Made a containerized Kali MCP server that enables semi-autonomous pentesting (github.com)

A contributor released a containerized Model Context Protocol (MCP) server that exposes a Kali Linux environment for semi‑autonomous penetration testing and security research. The package runs as a Docker/Docker Compose service (docker compose up --build -d, verify with docker ps | grep kali-mcp-server) and is designed to be connected to MCP‑aware clients (Claude, Gemini CLI, VS Code Copilot) so LLMs or other agents can execute reconnaissance and exploitation commands inside an isolated Kali container rather than on the host. Key workflow features include automatic background job handling for long‑running commands (>60s), workspace artifact management, centralized service API tokens (GitHub, Shodan, VirusTotal), and interactsh integration for out‑of‑band (OOB) interaction detection useful for blind vuln testing. Technically, the server exposes commands (run_kali_command, get_job_status, list_background_jobs, start_interactsh, poll_interactsh, etc.) and bundles common tooling (nmap, masscan, ffuf, dirb, whatweb, nikto, dnsrecon, curl, jq, seclists, exiftool). The container requires elevated capabilities (NET_ADMIN, NET_RAW) to operate network scanners, and the authors strongly warn to disable any built‑in terminal features in MCP clients so execution remains confined to the container. The project lowers friction for automated pentest orchestration with LLMs but carries operational risks—privileged containers and API token handling demand careful configuration and authorization; use only for legitimate, authorized testing.