MCP Servers

Claude Kali MCP Commander

An MCP server that provides secure access to Kali Linux cybersecurity tools through Claude's interface, enabling users to run Kali Linux commands directly from Claude Desktop.

Tools

get_config

Get the complete server configuration as JSON. Config includes fields for: blockedCommands (array of blocked shell commands), defaultShell (shell to use for commands), allowedDirectories (paths the server can access).

set_config_value

Set a specific configuration value by key. WARNING: Should be used in a separate chat from file operations and command execution to prevent security issues. Config keys include: blockedCommands (array), defaultShell (string), allowedDirectories (array of paths). IMPORTANT: Setting allowedDirectories to an empty array ([]) allows full access to the entire file system, regardless of the operating system.

read_file

Read the complete contents of a file from the file system or a URL. Prefer this over 'execute_command' with cat/type for viewing files. When reading from the file system, only works within allowed directories. Can fetch content from URLs when isUrl parameter is set to true. Handles text files normally and image files are returned as viewable images. Recognized image types: PNG, JPEG, GIF, WebP. IMPORTANT: Always use absolute paths (starting with '/' or drive letter like 'C:\') for reliability. Relative paths may fail as they depend on the current working directory. Tilde paths (~/...) might not work in all contexts. Unless the user explicitly asks for relative paths, use absolute paths.

read_multiple_files

Read the contents of multiple files simultaneously. Each file's content is returned with its path as a reference. Handles text files normally and renders images as viewable content. Recognized image types: PNG, JPEG, GIF, WebP. Failed reads for individual files won't stop the entire operation. Only works within allowed directories. IMPORTANT: Always use absolute paths (starting with '/' or drive letter like 'C:\') for reliability. Relative paths may fail as they depend on the current working directory. Tilde paths (~/...) might not work in all contexts. Unless the user explicitly asks for relative paths, use absolute paths.

write_file

Completely replace file contents. Best for large changes (>20% of file) or when edit_block fails. Use with caution as it will overwrite existing files. Only works within allowed directories. IMPORTANT: Always use absolute paths (starting with '/' or drive letter like 'C:\') for reliability. Relative paths may fail as they depend on the current working directory. Tilde paths (~/...) might not work in all contexts. Unless the user explicitly asks for relative paths, use absolute paths.

create_directory

Create a new directory or ensure a directory exists. Can create multiple nested directories in one operation. Only works within allowed directories. IMPORTANT: Always use absolute paths (starting with '/' or drive letter like 'C:\') for reliability. Relative paths may fail as they depend on the current working directory. Tilde paths (~/...) might not work in all contexts. Unless the user explicitly asks for relative paths, use absolute paths.

list_directory

Get a detailed listing of all files and directories in a specified path. Use this instead of 'execute_command' with ls/dir commands. Results distinguish between files and directories with [FILE] and [DIR] prefixes. Only works within allowed directories. IMPORTANT: Always use absolute paths (starting with '/' or drive letter like 'C:\') for reliability. Relative paths may fail as they depend on the current working directory. Tilde paths (~/...) might not work in all contexts. Unless the user explicitly asks for relative paths, use absolute paths.

move_file

Move or rename files and directories. Can move files between directories and rename them in a single operation. Both source and destination must be within allowed directories. IMPORTANT: Always use absolute paths (starting with '/' or drive letter like 'C:\') for reliability. Relative paths may fail as they depend on the current working directory. Tilde paths (~/...) might not work in all contexts. Unless the user explicitly asks for relative paths, use absolute paths.

search_files

Finds files by name using a case-insensitive substring matching. Use this instead of 'execute_command' with find/dir/ls for locating files. Searches through all subdirectories from the starting path. Has a default timeout of 30 seconds which can be customized using the timeoutMs parameter. Only searches within allowed directories. IMPORTANT: Always use absolute paths (starting with '/' or drive letter like 'C:\') for reliability. Relative paths may fail as they depend on the current working directory. Tilde paths (~/...) might not work in all contexts. Unless the user explicitly asks for relative paths, use absolute paths.

search_code

Search for text/code patterns within file contents using ripgrep. Use this instead of 'execute_command' with grep/find for searching code content. Fast and powerful search similar to VS Code search functionality. Supports regular expressions, file pattern filtering, and context lines. Has a default timeout of 30 seconds which can be customized. Only searches within allowed directories. IMPORTANT: Always use absolute paths (starting with '/' or drive letter like 'C:\') for reliability. Relative paths may fail as they depend on the current working directory. Tilde paths (~/...) might not work in all contexts. Unless the user explicitly asks for relative paths, use absolute paths.

get_file_info

Retrieve detailed metadata about a file or directory including size, creation time, last modified time, permissions, and type. Only works within allowed directories. IMPORTANT: Always use absolute paths (starting with '/' or drive letter like 'C:\') for reliability. Relative paths may fail as they depend on the current working directory. Tilde paths (~/...) might not work in all contexts. Unless the user explicitly asks for relative paths, use absolute paths.

