SSE / polling) - ✅ Self-describing /capabilities_ext

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

README

⚡ KALI_MCP_SERVER ⚡

Config-Driven Security Automation Hub
Single JSON-RPC 2.0 entrypoint · Declarative tool engine · Docker-only deployment

✨ Features

✅ Declarative tool definition in config.json
✅ Async jobs with live logs (SSE / polling)
✅ Self-describing /capabilities_ext
✅ Secure with API key 🔑

🧰 Supported Tools

Built-in penetration testing tools (preinstalled in Docker image):

🔍 Port/Service Scan: nmap
🌐 Web App Testing: sqlmap, wpscan, nikto, whatweb, dirb, dirsearch, feroxbuster, gobuster
🕵 Reconnaissance: amass (subdomain enum)
🔒 SSL/TLS Analysis: sslyze, testssl.sh
🛡 WAF/Middleware: wafw00f, joomscan
⚡ Fuzz & Bruteforce: ffuf
🐍 Python Toolkits: via python_tools.sh
🏗 Go Toolkits: via go_tools.sh
📂 Wordlists & Templates: wordlists.sh, nuclei_templates.sh

Extension:

Add custom installer in extras-installer/modules/
Declare tools in config.json
Verify via /capabilities_ext

🚀 Quick Start (Docker Compose)

git clone <repo-url>
cd KALI_MCP_SERVER
docker compose up -d --build

👉 Health check:

curl -H "x-api-key:your-secret-key" http://127.0.0.1:8080/health

📂 Directory Layout

extras-installer/   # optional extra tool installers
mcp_server.py       # FastAPI + JSON-RPC
config.json         # tool declarations
Dockerfile
docker-compose.yml
.env

🛠 Operations

🔗 Endpoints

POST / → JSON-RPC (initialize, tools/list, tools/call)
GET /jobs/{job_id}/sse → Live logs
GET /jobs/poll → Poll logs
POST /jobs/cancel → Cancel job
GET /capabilities_ext → Tool registry
GET /health → Health probe

📜 Call Example

List tools

curl -X POST http://127.0.0.1:8080/   -H "content-type: application/json" -H "x-api-key: your-secret-key"   -d '{"jsonrpc":"2.0","id":1,"method":"tools/list","params":{}}'

Async call

curl -X POST http://127.0.0.1:8080/   -H "content-type: application/json" -H "x-api-key: your-secret-key"   -d '{"jsonrpc":"2.0","id":"job1","method":"tools/call","params":{"name":"nmap_scan","arguments":{"host":"scanme.nmap.org","async":true}}}'

🖥 Integrate with Cursor

Add to ~/.cursor/mcp.json:

{
  "mcpServers": {
    "kali-mcp": {
      "url": "http://localhost:8080",
      "timeout": 0,
      "headers": { "x-api-key": "your-secret-key" }
    }
  }
}

🌏 中文版本

✨ 特点

声明式工具定义（config.json）
同步/异步调用，实时日志（SSE）
/capabilities_ext 自动列出工具与二进制版本
可选 x-api-key 鉴权 🔐

🧰 支持工具

内置常用渗透测试工具（Docker 镜像预装）：

🔍 端口/服务探测：nmap
🌐 Web 应用测试：sqlmap、wpscan、nikto、whatweb、dirb、dirsearch、feroxbuster、gobuster
🕵 信息收集：amass（子域名枚举）
🔒 SSL/TLS 检测：sslyze、testssl.sh
🛡 WAF/中间件：wafw00f、joomscan
⚡ 模糊测试/爆破：ffuf
🐍 Python 工具集：通过 python_tools.sh 安装
🏗 Go 工具集：通过 go_tools.sh 安装
📂 字典/模板：wordlists.sh、nuclei_templates.sh

扩展能力：

在 extras-installer/modules/ 新增自定义安装脚本
在 config.json 声明新工具
通过 /capabilities_ext 自动检测二进制可用性与版本

🚀 快速开始

docker compose up -d --build

👉 健康检查：

curl -H "x-api-key:your-secret-key" http://127.0.0.1:8080/health

🔗 接口列表

POST / → JSON-RPC (initialize、tools/list、tools/call)
`GE

... View full README on GitHub

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

33/100across 5 weighted dimensions

How we score →

0255075100

−67

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is KALI_MCP_SERVER safe to use?: KALI_MCP_SERVER has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.
How do I install KALI_MCP_SERVER?: KALI_MCP_SERVER supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What AI clients work with KALI_MCP_SERVER?: KALI_MCP_SERVER is compatible with claude-desktop, cursor, claude-code. It uses sse and http transport.
Is KALI_MCP_SERVER actively maintained?: KALI_MCP_SERVER is less actively maintained — last commit was 258 days ago. It has 11 GitHub stars.