// SCAN REPORT

Kali Security MCP

249 tools. 182 can modify or destroy data without limits.

1 destructive tool with no built-in limits. Policy required.

Last updated:

182 can modify or destroy data
67 read-only
249 tools total

Community server · catalogue entry verified 11/06/2026

How to control Kali Security MCP ↓

TOOL MAP

Read (67) Write / Execute (181) Destructive / Financial (1)

MOST DANGEROUS TOOLS

Critical Risk
Destructive · High apk_decompile APK反编译分析 Execute · Critical adaptive_execute_strategy The tool executes adaptive penetration testing strategies through automated workflows on a Kali-integrated security platform. Execute · High advanced_web_security_assessment This tool executes automated security assessment operations against web applications. Execute · Critical ai_execute_strategy This tool automatically executes attack strategies recommended by an AI system.

182 of Kali Security MCP's 249 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

HOW TO CONTROL KALI SECURITY MCP

PolicyLayer is an MCP gateway — it sits between your AI agents and Kali Security MCP, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations
{
  "apk_decompile": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "add_ctf_challenge": {
    "limits": [
      {
        "counter": "add_ctf_challenge_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "authorized_asset_inventory": {
    "limits": [
      {
        "counter": "authorized_asset_inventory_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register Kali Security MCP — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON KALI SECURITY →

Free to start. No card required.

