MCP Kali Workspace
AI-Powered Penetration Testing with GitHub Copilot and Kali Linux
Integrate Kali Linux security tools directly into VS Code through Model Context Protocol (MCP), enabling GitHub Copilot to execute security commands, automate reconnaissance, and assist with CTF challenges in real-time.
Features
- 🚀 One-Command Setup - Configure workspace for Kali MCP integration with a single command
- 🤖 AI-Assisted Security Testing - GitHub Copilot can execute Kali tools (nmap, gobuster, nikto, etc.)
- 🎯 Workspace-Specific - Each project gets its own isolated MCP configuration
- 🔧 Automatic Configuration - Creates Python venv, installs dependencies, configures MCP server
- 🔒 Secure - Connects to remote Kali VM via configurable endpoint
Requirements
On Your Kali VM
On Your Development Machine
- VS Code 1.102 or later
- Python 3.8+
- GitHub Copilot subscription
- Network access to Kali VM
Quick Start
1. Install Extension
Install from VS Code Marketplace or via .vsix:
code --install-extension mcp-kali-workspace-0.1.0.vsix
2. Open a Workspace
Open any folder/workspace where you want Kali integration.
3. Run Setup Command
- Press
Ctrl+Shift+P (or Cmd+Shift+P on Mac)
- Type:
MCP Kali: Setup Workspace
- Enter your Kali VM IP address (e.g.,
192.168.110.23)
4. Reload Window
When prompted, reload VS Code to activate the MCP server.
5. Start Using!
Open GitHub Copilot Chat (Ctrl+Alt+I) and ask:
- "Run an nmap scan on 192.168.1.1"
- "Use gobuster to enumerate directories on http://target.com"
- "Help me solve this CTF web challenge"
What Gets Created
The extension creates the following in your workspace:
your-workspace/
├── .mcp-kali/
│ ├── mcp_server.py # MCP protocol bridge
│ ├── requirements.txt # Python dependencies
│ ├── .venv/ # Python virtual environment
│ └── mcp-wrapper.sh # Execution wrapper
└── .vscode/
└── mcp.json # MCP server configuration
How It Works
- Local MCP Server - Runs
mcp_server.py in workspace's .mcp-kali/ directory
- Remote Kali API - Connects to
kali-server-mcp on your Kali VM (port 5000)
- GitHub Copilot - Uses MCP protocol to invoke Kali security tools
- Tool Execution - Commands execute on Kali VM, results return to VS Code
Usage Examples
Network Reconnaissance
@workspace Run nmap -sV -T4 192.168.1.0/24
Web Application Testing
Help me enumerate directories on http://target.com using gobuster
CTF Assistance
I found a login form at http://ctf.com/login - help me test for SQL injection
Custom Security Tasks
Run nikto against https://example.com and analyze the results
Troubleshooting
MCP Server Not Connecting
Check Kali Server:
# On Kali VM
curl http://localhost:5000/health
Should return: {"status":"healthy"}
Check VS Code Output:
- View → Output
- Select "MCP" from dropdown
- Look for connection errors
Python Environment Issues
Delete .mcp-kali/ and re-run setup:
rm -rf .mcp-kali
Then run MCP Kali: Setup Workspace again.
Network Connectivity
Verify you can reach Kali from your dev machine:
curl http://<kali-ip>:5000/health
Configuration
Custom Kali Port
Edit .vscode/mcp.json:
{
"servers": {
"kaliMcp": {
"args": [
"--server",
"http://<kali-ip>:<custom-port>"
]
}
}
}
Multiple Kali Servers
You can configure multiple Kali instances by editing mcp.json manually.
Privacy & Security
- Local Execution - MCP server runs locally in your workspace
- Network Only - Only connects to Kali VM you specify
- No Telemetry - Extension doesn't collect or send usage data
- Workspace Isolation - Each workspace has independent configuration
Contributing
Contributions welcome! Please check the repository for contribution guidelines.
License
MIT License - See LICENSE file for details
Resources
Disclaimer
This tool is for authorized security testing only. Users are responsible for ensuring they have permission to test target systems. Unauthorized access is illegal.
Made with ❤️ for security professionals, CTF players, and bug bounty hunters
