Kali Security MCP MCP Server: 249 Tools with Risk Policies

// ALL 249 KALI SECURITY MCP TOOLS

READ 67 tools

Read authorized_asset_inventory Build authorized external asset inventory (subdomains + live hosts). Read adaptive_get_execution_status 获取执行上下文状态 Read adaptive_get_insights 获取自适应执行洞察 Read ai_analyze_intent AI意图分析 - 分析用户输入并提供智能建议 Read ai_get_session_history 获取AI会话历史 - 查看完整的对话历史和分析进展 Read ai_get_strategy_recommendations 获取AI策略建议 - 基于当前会话上下文推荐最佳攻击策略 Read amass_scan 使用 Amass 执行子域名与资产枚举。 Read analyze_attack_chain 评估攻击链可��性 (0-100分)。 Read analyze_response 深度响应分析 - 漏洞指标检测 Read analyze_target_intelligence 基于扫描结果分析目标特征和推荐攻击向量。 Read authorized_surface_mapping Perform authorized attack-surface mapping (non-destructive). Read authorized_web_exposure_review Review web exposure through content discovery and service checks. Read binwalk_analysis binwalk_analysis Read browser_extract_content browser_extract_content Read browser_get_network_log browser_get_network_log Read browser_heartbeat_status browser_heartbeat_status Read browser_list_sessions 列出所有活跃的浏览器会话 Read browser_screenshot 截取页面截图（支持全页面和元素截图） Read correlate_scan_results 关联和分析多个扫描工具的结果，识别漏洞模式和攻击路径。 Read ctf_detect_flags ctf_detect_flags Read ctf_get_payloads ctf_get_payloads Read ctf_knowledge_detect ctf_knowledge_detect Read ctf_suggest_action ctf_suggest_action Read end_attack_session 结束当前攻击会话 - 完成日志记录并保存会话数据。 Read extract_endpoints 从响应中提取端点和API路径 Read fingerprint_target 目标技术指纹识别 Read get_adaptive_attack_status 获取自适应攻击状态 - 查看攻击进展和发现的信息。 Read get_attack_chains 查询攻击链列表。 Read get_attack_session_details 获取攻击会话详情 - 查看指定会话的完整攻击历史。 Read get_attack_strategy 获取攻击策略推荐 - 基于历史成功率 Read get_cached_results 获取目标的缓存扫描结果 Read get_concurrent_system_stats 获取并发任务系统统计信息。 Read get_ctf_challenges_status 获取所有CTF题目的状态。 Read get_detected_flags 获取所有检测到的Flag。 Read get_recommended_payloads 获取推荐的Payload - 基于历史数据和目标特征 Read get_task_status 获取任务状态。 Read get_vuln_candidates 获取待验证的候选漏洞列表 (按严重程度排序)。 Read get_vuln_report 导出漏洞评估报告。 Read get_workflow_status 获取工作流状态。 Read grpc_reflect gRPC服务反射 - 获取服务定义 Read http_history 查看HTTP请求历史 Read identify_attack_surfaces 基于目标信息识别攻击面。 Read list_attack_sessions 获取所有攻击会话列表 - 查看历史和当前的所有攻击会话。 Read list_poc_templates 获取可用的PoC模板 - 查看系统支持的所有PoC生成模板。 Read log_attack_step log_attack_step Read multi_target_get_status 获取多目标协调系统状态 Read proxy_get_intercepted 获取已拦截的请求列表 Read pwn_comprehensive_attack pwn_comprehensive_attack Read reverse_tool_check 检查可用的逆向分析工具 - 检测本机逆向工程工具 Read searchsploit_search Search exploit database using searchsploit. Read server_health Check the health status of the Kali API server. Read shellcheck_scan shellcheck_scan Read sherlock_search sherlock_search Read smart_web_recon smart_web_recon Read stego_detect stego_detect Read sublist3r_scan 使用 Sublist3r 执行子域名枚举。 Read theharvester_osint theharvester_osint Read v2_system_status 获取Kali MCP v2.0系统状态 Read vuln_get_statistics 获取漏洞数据库统计信息 Read vuln_intelligent_match vuln_intelligent_match Read vuln_recommendation vuln_recommendation Read vuln_search_cve vuln_search_cve Read vuln_search_exploitable vuln_search_exploitable Read vuln_search_product vuln_search_product Read vuln_search_recent 搜索最近发布的漏洞 Read vuln_search_severity 按严重程度搜索漏洞 Read workflow_define 定义测试工作流

