// SCAN REPORT

Zebbern Kali MCP

128 tools. 93 can modify or destroy data without limits.

5 destructive tools with no built-in limits. Policy required.

Last updated:

93 can modify or destroy data
35 read-only
128 tools total

Community server · catalogue entry verified 11/06/2026

How to control Zebbern Kali MCP ↓

TOOL MAP

Read (35) Write / Execute (88) Destructive / Financial (5)

MOST DANGEROUS TOOLS

Critical Risk
Destructive · Critical msf_session_destroy_all This tool irreversibly destroys all active Metasploit Framework sessions without possibility of recovery. Destructive · High callback_clear The description is empty, which lowers confidence. Destructive · Critical hosts_clear The tool operates in a Kali Linux environment (offensive security toolkit) and the name 'hosts_clear' strongly indicates cache clearing or hosts file manipulation. Destructive · High hosts_remove The 'remove' action in the name indicates an irreversible deletion or removal operation.

93 of Zebbern Kali MCP's 128 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

HOW TO CONTROL ZEBBERN KALI MCP

PolicyLayer is an MCP gateway — it sits between your AI agents and Zebbern Kali MCP, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations
{
  "callback_clear": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "ctf_submit_flag": {
    "limits": [
      {
        "counter": "ctf_submit_flag_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "ssh_estimate_transfer": {
    "limits": [
      {
        "counter": "ssh_estimate_transfer_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register Zebbern Kali MCP — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON ZEBBERN KALI →

Free to start. No card required.

