// MCP TOOL REFERENCE

ZEBBERN KALI MCP TOOLS

128 tools from the Zebbern Kali MCP MCP Server, categorised by risk level.

// ALL 128 ZEBBERN KALI MCP TOOLS

READ 35 tools

Read ssh_estimate_transfer Estimate file transfer time over SSH. Read ad_ldap_enum Enumerate Active Directory via LDAP. Read ad_smb_enum Enumerate SMB shares and information on a target. Read ad_tools_status Check which AD tools are available on the Kali server. Read api_graphql_introspect Introspect a GraphQL endpoint to discover schema, types, and queries. Read api_jwt_analyze Analyze a JWT token for weaknesses. Read callback_list callback_list Read callback_status callback_status Read ctf_download_file ctf_download_file Read ctf_get_challenge Get full details for a specific CTF challenge. Read ctf_list_challenges List all available CTF challenges. Read ctf_scoreboard Fetch the current CTF scoreboard. Read ctf_status Check current CTF platform connection status. Read cve_package_audit cve_package_audit Read exploit_details Get full details and source code for an exploit. Read exploit_search Search for exploits using searchsploit. Read fingerprint_headers Analyze HTTP response headers for security posture. Read fingerprint_url Fingerprint a URL to detect technologies, frameworks, and CMS. Read health Check the health status of the Kali API server. Read hosts_list List all managed /etc/hosts entries added via Kali-MCP. Read kali_download Download file content from the Kali server as base64. Read msf_session_list List all active Metasploit sessions. Read payload_list List all generated payloads. Read payload_templates List available payload templates and encoders for msfvenom. Read pivot_list_pivots List all configured pivot points/routes. Read pivot_list_tunnels List all active tunnels and port forwards. Read read_output read_output Read reverse_shell_status Get the status of reverse shell sessions. Read ssh_session_download_content Download file content from a remote host via SSH as base64. Read ssh_session_status Check the status of an SSH session. Read ssh_sessions List all active SSH sessions. Read system_network_info Get comprehensive network information for the Kali Linux system. Read target_download_file target_download_file Read tools_crtsh tools_crtsh Read vpn_status vpn_status

WRITE 5 tools

Write ctf_submit_flag ctf_submit_flag Write exploit_copy Copy an exploit to a working directory for modification. Write hosts_add hosts_add Write kali_upload kali_upload Write target_upload_file target_upload_file

DESTRUCTIVE 5 tools

Destructive callback_clear callback_clear Destructive hosts_clear hosts_clear Destructive hosts_remove hosts_remove Destructive msf_session_destroy Destroy a specific Metasploit session. Destructive msf_session_destroy_all Destroy all active Metasploit sessions.