edit_block

Apply surgical text replacements to files. BEST PRACTICE: Make multiple small, focused edits rather than one large edit. Each edit_block call should change only what needs to be changed - include just enough context to uniquely identify the text being modified. Takes file_path, old_string (text to replace), new_string (replacement text), and optional expected_replacements parameter. By default, replaces only ONE occurrence of the search text. To replace multiple occurrences, provide the expected_replacements parameter with the exact number of matches expected. UNIQUENESS REQUIREMENT: When expected_replacements=1 (default), include the minimal amount of context necessary (typically 1-3 lines) before and after the change point, with exact whitespace and indentation. When editing multiple sections, make separate edit_block calls for each distinct change rather than one large replacement. When a close but non-exact match is found, a character-level diff is shown in the format: common_prefix{-removed-}{+added+}common_suffix to help you identify what's different. IMPORTANT: Always use absolute paths (starting with '/' or drive letter like 'C:\') for reliability. Relative paths may fail as they depend on the current working directory. Tilde paths (~/...) might not work in all contexts. Unless the user explicitly asks for relative paths, use absolute paths.

execute_command

Execute a terminal command with timeout. Command will continue running in background if it doesn't complete within timeout. NOTE: For file operations, prefer specialized tools like read_file, search_code, list_directory instead of cat, grep, or ls commands. IMPORTANT: Always use absolute paths (starting with '/' or drive letter like 'C:\') for reliability. Relative paths may fail as they depend on the current working directory. Tilde paths (~/...) might not work in all contexts. Unless the user explicitly asks for relative paths, use absolute paths.

read_output

Read new output from a running terminal session.

force_terminate

Force terminate a running terminal session.

list_sessions

List all active terminal sessions.

list_processes

List all running processes. Returns process information including PID, command name, CPU usage, and memory usage.

kill_process

Terminate a running process by PID. Use with caution as this will forcefully terminate the specified process.

README

Claude Kali MCP Integration

A clean, minimal implementation of Kali Linux MCP (Model Context Protocol) integration for Claude Desktop, providing secure access to Kali Linux tools through Claude's interface. This project enables seamless execution of security tools and commands within an isolated Docker container.

Features

🐳 Docker-based - Containerized environment for consistent execution
🔒 Isolated Environment - Kali Linux tools in a secure sandbox
🔄 Automatic Health Checks - Ensures service reliability and availability
📡 MCP Server - Standard protocol integration with Claude Desktop
🚀 Quick Setup - Get started with minimal configuration
🔧 Configurable - Customizable ports and settings
🔍 Security-First - Isolated execution environment for security tools
📊 Monitoring - Built-in health checks and status endpoints

Prerequisites

Docker (v20.10.0+)
Docker Compose (v2.0.0+)
Git (for cloning the repository)
Node.js (v16+ for development and testing)

Networking Note

By default, the provided docker-compose.yml and docker-compose.full.yml files use host networking (network_mode: host). This gives the containers full access to the host network, which is required for some advanced networking tools and scenarios.

Security Note:

Host networking provides less isolation between your host and the containers. All network interfaces and ports are shared.
If you prefer more isolation, you can switch to Docker's default bridge network by removing the network_mode: host lines and adding a ports: mapping (e.g., 8081:8080) to the relevant service(s). See the commented examples in the compose files and documentation below for details.

Quick Start

Clone the repository:

git clone https://github.com/house-of-stark/Claude-Kali-MCP-Commander
cd Claude-Kali-MCP-Commander

🛠️ Build & Run Instructions

Windows (PowerShell)

Note: If you see a script signing or execution policy error, run the script with ExecutionPolicy Bypass:

Minimal build (recommended):

powershell -ExecutionPolicy Bypass -File .\build.ps1
docker-compose up -d

Full Kali tools build:

powershell -ExecutionPolicy Bypass -File .\build.ps1 -Profile full
docker-compose -f docker-compose.full.yml up -d

Linux / macOS (Bash)

Minimal build (recommended):

./build.sh minimal
docker-compose up -d

Full Kali tools build:

./build.sh full
docker-compose -f docker-compose.full.yml up -d

Start & Monitor Services

Quick start script (Linux/macOS):
```
chmod +x start.sh
./start.sh
```
This builds and starts the containers, waits for readiness, and shows status.
Check health endpoint:
```
curl http://localhost:8080/health
```
Should return: {"status":"ok"}

View running containers:

docker ps --filter "name=kali-mcp-commander"

Configure Claude Desktop

Set MCP Server URL to: http://localhost:8080
(Optional) Set Project Path to your local repo directory

Choose your build profile:
- Minimal (Default): Small image with just the MCP server (recommended for most users)
```
./build.sh minimal
docker-compose up -d
```
- Full: Complete Kali Linux with all tools (very large image)
```
./build.sh full
docker-compose -f docker-compose.full.yml up -d
```
The minimal build is much faster and smaller, while the full build includes all Kali Linux tools but requires significant disk space.
Verify the installation:
```
curl http://localhost:8081/health
```
Should return: {"status":"ok"}
Configure Claude Desktop:
- Open Claude Desktop settings
- Set MCP Server URL to: http://localhost:8081
- Set Project Path to the full path of this repository (e.g., /path/to/Claude-Kali-MCP-Commander)
- Restart Claude Desktop