ALL 128 ZEBBERN KALI MCP TOOLS

DESTRUCTIVE 5 tools
Destructive callback_clear callback_clear Destructive hosts_clear hosts_clear Destructive hosts_remove hosts_remove Destructive msf_session_destroy Destroy a specific Metasploit session. Destructive msf_session_destroy_all Destroy all active Metasploit sessions.
EXECUTE 83 tools
Execute api_newman_run Run a Postman/Newman collection against API endpoints. Execute callback_start callback_start Execute callback_stop callback_stop Execute callback_wait callback_wait Execute msf_session_execute msf_session_execute Execute parse_tool_output parse_tool_output Execute payload_host_start Start HTTP server to host generated payloads for download. Execute payload_host_stop Stop the payload hosting server. Execute pivot_chisel_client Start a Chisel client to connect to a Chisel server. Execute pivot_chisel_server Start a Chisel server for tunneling. Execute pivot_ligolo_start Start a Ligolo-ng proxy server for pivoting. Execute pivot_stop_all_tunnels Stop all active tunnels and port forwards. Execute pivot_stop_tunnel Stop a specific tunnel. Execute reverse_shell_listener_start reverse_shell_listener_start Execute reverse_shell_stop Stop a reverse shell session. Execute ssh_session_start ssh_session_start Execute ssh_session_stop Stop/disconnect an SSH session. Execute tools_assetfinder Execute Assetfinder for asset discovery. Execute tools_byp4xx Execute byp4xx for 403 bypass testing. Execute tools_enum4linux Execute Enum4linux Windows/Samba enumeration tool. Execute tools_fierce Execute Fierce for DNS reconnaissance. Execute tools_httpx Execute httpx for HTTP probing. Execute tools_john Execute John the Ripper password cracker. Execute tools_subfinder Execute Subfinder for subdomain enumeration. Execute tools_subzy Execute Subzy for subdomain takeover detection. Execute tools_waybackurls Execute waybackurls to fetch URLs from Wayback Machine. Execute ad_asreproast Perform AS-REP Roasting to get hashes for accounts with pre-auth disabled. Execute ad_bloodhound_collect ad_bloodhound_collect Execute ad_kerberoast ad_kerberoast Execute ad_password_spray ad_password_spray Execute ad_psexec ad_psexec Execute ad_secretsdump ad_secretsdump Execute ad_wmiexec ad_wmiexec Execute api_auth_bypass_test Test for authentication bypass vulnerabilities. Execute api_ffuf_fuzz api_ffuf_fuzz Execute api_fuzz_endpoint api_fuzz_endpoint Execute api_graphql_fuzz Fuzz a GraphQL endpoint for vulnerabilities. Execute api_jwt_crack Attempt to crack a JWT token's signing secret. Execute api_kiterunner_scan Scan API endpoints using Kiterunner for route discovery. Execute api_nuclei_scan Run Nuclei templates against API endpoints. Execute api_rate_limit_test Test API rate limiting controls. Execute callback_check callback_check Execute callback_latest callback_latest Execute cve_search cve_search Execute exec_stream exec_stream Execute exploit_suggest_for_service Get exploit suggestions for a specific service. Execute exploit_suggest_from_nmap Analyze nmap scan output and suggest exploits for discovered services. Execute fingerprint_waf Detect Web Application Firewall (WAF) on a target URL. Execute payload_one_liner payload_one_liner Execute pivot_ssh_local pivot_ssh_local Execute pivot_ssh_remote pivot_ssh_remote Execute reverse_shell_command reverse_shell_command Execute reverse_shell_download_content Download file content from target via reverse shell and return as base64. Execute ssh_session_command ssh_session_command Execute tools_amass tools_amass Execute tools_arjun tools_arjun Execute tools_gobuster tools_gobuster Execute tools_gowitness tools_gowitness Execute tools_hydra tools_hydra Execute tools_katana tools_katana Execute tools_masscan tools_masscan Execute tools_nikto tools_nikto Execute tools_nmap tools_nmap Execute tools_sqlmap tools_sqlmap Execute tools_ssh_audit tools_ssh_audit Execute tools_sslscan tools_sslscan Execute tools_wpscan tools_wpscan Execute zebbern_exec zebbern_exec Execute callback_generate callback_generate Execute ctf_connect ctf_connect Execute msf_session_create Create a new persistent Metasploit (msfconsole) session. Execute payload_generate payload_generate Execute pivot_add_pivot pivot_add_pivot Execute pivot_generate_proxychains Generate a proxychains configuration for pivoting through SOCKS proxy. Execute pivot_socat_forward Create a socat port forward. Execute pivot_ssh_dynamic Create an SSH dynamic SOCKS proxy. Execute reverse_shell_generate_payload reverse_shell_generate_payload Execute reverse_shell_send_payload reverse_shell_send_payload Execute reverse_shell_upload_content reverse_shell_upload_content Execute send_input send_input Execute ssh_session_upload_content ssh_session_upload_content Execute vpn_connect vpn_connect Execute vpn_disconnect vpn_disconnect
WRITE 5 tools
Write ctf_submit_flag ctf_submit_flag Write exploit_copy Copy an exploit to a working directory for modification. Write hosts_add hosts_add Write kali_upload kali_upload Write target_upload_file target_upload_file
READ 35 tools
Read ssh_estimate_transfer Estimate file transfer time over SSH. Read ad_ldap_enum Enumerate Active Directory via LDAP. Read ad_smb_enum Enumerate SMB shares and information on a target. Read ad_tools_status Check which AD tools are available on the Kali server. Read api_graphql_introspect Introspect a GraphQL endpoint to discover schema, types, and queries. Read api_jwt_analyze Analyze a JWT token for weaknesses. Read callback_list callback_list Read callback_status callback_status Read ctf_download_file ctf_download_file Read ctf_get_challenge Get full details for a specific CTF challenge. Read ctf_list_challenges List all available CTF challenges. Read ctf_scoreboard Fetch the current CTF scoreboard. Read ctf_status Check current CTF platform connection status. Read cve_package_audit cve_package_audit Read exploit_details Get full details and source code for an exploit. Read exploit_search Search for exploits using searchsploit. Read fingerprint_headers Analyze HTTP response headers for security posture. Read fingerprint_url Fingerprint a URL to detect technologies, frameworks, and CMS. Read health Check the health status of the Kali API server. Read hosts_list List all managed /etc/hosts entries added via Kali-MCP. Read kali_download Download file content from the Kali server as base64. Read msf_session_list List all active Metasploit sessions. Read payload_list List all generated payloads. Read payload_templates List available payload templates and encoders for msfvenom. Read pivot_list_pivots List all configured pivot points/routes. Read pivot_list_tunnels List all active tunnels and port forwards. Read read_output read_output Read reverse_shell_status Get the status of reverse shell sessions. Read ssh_session_download_content Download file content from a remote host via SSH as base64. Read ssh_session_status Check the status of an SSH session. Read ssh_sessions List all active SSH sessions. Read system_network_info Get comprehensive network information for the Kali Linux system. Read target_download_file target_download_file Read tools_crtsh tools_crtsh Read vpn_status vpn_status

RELATED SERVERS

Other MCP servers with similar tools — same risk classification, starter policies for each.

BNB Chain MCP 1240 tools
paymentsadminautomation
Binance MCP Server 734 tools
paymentsadminautomation
GoHighLevel MCP Server 566 tools
paymentsadminautomation
0nmcp 407 tools
paymentsadminautomation
TheProtocol — Sovereign AI Agent Platform 380 tools
paymentsadminautomation
Ebay 332 tools
paymentsadminautomation
Aibtc 327 tools
paymentsadminautomation
Unity MCP Server 324 tools
paymentsadminautomation

FAQ

Can an AI agent delete data through the Zebbern Kali MCP server? +

Yes. The Zebbern Kali MCP server exposes 5 destructive tools including callback_clear, hosts_clear, hosts_remove. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Zebbern Kali MCP? +

The Zebbern Kali MCP server has 5 write tools including ctf_submit_flag, exploit_copy, hosts_add. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Zebbern Kali MCP.

How many tools does the Zebbern Kali MCP server expose? +

128 tools across 5 categories: Destructive, Execute, Financial, Read, Write. 35 are read-only. 93 can modify, create, or delete data.

How do I enforce a policy on Zebbern Kali MCP? +

Register the Zebbern Kali MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Zebbern Kali MCP tool call.

Deterministic rules across all 128 Zebbern Kali MCP tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

ENFORCE POLICY ON ZEBBERN KALI →

Free to start. No card required.

128 Zebbern Kali MCP tools catalogued and risk-classified — across an index of 42,500+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.