EXECUTE 83 tools

Execute api_newman_run Run a Postman/Newman collection against API endpoints. Execute callback_start callback_start Execute callback_stop callback_stop Execute callback_wait callback_wait Execute msf_session_execute msf_session_execute Execute parse_tool_output parse_tool_output Execute payload_host_start Start HTTP server to host generated payloads for download. Execute payload_host_stop Stop the payload hosting server. Execute pivot_chisel_client Start a Chisel client to connect to a Chisel server. Execute pivot_chisel_server Start a Chisel server for tunneling. Execute pivot_ligolo_start Start a Ligolo-ng proxy server for pivoting. Execute pivot_stop_all_tunnels Stop all active tunnels and port forwards. Execute pivot_stop_tunnel Stop a specific tunnel. Execute reverse_shell_listener_start reverse_shell_listener_start Execute reverse_shell_stop Stop a reverse shell session. Execute ssh_session_start ssh_session_start Execute ssh_session_stop Stop/disconnect an SSH session. Execute tools_assetfinder Execute Assetfinder for asset discovery. Execute tools_byp4xx Execute byp4xx for 403 bypass testing. Execute tools_enum4linux Execute Enum4linux Windows/Samba enumeration tool. Execute tools_fierce Execute Fierce for DNS reconnaissance. Execute tools_httpx Execute httpx for HTTP probing. Execute tools_john Execute John the Ripper password cracker. Execute tools_subfinder Execute Subfinder for subdomain enumeration. Execute tools_subzy Execute Subzy for subdomain takeover detection. Execute tools_waybackurls Execute waybackurls to fetch URLs from Wayback Machine. Execute ad_asreproast Perform AS-REP Roasting to get hashes for accounts with pre-auth disabled. Execute ad_bloodhound_collect ad_bloodhound_collect Execute ad_kerberoast ad_kerberoast Execute ad_password_spray ad_password_spray Execute ad_psexec ad_psexec Execute ad_secretsdump ad_secretsdump Execute ad_wmiexec ad_wmiexec Execute api_auth_bypass_test Test for authentication bypass vulnerabilities. Execute api_ffuf_fuzz api_ffuf_fuzz Execute api_fuzz_endpoint api_fuzz_endpoint Execute api_graphql_fuzz Fuzz a GraphQL endpoint for vulnerabilities. Execute api_jwt_crack Attempt to crack a JWT token's signing secret. Execute api_kiterunner_scan Scan API endpoints using Kiterunner for route discovery. Execute api_nuclei_scan Run Nuclei templates against API endpoints. Execute api_rate_limit_test Test API rate limiting controls. Execute callback_check callback_check Execute callback_latest callback_latest Execute cve_search cve_search Execute exec_stream exec_stream Execute exploit_suggest_for_service Get exploit suggestions for a specific service. Execute exploit_suggest_from_nmap Analyze nmap scan output and suggest exploits for discovered services. Execute fingerprint_waf Detect Web Application Firewall (WAF) on a target URL. Execute payload_one_liner payload_one_liner Execute pivot_ssh_local pivot_ssh_local Execute pivot_ssh_remote pivot_ssh_remote Execute reverse_shell_command reverse_shell_command Execute reverse_shell_download_content Download file content from target via reverse shell and return as base64. Execute ssh_session_command ssh_session_command Execute tools_amass tools_amass Execute tools_arjun tools_arjun Execute tools_gobuster tools_gobuster Execute tools_gowitness tools_gowitness Execute tools_hydra tools_hydra Execute tools_katana tools_katana Execute tools_masscan tools_masscan Execute tools_nikto tools_nikto Execute tools_nmap tools_nmap Execute tools_sqlmap tools_sqlmap Execute tools_ssh_audit tools_ssh_audit Execute tools_sslscan tools_sslscan Execute tools_wpscan tools_wpscan Execute zebbern_exec zebbern_exec Execute callback_generate callback_generate Execute ctf_connect ctf_connect Execute msf_session_create Create a new persistent Metasploit (msfconsole) session. Execute payload_generate payload_generate Execute pivot_add_pivot pivot_add_pivot Execute pivot_generate_proxychains Generate a proxychains configuration for pivoting through SOCKS proxy. Execute pivot_socat_forward Create a socat port forward. Execute pivot_ssh_dynamic Create an SSH dynamic SOCKS proxy. Execute reverse_shell_generate_payload reverse_shell_generate_payload Execute reverse_shell_send_payload reverse_shell_send_payload Execute reverse_shell_upload_content reverse_shell_upload_content Execute send_input send_input Execute ssh_session_upload_content ssh_session_upload_content Execute vpn_connect vpn_connect Execute vpn_disconnect vpn_disconnect

// FAQ

How many tools does the Zebbern Kali MCP MCP server have? +

The Zebbern Kali MCP MCP server exposes 128 tools across 4 categories: Read, Write, Destructive, Execute.

How do I enforce policies on Zebbern Kali MCP tools? +

Route the Zebbern Kali MCP server through the PolicyLayer gateway. Define allow, deny, or approval rules per tool in the dashboard; they are enforced on every call before it reaches the server.

What risk categories do Zebbern Kali MCP tools fall into? +

Zebbern Kali MCP tools are categorised as Read (35), Write (5), Destructive (5), Execute (83). Each category has a recommended default policy.

Enforce policy on every Zebbern Kali MCP tool call.

Deterministic rules across all 128 Zebbern Kali MCP tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

GOVERN ZEBBERN KALI →

Free to start. No card required.

42,500+ MCP servers and 110,000+ tools scanned and risk-classified.