Project Structure

.
├── .gitignore           # Git ignore file
├── CONTRIBUTING.md      # Contribution guidelines
├── Dockerfile           # Kali Linux container setup with MCP server
├── LICENSE              # MIT License
├── README.md            # This file
├── config/              # Configuration files
│   └── claude_desktop_config.json  # Claude Desktop configuration
├── docker-compose.yml   # Service definitions and orchestration
├── health-server.js     # Health check server implementation
├── package.json         # Node.js dependencies
└── start.sh             # Helper script to start services

Testing the Integration

After starting the services, you can test the MCP integration:

Basic Health Check:
```
curl http://localhost:8081/health
```
Should return: {"status":"ok"}
Verify Container Status:
```
docker ps --filter "name=kali-mcp-commander-minimal"
```
Should show the container as "healthy"
View Container Logs:
```
docker logs kali-mcp-commander
```
Check for any error messages or warnings

Configuration

Claude Desktop Configuration

To use this MCP server with Claude Desktop, you'll need to configure the following in your Claude Desktop settings:

MCP Server URL: http://localhost:8081
Project Path: The full path to this repository on your system

This configuration includes two MCP server options:

Kali Linux MCP (Required): Runs commands inside the Docker container with Kali Linux tools
Host OS Commander (Optional): Can be used to run commands directly on the host OS where Claude Desktop is installed. You can remove this section if you only need the Kali Linux environment.

Example claude_desktop_config.json:

{
  "mcpServerUrl": "http://localhost:8081",
  "projectPath": "/path/to/Claude-Kali-MCP-Commander",
  "mcpServers": {
    "kali-mcp": {
      "command": "docker",
      "args": [
        "exec",
        "-i",
        "kali-mcp-commander-minimal",
        "npx",
        "@wonderwhy-er/desktop-commander"
      ],
      "name": "Kali Linux MCP",
      "description": "Access Kali Linux security tools via MCP"
    },
    "desktop-commander": {
      "command": "npx",
      "args": [
        "@wonderwhy-er/desktop-commander@latest"
      ],
      "name": "Host OS Commander",
      "description": "Access commands on the host OS where Claude Desktop is installed"
    }
  },
  "defaultMcpServerId": "kali-mcp"
}

Environment Variables

You can customize the following environment variables in the docker-compose.yml file:

MCP_SERVER_PORT: Port for the MCP server (default: 8080)
NODE_ENV: Environment mode (development/production)
LOG_LEVEL: Logging verbosity (debug, info, warn, error)

Port Configuration

To change the default ports, modify the ports section in docker-compose.yml:

ports:
  - "8081:8080"  # HostPort:ContainerPort

Troubleshooting

Common Issues

Port Conflicts
- Symptom: Container fails to start with port binding errors
- Solution: Change the host port in docker-compose.yml
Container Health Check Fails
- Symptom: Container restarts continuously
- Solution: Check logs with docker logs kali-mcp-commander-minimal
MCP Server Not Responding
- Symptom: Claude Desktop can't connect to the MCP server
- Solution:
  - Verify the server is running: curl http://localhost:8081/health
  - Check Docker network settings
  - Ensure no firewall is blocking port 8081

Debugging

For detailed debugging, you can modify the docker-compose.yml to include additional logging:

environment:
  - NODE_ENV=development
  - DEBUG=*

Security Considerations

The container runs with minimal privileges
Network access is restricted to localhost by default
Regular security updates are recommended for the base Kali Linux image
Review the Dockerfile for any custom configurations

Performance

The container is optimized for minimal resource usage
Health checks ensure service availability
Resource limits can be configured in docker-compose.yml

Contributing

Contributions are welcome! Please read our Contributing Guidelines for details on how to contribute to this project.

When contributing, please:

Fork the repository
Create a feature branch
Commit your changes
Push to the branch
Create a new Pull Request

License

This project is licensed under the MIT License - see the LICENSE file for details.

Credits

Original work by Eduard Ruzga (2024)

Support

For support, please open an issue on GitHub.

Recommended Servers

playwright-mcp

A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.

Official

Featured

TypeScript

Magic Component Platform (MCP)

An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.

Audiense Insights MCP Server

Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.

VeyraX MCP

Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.

Official

Featured

Local

graphlit-mcp-server

The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.

Official

Featured

TypeScript

Kagi MCP Server

An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.

Official

Featured

Python

E2B

Using MCP to run code via e2b.

Official

Featured

Neon Database

MCP server for interacting with Neon Management API and databases

Official

Featured

Exa Search

A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.

Official

Featured

Qdrant Server

This repository is an example of how to create a MCP server for Qdrant, a vector search engine.

Official

Featured