ALL 249 KALI SECURITY MCP TOOLS

DESTRUCTIVE 1 tools
Destructive apk_decompile APK反编译分析
EXECUTE 172 tools
Execute adaptive_execute_strategy 执行自适应策略 Execute advanced_web_security_assessment Execute advanced web application security assessment. Execute ai_execute_strategy AI策略执行 - 自动执行推荐的攻击策略 Execute authorized_comprehensive_security_assessment Run authorized full-chain assessment using neutral external naming. Execute authorized_controlled_validation Run controlled validation phase only when allowed_actions permits it. Execute authorized_credential_assessment Run authorized credential audit phase only when allowed_actions permits it. Execute authorized_environment_review Run environment review phase only when allowed_actions permits it. Execute authorized_injection_verification Run non-destructive injection verification only (no dump/exfiltration). Execute authorized_network_exposure_assessment Run authorized network exposure assessment with phase-level output. Execute authorized_template_validation Run template-based security validation with constrained severity scope. Execute authorized_web_application_assessment Run authorized web assessment with exposure review and vuln validation. Execute browser_execute_js 在浏览器上下文中执行JavaScript代码 Execute browser_navigate 在已有会话中导航到新页面 Execute browser_start_session browser_start_session Execute bully_attack Execute bully for WPS attacks. Execute execute_command Execute an arbitrary command on the Kali server. Execute metasploit_run Execute a Metasploit module. Execute multi_target_execute_batch 批量执行多目标攻击任务 Execute nuclei_technology_detection Execute Nuclei technology detection scan. Execute proxy_start 启动代理服务器 - 用于流量拦截 Execute reaver_attack Execute Reaver for WPS PIN attacks. Execute recon_ng_run Execute recon-ng for reconnaissance. Execute start_adaptive_apt_attack start_adaptive_apt_attack Execute start_attack_session 开始新的攻击会话 - 启动自动日志记录和PoC生成。 Execute trigger_next_attack_phase 手动触发下一攻击阶段 - 强制进入下一轮攻击。 Execute workflow_execute 执行测试工作流 Execute ad_full_attack ad_full_attack Execute adaptive_cmdi_test 自适应命令注入测试 Execute adaptive_intelligent_orchestration 智能编排多目标自适应攻击 Execute adaptive_network_penetration 自适应网络渗透测试 - 智能化网络攻击。 Execute adaptive_sqli_test 自适应SQL注入测试 - 智能检测和利用 Execute adaptive_web_penetration 自适应Web渗透测试 - 智能化Web应用攻击。 Execute adaptive_xss_test 自适应XSS测试 - 上下文感知的XSS检测 Execute advanced_ctf_solver 高级CTF题目自动求解器 - 基于题目特征的智能化攻击策略。 Execute ai_smart_continuation AI智能续接 - 基于当前上下文智能推荐下一步操作 Execute aircrack_attack aircrack_attack Execute apt_comprehensive_attack 执行APT综合攻击链 - 全面的多向量并发攻击。 Execute apt_network_penetration 执行APT网络渗透攻击链 - 自动化多阶段网络渗透测试。 Execute apt_web_application_attack 执行APT Web应用攻击链 - 自动化多阶段Web应用渗透。 Execute arp_scan Execute arp-scan for network discovery. Execute auth_bypass_test 认证绕过测试 - 内置工作流 Execute auto_apt_attack_with_poc 自动APT攻击并生成PoC - 完整的APT攻击链,自动记录和生成PoC。 Execute auto_ctf_solve_with_poc auto_ctf_solve_with_poc Execute auto_network_discovery_workflow 自动化网络发现工作流 - 实际执行网络侦察和服务发现。 Execute auto_osint_workflow 自动化OSINT情报收集工作流 - 实际执行开源情报收集。 Execute auto_pentest auto_pentest Execute auto_pilot_attack auto_pilot_attack Execute auto_reverse_analyze 自动选择可用工具进行逆向分析 - 智能工具选择 Execute auto_web_security_workflow 自动化Web安全评估工作流 - 实际执行完整的Web应用安全测试。 Execute bandit_scan bandit_scan Execute bettercap_attack bettercap_attack Execute browser_intercept_request browser_intercept_request Execute brutespray_attack brutespray_attack Execute code_audit_comprehensive code_audit_comprehensive Execute command_injection_deep_excavate command_injection_deep_excavate Execute comprehensive_network_scan Execute comprehensive network reconnaissance workflow. Execute comprehensive_recon comprehensive_recon Execute cross_validate_vulns 交叉验证黑盒和白盒发现的漏洞,提升置信度。 Execute crowbar_attack crowbar_attack Execute ctf_auto_detect_solver CTF题目自动检测求解器 - 先分析目标类型再选择策略 Execute ctf_crypto_reverser CTF密码学逆向专用工具 - 分析二进制中的密码学算法 Execute ctf_crypto_solver Crypto类CTF题目求解器 - 执行密码学分析工具 Execute ctf_misc_solve CTF Misc题目自动求解 Execute ctf_misc_solver Misc类CTF题目求解器 - 执行文件分析和隐写检测 Execute ctf_multi_agent_solve ctf_multi_agent_solve Execute ctf_poc_scan ctf_poc_scan Execute ctf_pwn_solver ctf_pwn_solver Execute ctf_quick_scan CTF快速扫描 - 针对CTF环境优化的快速漏洞发现。 