Kali Linux 2026.1: How to Use MetasploitMCP for AI-Powered Penetration Testing

Kali Linux 2026.1 shipped with a change that redefines how penetration testers interact with the most famous exploitation framework on the planet. MetasploitMCP is not another Metasploit wrapper. It is not a GUI replacement. It is an MCP server that gives AI assistants direct, programmatic control over the Metasploit Framework. You can now describe what you want to hack in plain English, and an LLM translates your intent into actual exploits, payloads, and post-exploitation commands executed on a Kali host.

This guide covers every MetasploitMCP tool, installation and configuration, integration with Claude Desktop and other MCP clients, real-world attack workflows, and the security boundaries you need to respect when giving an AI the keys to a penetration testing framework. All information is current as of May 2026.

What Is MetasploitMCP?

MetasploitMCP is an MCP (Model Context Protocol) server for Metasploit Framework. Written in Python, it creates a standardized bridge between large language models and Metasploit's exploitation capabilities. The server exposes Metasploit functions as callable tools that an AI assistant can invoke based on natural language understanding.

This is not an alternative to msfconsole. The traditional Metasploit console remains the tool for hands-on operators who know exactly what they want to execute. MetasploitMCP serves a different purpose: enabling AI-assisted penetration testing where the LLM handles module selection, option configuration, and workflow orchestration. Behind the scenes, MetasploitMCP still calls msfrpcd (the Metasploit RPC daemon).

The 12 MCP Tools in MetasploitMCP

MetasploitMCP exposes 12 distinct tools organized into four functional categories. Each tool represents a specific Metasploit capability that an AI can invoke.

Information Gathering Tools

• list_exploits — Search and list available Metasploit exploit modules. The AI can filter by platform, CVE, or keywords like "windows smb" or "apache".
• list_payloads — Filter and search available payload modules by platform or architecture. For a windows/x64 target, the AI can request only compatible payloads.

Attack Execution Tools

• run_exploit — Configure and execute exploits against targets. The AI can optionally run a check first to verify vulnerability before exploitation.
• run_auxiliary_module — Execute auxiliary modules for scanning, fuzzing, or denial-of-service testing. Auxiliary modules do not establish sessions but provide reconnaissance data.
• run_post_module — Run post-exploitation modules on existing Meterpreter or shell sessions.

Session Management Tools

• list_active_sessions — Display all active Metasploit sessions with details including session ID, type, target host, and username.
• send_session_command — Execute arbitrary commands on an active session, whether a reverse shell or Meterpreter.
• terminate_session — Force-terminate a specific session when cleanup is required.

Listener Management Tools

• list_listeners — Display all active multi/handler listeners and background jobs.
• start_listener — Create new multi/handler listeners to catch reverse connections.

Architecture: How It Works

The architecture follows a straightforward three-component model. The LLM client such as Claude Desktop interprets user intent and decides which Metasploit operation to perform. The MCP server receives tool call requests from the LLM and translates them into RPC commands. The Metasploit RPC daemon executes the actual exploitation or post-exploitation tasks.

Communication between the MCP server and Metasploit happens through msfrpcd, the official Metasploit RPC daemon. This design means MetasploitMCP works with any Metasploit installation version 6.0 or newer without modifying the framework itself.

Installation & Setup Guide

Prerequisites

• Kali Linux 2023.1 or newer (or any Debian/Ubuntu distribution with Metasploit installed)
• Metasploit Framework version 6.0 or higher
• Python 3.10 or higher
• Git for cloning the repository

Step 1: Install Metasploit Framework (If Not Already Present)

sudo apt update && sudo apt install metasploit-framework -y

Step 2: Clone and Configure MetasploitMCP

git clone https://github.com/your-repo/metasploit-mcp-server.git
cd metasploit-mcp-server
python3 -m venv venv
source venv/bin/activate
pip install -r requirements.txt

Step 3: Set Up Environment Variables

cat > .env << EOF
MSF_PASSWORD=yourpassword
MSF_SERVER=127.0.0.1
MSF_PORT=55553
MSF_SSL=false
PAYLOAD_SAVE_DIR=/home/kali/payloads
EOF

The password you set here will be used when starting the Metasploit RPC daemon. Choose a strong password and store it securely.

Step 4: Start Metasploit RPC Daemon

Open a terminal and start msfrpcd with your chosen password. This daemon must remain running for MetasploitMCP to function.

msfrpcd -P yourpassword -S -a 127.0.0.1 -p 55553

Verify that the daemon is running correctly:

ps aux | grep msfrpcd
netstat -tlnp | grep 55553

Step 5: Start the MCP Server

For HTTP/SSE transport (supports multiple AI clients):

python MetasploitMCP.py --transport http --host 0.0.0.0 --port 8085

For STDIO transport (single client, Claude Desktop integration):

python MetasploitMCP.py --transport stdio

Step 6: Configure Claude Desktop

Edit the Claude Desktop configuration file:

nano ~/.config/Claude/claude_desktop_config.json

Add the MetasploitMCP server configuration:

{
  "mcpServers": {
    "metasploit": {
      "command": "/home/kali/metasploit-mcp-server/venv/bin/python",
      "args": ["/home/kali/metasploit-mcp-server/MetasploitMCP.py", "--transport", "stdio"],
      "env": {
        "MSF_PASSWORD": "yourpassword"
      }
    }
  }
}

Restart Claude Desktop after saving the configuration file.

