kalilinuxmcp

Local 2025-09-01 00:42:54 0

A tool that allows penetration testing through Kali Linux commands executed via a Multi-Conversation Protocol server, supporting security testing operations like SQL injection and command execution.

目前只是个玩具,只支持执行可以返回的命令,如burp suite和metasploit等不能进行界面和命令交互,metasploit倒是可以叫ai agent直接执行不进入命令交互模式,有时间弄得的哥们可以拿去加强一下 ?

kali linux mcp,pentest,penetration test

更新:

20250401更新: 新增简单的交互式处理

如何安装:

1: 首先要用ssh-keygen -t rsa做一个私钥和公钥,替换公钥到Dockerfile的,替换私钥到"C:Users[Username].sshkali000",这里自行去srcindex.ts里搜索"kali000"替换路径

'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCsoJo7WJIHDQgmEdKwm6IqS61xaGWa/OVVMCrMwcVh13xvYbAD7wdMufzNhWRxSso3SKvTHbQjIszvYQgkVFjRPiJW5vGCU0847CX0zZytGLnKpKWDZ5ccShMPlIxVuy2+WUQlKNL7f+w59PMX+3BLcikhtwk0xwG7tpS4kAtXHlrwt1B1vFj3CoF8rBofGJAahOuPvruRh9i1i73i5JJHJFeDdJVfNnY5/8HnBvtWtJzbsbmlyaTODfrDCeYZ32zxDZdsPVEls3RDsfgUadyC71mpXloJ8JTiUU37H5DY+xtIuz3XICwA7DsVm9jiKaSR96DZyogYxx+UKdrDsIH4JQwBNs3RDCX+t7ivKj75KkhhrW2X2h90EOjwQPQOhuVU2FtMXbWlfbZL5UwXGgA7Efe3N0ZzrKac+RGM6vY/jsnESgZaTayF/N/BysMpjI18xy6Y12CyPXVYsvF3v04d2XR1Fs5rduERjpot7o9N+i5FcoTfUb5WP5nVU9X0b2s= hack004@DESKTOP-H4HRI73'

2:因为是国内环境,docker里我加了使用主机的socks5代理,自行搜索来替换"192.168.31.110",还有dns服务器也强制用dns2socks转到了本地127.0.0.1使用socks5代理,可自行去Dockerfile里替换或者去掉

3:原始使用的"booyaabes/kali-linux-full"镜像,但是里面软件版本有点老,自行选择是否要执行以下操作更新(主要需要更新很久!)

1:进入docker容器后执行: 1:wget -q -O - https://archive.kali.org/archive-key.asc | gpg --import 2:curl -fsSL https://archive.kali.org/archive-key.asc | sudo gpg --dearmor -o /usr/share/keyrings/kali-archive-keyring.gpg 3:sudo apt update && sudo apt full-upgrade -y 4:(下载更新最新版kali linux的所有工具,注意很大很慢)sudo apt install kali-linux-everything -y 5:如果只需更新单独的软件,就无需执行4因为要很久,例如sudo apt install wpscan 6:我自己倒是完成了最新更新,但是容器太大了几十G就不传了,需要的自行操作就行了


# 4:(编译MCP),先npm install后直接npm run build,得到build目录,核心是index.js

# 5:(编译Docker镜像),

1:编译镜像:"docker build -t kali-pentest-mcp ." 2:部署镜像:"docker run --name kali-container -d --privileged -p 2222:22 kali-pentest-mcp"

# 6:安装MCP:

"kali-pentest-mcp-server": { "command": "node", "args": ["D:/kalimcp/build/index.js"], "env": {} } ```

注意事项:

1: 每次重启docker后记得刷新MCP,因为可能SSH连接会断开

参考项目:

https://github.com/weidwonder/terminal-mcp-server

效果展示:

2:command injection:

3:Lab: Web shell upload via Content-Type restriction bypass

[
  {
    "description": "(无需交互式比如ping 127.0.0.1)在Kali Linux渗透测试环境中执行命令。支持所有Kali Linux内置的安全测试工具和常规Linux命令。",
    "inputSchema": {
      "properties": {
        "command": {
          "description": "要在Kali Linux环境中执行的命令。可以是任何安全测试、漏洞扫描、密码破解等渗透测试命令。",
          "type": "string"
        }
      },
      "required": [
        "command"
      ],
      "type": "object"
    },
    "name": "execute_command"
  },
  {
    "description": "(需要交互式比如mysql -u root -p)在Kali Linux环境中启动一个交互式命令，并返回会话ID。交互式命令可以接收用户输入,可以在不close_interactive_command的情况下同时执行execute_command。",
    "inputSchema": {
      "properties": {
        "command": {
          "description": "要在Kali Linux环境中执行的交互式命令。",
          "type": "string"
        }
      },
      "required": [
        "command"
      ],
      "type": "object"
    },
    "name": "start_interactive_command"
  },
  {
    "description": "(自行判断是AI输入还是用户手动输入)向正在运行的交互式命令发送用户输入。",
    "inputSchema": {
      "properties": {
        "end_line": {
          "description": "是否在输入后添加换行符。默认为true。",
          "type": "boolean"
        },
        "input": {
          "description": "发送给命令的输入文本。",
          "type": "string"
        },
        "session_id": {
          "description": "交互式会话ID。",
          "type": "string"
        }
      },
      "required": [
        "session_id",
        "input"
      ],
      "type": "object"
    },
    "name": "send_input_to_command"
  },
  {
    "description": "获取交互式命令的最新输出。",
    "inputSchema": {
      "properties": {
        "session_id": {
          "description": "交互式会话ID。",
          "type": "string"
        }
      },
      "required": [
        "session_id"
      ],
      "type": "object"
    },
    "name": "get_command_output"
  },
  {
    "description": "关闭交互式命令会话。",
    "inputSchema": {
      "properties": {
        "session_id": {
          "description": "交互式会话ID。",
          "type": "string"
        }
      },
      "required": [
        "session_id"
      ],
      "type": "object"
    },
    "name": "close_interactive_command"
  }
]