Execute ctf_reverse_solver CTF逆向题目自动求解器 - 使用radare2进行综合逆向分析 Execute ctf_ultimate_solve ctf_ultimate_solve Execute ctf_web_attack CTF Web攻击链 - 专门针对CTF Web题目的攻击。 Execute ctf_web_comprehensive_solver Web类CTF题目全面求解器 - 实际执行多阶段Web攻击 Execute dcsync_attack DCSync攻击 - 模拟域控制器复制获取密码哈希 Execute detect_blind_vulnerability 盲注漏洞检测 - 基于响应差异 Execute dirb_scan 使用 Dirb 执行目录枚举。 Execute dnsenum_scan 使用 Dnsenum 执行 DNS 枚举。 Execute dnsrecon_scan dnsrecon_scan Execute enum4linux_scan Execute Enum4linux Windows/Samba enumeration tool. Execute fast_reconnaissance 执行快速侦察工作流。 Execute feroxbuster_scan 使用 Feroxbuster 执行目录与资源爆破。 Execute ffuf_scan ffuf_scan Execute fierce_scan 使用 Fierce 执行 DNS 侦察。 Execute file_inclusion_deep_excavate file_inclusion_deep_excavate Execute flawfinder_scan flawfinder_scan Execute forensics_full_analysis forensics_full_analysis Execute fping_scan Execute fping for fast ping sweeps. Execute frida_hook frida_hook Execute fuzz_all_params 全参数模糊测试 - 自动识别并测试所有参数 Execute fuzz_parameter fuzz_parameter Execute ghidra_analyze_binary 使用Ghidra分析二进制文件 - NSA开源逆向分析工具 Execute gobuster_scan gobuster_scan Execute grpc_call grpc_call Execute hashcat_crack hashcat_crack Execute http_compare 比较两个HTTP响应的差异 - 用于盲注检测 Execute http_replay 重放历史HTTP请求,可修改参数 Execute httpx_probe httpx_probe Execute hydra_attack hydra_attack Execute intelligent_apt_campaign 智能APT攻击活动 - 最高级别的自适应攻击。 Execute intelligent_attack_with_poc intelligent_attack_with_poc Execute intelligent_ctf_solver 智能CTF题目求解器 - 实际执行扫描和攻击工具。 Execute intelligent_penetration_testing 智能渗透测试 - 遵循标准方法论执行实际渗透测试。 Execute intelligent_smart_scan 执行智能扫描 - 实际调用工具并返回结果。 Execute intelligent_vulnerability_assessment 智能漏洞评估 - 实际执行多工具扫描。 Execute john_crack john_crack Execute joomscan_scan Execute joomscan for Joomla security testing. Execute kerberoast Kerberoasting攻击 - 提取服务账户TGS票据 Execute llm_auto_pentest llm_auto_pentest Execute masscan_fast_scan masscan_fast_scan Execute medusa_attack 使用 Medusa 执行口令验证测试。 Execute memory_forensics 内存取证分析 Execute mobile_security_scan mobile_security_scan Execute multi_target_orchestrate 执行多目标攻击编排 Execute ncrack_attack 使用 Ncrack 执行网络服务凭据验证。 Execute netdiscover_scan netdiscover_scan Execute network_penetration_test Network penetration testing workflow. Execute nikto_scan Execute Nikto web server scanner. Execute nmap_scan nmap_scan Execute nuclei_cve_scan Execute Nuclei CVE vulnerability scan. Execute nuclei_network_scan Execute Nuclei network security scan. Execute nuclei_scan nuclei_scan Execute nuclei_web_scan Execute Nuclei web application security scan. Execute optimize_tool_parameters optimize_tool_parameters Execute parallel_directory_scanning 并行执行多个目标的目录扫描。 Execute parallel_port_scanning 并行执行多个目标的端口扫描。 Execute patator_attack patator_attack Execute pixiewps_attack pixiewps_attack Execute privilege_escalation_deep_excavate privilege_escalation_deep_excavate Execute pwn_deep_excavate pwn_deep_excavate Execute pwn_fuzz_check 快速Fuzzing检测 - 直接调用 pwnpasi.auto_fuzzing Execute pwn_heap_analyze 堆漏洞分析 - 直接调用 pwnpasi.heap_exploit Execute pwn_rop_analyze pwn_rop_analyze Execute pwn_symbolic_explore 符号执行分析 - 直接调用 pwnpasi.symbolic_analysis Execute pwnpasi_auto_pwn pwnpasi_auto_pwn Execute quick_pwn_check quick_pwn_check Execute radare2_analyze_binary 使用Radare2分析二进制文件 - 开源逆向分析工具 Execute semgrep_scan semgrep_scan Execute smart_ctf_solve CTF极速解题工作流 — 30-60秒超时的快速自适应攻击链。 Execute smart_full_pentest 完整渗透测试工作流 — 9步全面自适应扫描。 Execute smart_network_recon 智能网络侦察工作流 — 基于结果驱动的自适应网络扫描。 Execute smart_scan smart_scan Execute smart_tool_chain smart_tool_chain Execute sql_injection_deep_excavate sql_injection_deep_excavate Execute sqlmap_scan Execute SQLmap SQL injection scanner. Execute subfinder_scan Execute Subfinder for fast subdomain discovery. Execute ultimate_scan ultimate_scan Execute verify_vulnerability 验证候选漏洞 (candidate → verified/failed)。 Execute web_app_security_assessment Comprehensive web application security assessment workflow. Execute wfuzz_scan 使用 Wfuzz 执行参数与路径模糊测试。 Execute whatweb_scan whatweb_scan Execute wpscan_scan wpscan_scan Execute ws_fuzz WebSocket模糊测试 Execute xss_deep_excavate xss_deep_excavate Execute yersinia_attack yersinia_attack Execute adaptive_create_execution_context 创建自适应执行上下文 Execute add_chain_step add_chain_step Execute browser_click browser_click Execute browser_close_session 关闭浏览器会话并保存状态(cookies/storage持久化到磁盘) Execute browser_type_text browser_type_text Execute create_attack_chain 创建攻击链。 