Real-World AI Attack Workflows

Case 1: AI-Assisted Vulnerability Validation

A red team engineer wants the AI to automatically verify which machines in a subnet are vulnerable to MS17-010 EternalBlue. The user prompt could be: "Check 192.168.1.0/24 for EternalBlue vulnerability."

The AI would call list_exploits with query "ms17_010 eternalblue" to locate the exploit module path, then run run_exploit with check=True against each responsive host in the subnet, and finally list_active_sessions to confirm where exploitation succeeded. The AI returns a summary report of vulnerable hosts without requiring the operator to manually search exploits or run individual checks.

Case 2: Natural Language Post-Exploitation

After gaining a foothold, the operator asks: "In session 1, collect all logged-in user information."

The AI interprets the intent, identifies the appropriate post-exploitation module windows/gather/enum_logged_on_users, and calls run_post_module with session_id=1. Within seconds, the operator receives the enumeration results without remembering the exact module name or syntax.

Case 3: Automated Payload Generation

When a listener needs to be paired with a specific payload, the workflow becomes multi-step but remains conversational. The AI can call list_payloads to find an appropriate payload for the target platform, call start_listener to set up a multi/handler on a specified port, then provide the generated payload command for manual delivery. The entire orchestration happens through natural language requests.

msfconsole vs MetasploitMCP: Key Differences

The two tools are not replacements for each other. msfconsole remains the tool for human operators who know their exact commands. MetasploitMCP enables AI agents to use Metasploit as a tool in their arsenal.

Security Considerations for AI-Driven Pentesting

Deploying MetasploitMCP introduces new risk surfaces beyond traditional Metasploit usage. Indirect prompt injection is the most concerning threat. An attacker could embed malicious instructions in HTTP responses or service banners that the LLM reads and acts upon, possibly leading to unintended command execution.

Before deploying in any environment, implement command allowlisting to restrict which Metasploit modules the AI can invoke. Run the MCP execution environment as a non-root user with minimal privileges. Run the MCP server on localhost only, or over SSH tunnels for remote access, never openly on a network. Treat all external data the LLM processes as potentially adversarial input.

What's New in Kali Linux 2026.1

Kali Linux 2026.1 includes several significant updates beyond MetasploitMCP. The kernel is upgraded to version 6.18, with 25 new packages added and 183 packages receiving updates. The annual theme refresh brings new wallpapers and visual polish to the boot menu, installer, login display, and desktop environment. BackTrack Mode has been integrated into Kali-Undercover, allowing users to transform their desktop to resemble BackTrack 5 with the command kali-undercover --backtrack.

The release also includes Kali NetHunter updates with Android 16 support for Redmi Note 8 devices and improved Wi-Fi packet injection capabilities.

Frequently Asked Questions

Is MetasploitMCP included in Kali Linux 2026.1 by default?

Yes. MetasploitMCP is one of eight new tools added to the Kali Linux repositories in the 2026.1 release. You can install it with sudo apt install metasploitmcp after updating your system.

What is the difference between MetasploitMCP and mcp-kali-server?

MetasploitMCP is specialized exclusively for Metasploit Framework control. mcp-kali-server is a broader tool that executes arbitrary terminal commands and can run any Kali tool including nmap, sqlmap, and John the Ripper. MetasploitMCP is the right choice for Metasploit-specific workflows; mcp-kali-server is for general system control.

Does MetasploitMCP work with other LLMs besides Claude?

Yes. When run in HTTP/SSE mode on port 8085, the MCP server can be accessed by any MCP-compatible client. This includes 5ire, custom AI agents, and other assistants that support the Model Context Protocol.

Is MetasploitMCP safe to use on live production targets?

MetasploitMCP requires the same authorization as any penetration testing tool. Never use it on systems you do not own or have explicit written permission to test. The additional AI layer introduces prompt injection risks that make it more suitable for controlled lab environments than live production targets without careful safeguards.

What are the hardware requirements for running MetasploitMCP?

MetasploitMCP itself is lightweight and runs on any system capable of running Metasploit Framework. The primary resource demands come from the Metasploit RPC daemon and any LLM you integrate. A minimum of 4GB RAM is recommended for comfortable operation.

Start AI-Powered Penetration Testing Today

MetasploitMCP represents a significant shift in how penetration testers can interact with the Metasploit Framework. The ability to describe exploitation goals in natural language and have an AI orchestrate module selection, option configuration, and post-exploitation tasks reduces friction in reconnaissance and triage.

Start by installing Kali Linux 2026.1, updating your system, and walking through the installation guide. Test the setup in a lab environment with Metasploitable or other intentionally vulnerable targets. Once comfortable, integrate with Claude Desktop or your preferred MCP client and begin exploring AI-assisted penetration testing workflows.

Download Kali Linux 2026.1 and start your AI-powered security testing journey today.