WRITE 9 tools

Write add_ctf_challenge 添加CTF题目到当前会话。 Write ai_create_session 创建新的AI上下文感知会话 - 启用持续对话状态管理 Write ai_update_session_context ai_update_session_context Write create_ctf_session 创建CTF竞赛会话。 Write disable_ctf_mode 禁用CTF竞赛模式，返回正常渗透测试模式。 Write enable_ctf_mode 启用CTF竞赛模式。 Write issue_vulnerability issue_vulnerability Write multi_target_add_target 添加新目标到多目标协调系统 Write proxy_add_rule proxy_add_rule

DESTRUCTIVE 1 tools

Destructive apk_decompile APK反编译分析

EXECUTE 172 tools

Execute adaptive_execute_strategy 执行自适应策略 Execute advanced_web_security_assessment Execute advanced web application security assessment. Execute ai_execute_strategy AI策略执行 - 自动执行推荐的攻击策略 Execute authorized_comprehensive_security_assessment Run authorized full-chain assessment using neutral external naming. Execute authorized_controlled_validation Run controlled validation phase only when allowed_actions permits it. Execute authorized_credential_assessment Run authorized credential audit phase only when allowed_actions permits it. Execute authorized_environment_review Run environment review phase only when allowed_actions permits it. Execute authorized_injection_verification Run non-destructive injection verification only (no dump/exfiltration). Execute authorized_network_exposure_assessment Run authorized network exposure assessment with phase-level output. Execute authorized_template_validation Run template-based security validation with constrained severity scope. Execute authorized_web_application_assessment Run authorized web assessment with exposure review and vuln validation. Execute browser_execute_js 在浏览器上下文中执行JavaScript代码 Execute browser_navigate 在已有会话中导航到新页面 Execute browser_start_session browser_start_session Execute bully_attack Execute bully for WPS attacks. Execute execute_command Execute an arbitrary command on the Kali server. Execute metasploit_run Execute a Metasploit module. Execute multi_target_execute_batch 批量执行多目标攻击任务 Execute nuclei_technology_detection Execute Nuclei technology detection scan. Execute proxy_start 启动代理服务器 - 用于流量拦截 Execute reaver_attack Execute Reaver for WPS PIN attacks. Execute recon_ng_run Execute recon-ng for reconnaissance. Execute start_adaptive_apt_attack start_adaptive_apt_attack Execute start_attack_session 开始新的攻击会话 - 启动自动日志记录和PoC生成。 Execute trigger_next_attack_phase 手动触发下一攻击阶段 - 强制进入下一轮攻击。 Execute workflow_execute 执行测试工作流 Execute ad_full_attack ad_full_attack Execute adaptive_cmdi_test 自适应命令注入测试 Execute adaptive_intelligent_orchestration 智能编排多目标自适应攻击 Execute adaptive_network_penetration 自适应网络渗透测试 - 智能化网络攻击。 Execute adaptive_sqli_test 自适应SQL注入测试 - 智能检测和利用 Execute adaptive_web_penetration 自适应Web渗透测试 - 智能化Web应用攻击。 Execute adaptive_xss_test 自适应XSS测试 - 上下文感知的XSS检测 Execute advanced_ctf_solver 高级CTF题目自动求解器 - 基于题目特征的智能化攻击策略。 Execute ai_smart_continuation AI智能续接 - 基于当前上下文智能推荐下一步操作 Execute aircrack_attack aircrack_attack Execute apt_comprehensive_attack 执行APT综合攻击链 - 全面的多向量并发攻击。 Execute apt_network_penetration 执行APT网络渗透攻击链 - 自动化多阶段网络渗透测试。 Execute apt_web_application_attack 执行APT Web应用攻击链 - 自动化多阶段Web应用渗透。 Execute arp_scan Execute arp-scan for network discovery. Execute auth_bypass_test 认证绕过测试 - 内置工作流 Execute auto_apt_attack_with_poc 自动APT攻击并生成PoC - 完整的APT攻击链，自动记录和生成PoC。 Execute auto_ctf_solve_with_poc auto_ctf_solve_with_poc Execute auto_network_discovery_workflow 自动化网络发现工作流 - 实际执行网络侦察和服务发现。 Execute auto_osint_workflow 自动化OSINT情报收集工作流 - 实际执行开源情报收集。 Execute auto_pentest auto_pentest Execute auto_pilot_attack auto_pilot_attack Execute auto_reverse_analyze 自动选择可用工具进行逆向分析 - 智能工具选择 Execute auto_web_security_workflow 自动化Web安全评估工作流 - 实际执行完整的Web应用安全测试。 