Execute file_upload_deep_excavate file_upload_deep_excavate Execute generate_adaptive_scan_plan 基于目标特征和已有结果生成自适应扫描计划。 Execute generate_attack_paths 生成针对目标的APT攻击路径。 Execute generate_poc_from_current_session 从当前活跃会话生成PoC - 无需指定会话ID,直接从当前会话生成。 Execute generate_poc_from_session 从指定攻击会话生成PoC - 自动分析攻击链并生成多种格式的PoC。 Execute http_send http_send Execute http_send_raw 发送原始HTTP请求 - 完全控制请求格式 Execute http_session_manage http_session_manage Execute submit_apt_attack_chain 提交APT攻击链工作流 - 基于知识图谱的智能化并发攻击。 Execute submit_concurrent_task 提交并发任务。 Execute submit_workflow submit_workflow Execute ws_connect 建立WebSocket连接 Execute ws_send ws_send
WRITE 9 tools
Write add_ctf_challenge 添加CTF题目到当前会话。 Write ai_create_session 创建新的AI上下文感知会话 - 启用持续对话状态管理 Write ai_update_session_context ai_update_session_context Write create_ctf_session 创建CTF竞赛会话。 Write disable_ctf_mode 禁用CTF竞赛模式,返回正常渗透测试模式。 Write enable_ctf_mode 启用CTF竞赛模式。 Write issue_vulnerability issue_vulnerability Write multi_target_add_target 添加新目标到多目标协调系统 Write proxy_add_rule proxy_add_rule
READ 67 tools
Read authorized_asset_inventory Build authorized external asset inventory (subdomains + live hosts). Read adaptive_get_execution_status 获取执行上下文状态 Read adaptive_get_insights 获取自适应执行洞察 Read ai_analyze_intent AI意图分析 - 分析用户输入并提供智能建议 Read ai_get_session_history 获取AI会话历史 - 查看完整的对话历史和分析进展 Read ai_get_strategy_recommendations 获取AI策略建议 - 基于当前会话上下文推荐最佳攻击策略 Read amass_scan 使用 Amass 执行子域名与资产枚举。 Read analyze_attack_chain 评估攻击链可��性 (0-100分)。 Read analyze_response 深度响应分析 - 漏洞指标检测 Read analyze_target_intelligence 基于扫描结果分析目标特征和推荐攻击向量。 Read authorized_surface_mapping Perform authorized attack-surface mapping (non-destructive). Read authorized_web_exposure_review Review web exposure through content discovery and service checks. Read binwalk_analysis binwalk_analysis Read browser_extract_content browser_extract_content Read browser_get_network_log browser_get_network_log Read browser_heartbeat_status browser_heartbeat_status Read browser_list_sessions 列出所有活跃的浏览器会话 Read browser_screenshot 截取页面截图(支持全页面和元素截图) Read correlate_scan_results 关联和分析多个扫描工具的结果,识别漏洞模式和攻击路径。 Read ctf_detect_flags ctf_detect_flags Read ctf_get_payloads ctf_get_payloads Read ctf_knowledge_detect ctf_knowledge_detect Read ctf_suggest_action ctf_suggest_action Read end_attack_session 结束当前攻击会话 - 完成日志记录并保存会话数据。 Read extract_endpoints 从响应中提取端点和API路径 Read fingerprint_target 目标技术指纹识别 Read get_adaptive_attack_status 获取自适应攻击状态 - 查看攻击进展和发现的信息。 Read get_attack_chains 查询攻击链列表。 Read get_attack_session_details 获取攻击会话详情 - 查看指定会话的完整攻击历史。 Read get_attack_strategy 获取攻击策略推荐 - 基于历史成功率 Read get_cached_results 获取目标的缓存扫描结果 Read get_concurrent_system_stats 获取并发任务系统统计信息。 Read get_ctf_challenges_status 获取所有CTF题目的状态。 Read get_detected_flags 获取所有检测到的Flag。 Read get_recommended_payloads 获取推荐的Payload - 基于历史数据和目标特征 Read get_task_status 获取任务状态。 Read get_vuln_candidates 获取待验证的候选漏洞列表 (按严重程度排序)。 Read get_vuln_report 导出漏洞评估报告。 Read get_workflow_status 获取工作流状态。 Read grpc_reflect gRPC服务反射 - 获取服务定义 Read http_history 查看HTTP请求历史 Read identify_attack_surfaces 基于目标信息识别攻击面。 Read list_attack_sessions 获取所有攻击会话列表 - 查看历史和当前的所有攻击会话。 Read list_poc_templates 获取可用的PoC模板 - 查看系统支持的所有PoC生成模板。 Read log_attack_step log_attack_step Read multi_target_get_status 获取多目标协调系统状态 Read proxy_get_intercepted 获取已拦截的请求列表 Read pwn_comprehensive_attack pwn_comprehensive_attack Read reverse_tool_check 检查可用的逆向分析工具 - 检测本机逆向工程工具 Read searchsploit_search Search exploit database using searchsploit. Read server_health Check the health status of the Kali API server. Read shellcheck_scan shellcheck_scan Read sherlock_search sherlock_search Read smart_web_recon smart_web_recon Read stego_detect stego_detect Read sublist3r_scan 使用 Sublist3r 执行子域名枚举。 Read theharvester_osint theharvester_osint Read v2_system_status 获取Kali MCP v2.0系统状态 Read vuln_get_statistics 获取漏洞数据库统计信息 Read vuln_intelligent_match vuln_intelligent_match Read vuln_recommendation vuln_recommendation Read vuln_search_cve vuln_search_cve Read vuln_search_exploitable vuln_search_exploitable Read vuln_search_product vuln_search_product Read vuln_search_recent 搜索最近发布的漏洞 Read vuln_search_severity 按严重程度搜索漏洞 Read workflow_define 定义测试工作流

