High-risk tools in ikaliMCP Server
10 of the 11 tools in ikaliMCP Server are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
dirb_directory_scanExecuteDirectory and file brute forcing using DIRB - discovers hidden directories and files.
-
dynamic_tool_funcExecutedynamic_tool_func
-
gobuster_directory_scanExecuteFast directory and file brute forcing using Gobuster.
-
hashcat_gpu_crackExecuteGPU-accelerated password hash cracking using Hashcat.
-
hydra_bruteforceExecuteHydra password brute force attack against network services like SSH, FTP, HTTP, etc.
-
john_password_crackExecutePassword hash cracking using John the Ripper.
-
nikto_webscanExecuteWeb server vulnerability scanner using Nikto - scans for dangerous files, outdated software, and security issues.
-
nmap_scanExecuteNetwork discovery and port scanning with Nmap - supports various scan types and options.
-
sqlmap_injectionExecuteAutomatic SQL injection detection and exploitation using SQLMap.
-
wpscan_wordpressExecuteWordPress security scanner - detects vulnerabilities, themes, plugins, and users.
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.