Execute bandit_scan bandit_scan Execute bettercap_attack bettercap_attack Execute browser_intercept_request browser_intercept_request Execute brutespray_attack brutespray_attack Execute code_audit_comprehensive code_audit_comprehensive Execute command_injection_deep_excavate command_injection_deep_excavate Execute comprehensive_network_scan Execute comprehensive network reconnaissance workflow. Execute comprehensive_recon comprehensive_recon Execute cross_validate_vulns 交叉验证黑盒和白盒发现的漏洞，提升置信度。 Execute crowbar_attack crowbar_attack Execute ctf_auto_detect_solver CTF题目自动检测求解器 - 先分析目标类型再选择策略 Execute ctf_crypto_reverser CTF密码学逆向专用工具 - 分析二进制中的密码学算法 Execute ctf_crypto_solver Crypto类CTF题目求解器 - 执行密码学分析工具 Execute ctf_misc_solve CTF Misc题目自动求解 Execute ctf_misc_solver Misc类CTF题目求解器 - 执行文件分析和隐写检测 Execute ctf_multi_agent_solve ctf_multi_agent_solve Execute ctf_poc_scan ctf_poc_scan Execute ctf_pwn_solver ctf_pwn_solver Execute ctf_quick_scan CTF快速扫描 - 针对CTF环境优化的快速漏洞发现。 Execute ctf_reverse_solver CTF逆向题目自动求解器 - 使用radare2进行综合逆向分析 Execute ctf_ultimate_solve ctf_ultimate_solve Execute ctf_web_attack CTF Web攻击链 - 专门针对CTF Web题目的攻击。 Execute ctf_web_comprehensive_solver Web类CTF题目全面求解器 - 实际执行多阶段Web攻击 Execute dcsync_attack DCSync攻击 - 模拟域控制器复制获取密码哈希 Execute detect_blind_vulnerability 盲注漏洞检测 - 基于响应差异 Execute dirb_scan 使用 Dirb 执行目录枚举。 Execute dnsenum_scan 使用 Dnsenum 执行 DNS 枚举。 Execute dnsrecon_scan dnsrecon_scan Execute enum4linux_scan Execute Enum4linux Windows/Samba enumeration tool. Execute fast_reconnaissance 执行快速侦察工作流。 Execute feroxbuster_scan 使用 Feroxbuster 执行目录与资源爆破。 Execute ffuf_scan ffuf_scan Execute fierce_scan 使用 Fierce 执行 DNS 侦察。 Execute file_inclusion_deep_excavate file_inclusion_deep_excavate Execute flawfinder_scan flawfinder_scan Execute forensics_full_analysis forensics_full_analysis Execute fping_scan Execute fping for fast ping sweeps. Execute frida_hook frida_hook Execute fuzz_all_params 全参数模糊测试 - 自动识别并测试所有参数 Execute fuzz_parameter fuzz_parameter Execute ghidra_analyze_binary 使用Ghidra分析二进制文件 - NSA开源逆向分析工具 Execute gobuster_scan gobuster_scan Execute grpc_call grpc_call Execute hashcat_crack hashcat_crack Execute http_compare 比较两个HTTP响应的差异 - 用于盲注检测 Execute http_replay 重放历史HTTP请求，可修改参数 Execute httpx_probe httpx_probe Execute hydra_attack hydra_attack Execute intelligent_apt_campaign 智能APT攻击活动 - 最高级别的自适应攻击。 Execute intelligent_attack_with_poc intelligent_attack_with_poc Execute intelligent_ctf_solver 智能CTF题目求解器 - 实际执行扫描和攻击工具。 Execute intelligent_penetration_testing 智能渗透测试 - 遵循标准方法论执行实际渗透测试。 Execute intelligent_smart_scan 执行智能扫描 - 实际调用工具并返回结果。 Execute intelligent_vulnerability_assessment 智能漏洞评估 - 实际执行多工具扫描。 Execute john_crack john_crack Execute joomscan_scan Execute joomscan for Joomla security testing. Execute kerberoast Kerberoasting攻击 - 提取服务账户TGS票据 Execute llm_auto_pentest llm_auto_pentest Execute masscan_fast_scan masscan_fast_scan Execute medusa_attack 使用 Medusa 执行口令验证测试。 Execute memory_forensics 内存取证分析 Execute mobile_security_scan mobile_security_scan Execute multi_target_orchestrate 执行多目标攻击编排 Execute ncrack_attack 使用 Ncrack 执行网络服务凭据验证。 Execute netdiscover_scan netdiscover_scan Execute network_penetration_test Network penetration testing workflow. Execute nikto_scan Execute Nikto web server scanner. Execute nmap_scan nmap_scan Execute nuclei_cve_scan Execute Nuclei CVE vulnerability scan. Execute nuclei_network_scan Execute Nuclei network security scan. Execute nuclei_scan nuclei_scan Execute nuclei_web_scan Execute Nuclei web application security scan. Execute optimize_tool_parameters optimize_tool_parameters Execute parallel_directory_scanning 并行执行多个目标的目录扫描。 