kali-docker-pentesting
Comprehensive pentesting toolkit using Kali Linux Docker container. Provides direct access to 200+ security tools without MCP overhead. Use when conducting security assessments, penetration testing, vulnerability scanning, or security research. Works via direct docker exec commands for maximum efficiency.
What this skill does
# Kali Docker Pentesting Skill ## Overview This skill provides intelligent access to a comprehensive Kali Linux Docker container with 200+ pentesting tools. Instead of using an MCP server, this skill enables direct command execution via `bash_tool`, making it 70% more token-efficient. ## Container Management ### Starting the Container ```bash # Basic start docker run -d --name kali \ -v $(pwd)/workspace:/workspace \ -v $(pwd)/results:/results \ kali-comprehensive # With network capabilities (for actual scanning) docker run -d --name kali \ -v $(pwd)/workspace:/workspace \ -v $(pwd)/results:/results \ --cap-add=NET_RAW \ --cap-add=NET_ADMIN \ --network host \ kali-comprehensive # With GUI access (VNC) docker run -d --name kali \ -v $(pwd)/workspace:/workspace \ -p 5900:5900 \ -p 3389:3389 \ kali-comprehensive ``` ### Running Commands ```bash # Execute single command docker exec kali [tool] [options] # Interactive shell docker exec -it kali /bin/bash # Copy files out docker cp kali:/results/scan.txt ./output/ # Copy files in docker cp ./wordlist.txt kali:/workspace/ ``` ### Container Lifecycle ```bash # Stop container docker stop kali # Start existing container docker start kali # Remove container docker rm kali # View logs docker logs kali ``` --- # Tool Catalog ## 🔍 Network Discovery & Scanning ### nmap - Network Mapper **Description:** Industry-standard network scanner for host discovery, port scanning, and service detection. **Usage:** ```bash # Basic scan docker exec kali nmap 192.168.1.1 # Service version detection docker exec kali nmap -sV 192.168.1.1 # OS detection docker exec kali nmap -O 192.168.1.1 # Comprehensive scan docker exec kali nmap -sC -sV -O -p- 192.168.1.1 # Save results docker exec kali nmap -sV -oA /results/scan 192.168.1.0/24 ``` **Common Options:** - `-sS` - SYN stealth scan - `-sT` - TCP connect scan - `-sU` - UDP scan - `-sV` - Version detection - `-O` - OS detection - `-A` - Aggressive scan (OS, version, scripts, traceroute) - `-p-` - Scan all 65535 ports - `-Pn` - Skip ping (assume host is up) - `-T4` - Faster timing (0-5) - `-oA` - Output all formats ### masscan - Fast Port Scanner **Description:** Extremely fast port scanner, can scan the entire internet in under 6 minutes. **Usage:** ```bash # Scan specific ports docker exec kali masscan 192.168.1.0/24 -p80,443,8080 # Scan all ports fast docker exec kali masscan 192.168.1.0/24 -p0-65535 --rate=10000 # Save results docker exec kali masscan 10.0.0.0/8 -p80 -oL /results/masscan.txt ``` ### netdiscover - Network Discovery **Description:** Active/passive ARP reconnaissance tool. **Usage:** ```bash # Passive mode docker exec kali netdiscover -p -i eth0 # Active mode with range docker exec kali netdiscover -r 192.168.1.0/24 ``` ### arp-scan - ARP Scanner **Description:** Discovers IPv4 hosts using ARP. **Usage:** ```bash docker exec kali arp-scan --localnet docker exec kali arp-scan 192.168.1.0/24 ``` --- ## 🌐 Web Application Testing ### nikto - Web Server Scanner **Description:** Web server vulnerability scanner. **Usage:** ```bash # Basic scan docker exec kali nikto -h http://target.com # SSL scan docker exec kali nikto -h https://target.com -ssl # Save results docker exec kali nikto -h http://target.com -o /results/nikto.txt # Tuning options docker exec kali nikto -h http://target.com -Tuning 123bde ``` ### dirb - Directory Brute Forcer **Description:** Web content scanner. **Usage:** ```bash # Default wordlist docker exec kali dirb http://target.com # Custom wordlist docker exec kali dirb http://target.com /usr/share/wordlists/dirb/common.txt # Save results docker exec kali dirb http://target.com -o /results/dirb.txt # Extensions docker exec kali dirb http://target.com -X .php,.html,.txt ``` ### gobuster - Directory/DNS Enumeration **Description:** Fast directory and DNS enumeration tool. **Usage:** ```bash # Directory enumeration docker exec kali gobuster dir -u http://target.com -w /usr/share/wordlists/dirb/common.txt # DNS subdomain enumeration docker exec kali gobuster dns -d target.com -w /usr/share/wordlists/subdomains.txt # Virtual host discovery docker exec kali gobuster vhost -u http://target.com -w /usr/share/wordlists/vhosts.txt ``` ### wfuzz - Web Fuzzer **Description:** Web application fuzzer. **Usage:** ```bash # Directory fuzzing docker exec kali wfuzz -c -z file,/usr/share/wordlists/dirb/common.txt --hc 404 http://target.com/FUZZ # Parameter fuzzing docker exec kali wfuzz -c -z file,/usr/share/wordlists/passwords.txt http://target.com/page?id=FUZZ # POST data fuzzing docker exec kali wfuzz -c -z file,users.txt -z file,pass.txt -d "user=FUZZ&pass=FUZ2Z" http://target.com/login ``` ### sqlmap - SQL Injection Tool **Description:** Automatic SQL injection and database takeover tool. **Usage:** ```bash # Basic test docker exec kali sqlmap -u "http://target.com/page?id=1" # POST request docker exec kali sqlmap -u "http://target.com/login" --data="user=admin&pass=test" # Enumerate databases docker exec kali sqlmap -u "http://target.com/page?id=1" --dbs # Dump database docker exec kali sqlmap -u "http://target.com/page?id=1" -D dbname --dump # Full automation docker exec kali sqlmap -u "http://target.com/page?id=1" --batch --dump-all ``` ### wpscan - WordPress Scanner **Description:** WordPress vulnerability scanner. **Usage:** ```bash # Basic scan docker exec kali wpscan --url http://target.com # Enumerate users docker exec kali wpscan --url http://target.com --enumerate u # Enumerate plugins docker exec kali wpscan --url http://target.com --enumerate p # Aggressive scan docker exec kali wpscan --url http://target.com --enumerate ap,at,cb,dbe ``` ### whatweb - Website Fingerprinting **Description:** Identifies websites and web technologies. **Usage:** ```bash # Basic scan docker exec kali whatweb http://target.com # Aggressive mode docker exec kali whatweb -a 3 http://target.com # Scan multiple URLs docker exec kali whatweb -i /workspace/urls.txt ``` --- ## 🔐 Password Attacks ### john - John the Ripper **Description:** Fast password cracker. **Usage:** ```bash # Crack with default wordlist docker exec kali john /workspace/hashes.txt # Use rockyou wordlist docker exec kali john --wordlist=/usr/share/wordlists/rockyou.txt /workspace/hashes.txt # Crack specific format docker exec kali john --format=raw-md5 /workspace/hashes.txt # Show cracked passwords docker exec kali john --show /workspace/hashes.txt # Incremental mode docker exec kali john --incremental /workspace/hashes.txt ``` ### hashcat - Advanced Password Recovery **Description:** World's fastest password cracker. **Usage:** ```bash # MD5 crack docker exec kali hashcat -m 0 -a 0 hashes.txt /usr/share/wordlists/rockyou.txt # SHA256 crack docker exec kali hashcat -m 1400 -a 0 hashes.txt wordlist.txt # Brute force docker exec kali hashcat -m 0 -a 3 hash.txt ?a?a?a?a?a?a # Show results docker exec kali hashcat -m 0 hashes.txt --show ``` **Hash Modes:** - 0 = MD5 - 100 = SHA1 - 1400 = SHA256 - 1700 = SHA512 - 1000 = NTLM - 3200 = bcrypt ### hydra - Network Password Cracker **Description:** Fast network logon cracker. **Usage:** ```bash # SSH brute force docker exec kali hydra -l admin -P /usr/share/wordlists/rockyou.txt ssh://192.168.1.1 # HTTP POST form docker exec kali hydra -l admin -P passwords.txt 192.168.1.1 http-post-form "/login:user=^USER^&pass=^PASS^:F=incorrect" # FTP brute force docker exec kali hydra -L users.txt -P passwords.txt ftp://192.168.1.1 # Multiple protocols docker exec kali hydra -L users.txt -P passwords.txt 192.168.1.1 ssh ftp http ``` ### medusa - Parallel Password Cracker **Description:** Speedy, parallel, modular login brute-forcer. **Usage:** ```bash # SSH attack docker exec kali medusa -h 192.168.1.1 -u admin -P passwords.txt -M ssh # HTTP basic auth docker exec kali medusa -h 192.168.1.1 -u admin -P passwords.txt -M http ``` ### crunch - Wordlist Generator **
Related in Cloud & DevOps
appbuilder-action-scaffolder
IncludedCreate, implement, deploy, and debug Adobe Runtime actions with consistent layout, validation, and error handling. Use this skill whenever the user needs to add actions to an App Builder project, understand action structure (params, response format, web/raw actions), configure actions in the manifest, use App Builder SDKs (State, Files, Events, database), deploy and invoke actions via CLI, debug action issues, or implement patterns such as webhook receivers, custom event providers, journaling consumers, large payload redirects, action sequence pipelines, and Asset Compute workers. Also trigger when users mention serverless functions in Adobe context, action logging, IMS authentication for actions, or cron-style scheduled actions.
