High-risk tools in Kali MCP Server
18 of the 36 tools in Kali MCP Server are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
parse_tool_outputExecuteParse output from nikto/gobuster/dirb/hydra/sqlmap into structured findings
-
runExecuteRuns a shell command on the Kali Linux system
-
dns_enumExecuteComprehensive DNS enumeration with zone transfer attempts
-
encode_decodeExecuteMulti-format encoding/decoding (base64, URL, hex, HTML, ROT13)
-
enum_sharesExecuteSMB/NFS share enumeration (smbclient, enum4linux, showmount)
-
form_analysisExecuteAnalyze a web form for vulnerabilities
-
hydra_attackExecuteBrute-force credential testing via hydra
-
network_discoveryExecutePerform multi-stage network reconnaissance and discovery
-
port_scanExecuteSmart nmap wrapper with scan presets (quick, full, stealth, udp, service, aggressive)
-
recon_autoExecuteAutomated multi-stage reconnaissance pipeline (DNS, ports, headers, SSL, exploits)
-
reverse_shellExecuteGenerate reverse shell one-liners for various languages
-
spider_websiteExecuteSpider a website to find all links and resources
-
subdomain_enumExecuteEnumerate subdomains of a target website
-
vulnerability_scanExecutePerform automated vulnerability assessment with multiple tools
-
web_auditExecutePerform a comprehensive web application audit
-
web_enumerationExecutePerform comprehensive web application discovery and enumeration
-
payload_generateExecuteGenerate payloads using msfvenom (reverse shell, bind shell, meterpreter)
-
session_switchExecuteSwitch to a different pentest session
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.