Execute parallel_port_scanning 并行执行多个目标的端口扫描。 Execute patator_attack patator_attack Execute pixiewps_attack pixiewps_attack Execute privilege_escalation_deep_excavate privilege_escalation_deep_excavate Execute pwn_deep_excavate pwn_deep_excavate Execute pwn_fuzz_check 快速Fuzzing检测 - 直接调用 pwnpasi.auto_fuzzing Execute pwn_heap_analyze 堆漏洞分析 - 直接调用 pwnpasi.heap_exploit Execute pwn_rop_analyze pwn_rop_analyze Execute pwn_symbolic_explore 符号执行分析 - 直接调用 pwnpasi.symbolic_analysis Execute pwnpasi_auto_pwn pwnpasi_auto_pwn Execute quick_pwn_check quick_pwn_check Execute radare2_analyze_binary 使用Radare2分析二进制文件 - 开源逆向分析工具 Execute semgrep_scan semgrep_scan Execute smart_ctf_solve CTF极速解题工作流 — 30-60秒超时的快速自适应攻击链。 Execute smart_full_pentest 完整渗透测试工作流 — 9步全面自适应扫描。 Execute smart_network_recon 智能网络侦察工作流 — 基于结果驱动的自适应网络扫描。 Execute smart_scan smart_scan Execute smart_tool_chain smart_tool_chain Execute sql_injection_deep_excavate sql_injection_deep_excavate Execute sqlmap_scan Execute SQLmap SQL injection scanner. Execute subfinder_scan Execute Subfinder for fast subdomain discovery. Execute ultimate_scan ultimate_scan Execute verify_vulnerability 验证候选漏洞 (candidate → verified/failed)。 Execute web_app_security_assessment Comprehensive web application security assessment workflow. Execute wfuzz_scan 使用 Wfuzz 执行参数与路径模糊测试。 Execute whatweb_scan whatweb_scan Execute wpscan_scan wpscan_scan Execute ws_fuzz WebSocket模糊测试 Execute xss_deep_excavate xss_deep_excavate Execute yersinia_attack yersinia_attack Execute adaptive_create_execution_context 创建自适应执行上下文 Execute add_chain_step add_chain_step Execute browser_click browser_click Execute browser_close_session 关闭浏览器会话并保存状态（cookies/storage持久化到磁盘） Execute browser_type_text browser_type_text Execute create_attack_chain 创建攻击链。 Execute file_upload_deep_excavate file_upload_deep_excavate Execute generate_adaptive_scan_plan 基于目标特征和已有结果生成自适应扫描计划。 Execute generate_attack_paths 生成针对目标的APT攻击路径。 Execute generate_poc_from_current_session 从当前活跃会话生成PoC - 无需指定会话ID，直接从当前会话生成。 Execute generate_poc_from_session 从指定攻击会话生成PoC - 自动分析攻击链并生成多种格式的PoC。 Execute http_send http_send Execute http_send_raw 发送原始HTTP请求 - 完全控制请求格式 Execute http_session_manage http_session_manage Execute submit_apt_attack_chain 提交APT攻击链工作流 - 基于知识图谱的智能化并发攻击。 Execute submit_concurrent_task 提交并发任务。 Execute submit_workflow submit_workflow Execute ws_connect 建立WebSocket连接 Execute ws_send ws_send

// FAQ

How many tools does the Kali Security MCP MCP server have? +

The Kali Security MCP MCP server exposes 249 tools across 4 categories: Read, Write, Destructive, Execute.

How do I enforce policies on Kali Security MCP tools? +

Route the Kali Security MCP server through the PolicyLayer gateway. Define allow, deny, or approval rules per tool in the dashboard; they are enforced on every call before it reaches the server.

What risk categories do Kali Security MCP tools fall into? +

Kali Security MCP tools are categorised as Read (67), Write (9), Destructive (1), Execute (172). Each category has a recommended default policy.

Enforce policy on every Kali Security MCP tool call.

Deterministic rules across all 249 Kali Security MCP tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

GOVERN KALI SECURITY →

Free to start. No card required.

42,500+ MCP servers and 110,000+ tools scanned and risk-classified.