RELATED SERVERS

Other MCP servers with similar tools — same risk classification, starter policies for each.

BNB Chain MCP 1240 tools
adminautomation
Binance MCP Server 734 tools
adminautomation
Nodebench 724 tools
adminautomation
GoHighLevel MCP Server 566 tools
adminautomation
UnClick 451 tools
adminautomation
NowAIKit — ServiceNow AI Toolkit 446 tools
adminautomation
Mcp Windows 441 tools
adminautomation
0nmcp 407 tools
adminautomation

FAQ

Can an AI agent delete data through the Kali Security MCP server? +

Yes. The Kali Security MCP server exposes 1 destructive tools including apk_decompile. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Kali Security MCP? +

The Kali Security MCP server has 9 write tools including add_ctf_challenge, ai_create_session, ai_update_session_context. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Kali Security MCP.

How many tools does the Kali Security MCP server expose? +

249 tools across 4 categories: Destructive, Execute, Read, Write. 67 are read-only. 182 can modify, create, or delete data.

How do I enforce a policy on Kali Security MCP? +

Register the Kali Security MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Kali Security MCP tool call.

Deterministic rules across all 249 Kali Security MCP tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

ENFORCE POLICY ON KALI SECURITY →

Free to start. No card required.

249 Kali Security MCP tools catalogued and risk-classified — across an index of 42,500+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.