orchestrating-datacloud
IncludedSalesforce Data Cloud product orchestrator for connect→prepare→harmonize→segment→act workflows. Use this skill when the user needs a multi-step Data Cloud pipeline, cross-phase troubleshooting, or data space and data kit management. TRIGGER when: user needs a multi-step Data Cloud pipeline, asks to set up or troubleshoot Data Cloud across phases, manages data spaces or data kits, or wants a cross-phase sf data360 workflow. DO NOT TRIGGER when: work is isolated to a single phase (use the matching phase-specific skill), the task is STDM/session tracing/parquet telemetry (use observing-agentforce), standard CRM SOQL (use querying-soql), or Apex implementation (use generating-apex).
github-project-automation
IncludedAutomate GitHub repository setup with CI/CD workflows, issue templates, Dependabot, and CodeQL security scanning. Includes 12 production-tested workflows and prevents 18 errors: YAML syntax, action pinning, and configuration. Use when: setting up GitHub Actions CI/CD, creating issue/PR templates, enabling Dependabot or CodeQL scanning, deploying to Cloudflare Workers, implementing matrix testing, or troubleshooting YAML indentation, action version pinning, secrets syntax, runner versions, or CodeQL configuration. Keywords: github actions, github workflow, ci/cd, issue templates, pull request templates, dependabot, codeql, security scanning, yaml syntax, github automation, repository setup, workflow templates, github actions matrix, secrets management, branch protection, codeowners, github projects, continuous integration, continuous deployment, workflow syntax error, action version pinning, runner version, github context, yaml indentation error
sf-datacloud
IncludedSalesforce Data Cloud product orchestrator for connect→prepare→harmonize→segment→act workflows. TRIGGER when: user needs a multi-step Data Cloud pipeline, asks to set up or troubleshoot Data Cloud across phases, manages data spaces or data kits, or wants a cross-phase `sf data360` workflow. DO NOT TRIGGER when: work is isolated to a single phase (use the matching sf-datacloud-* skill), the task is STDM/session tracing/parquet telemetry (use sf-ai-agentforce-observability), standard CRM SOQL (use sf-soql), or Apex implementation (use sf-apex).
fabric-cli
IncludedUse this skill for Fabric.so CLI workflows with the `fabric` terminal command: diagnose/install/login, search or browse a Fabric library, save notes/links/files, create folders, ask the Fabric AI assistant, manage tasks/workspaces, generate shell completion, check subscription usage, produce JSON output, and use Fabric as persistent agent memory. Do not use for Microsoft Fabric/Azure/Power BI `fab`, Daniel Miessler's Fabric framework, Python Fabric SSH, Fabric.js, or textile/fashion fabric.
lark
IncludedLark/Feishu CLI skills: lark-cli operations for docs, markdown, sheets, base, calendar, im, mail, task, okr, drive, wiki, slides, whiteboard, apps, approval, attendance, contact, vc, minutes, event. Use when the user needs to operate Lark/Feishu resources via lark-cli, send messages, manage documents, spreadsheets, calendars, tasks, OKRs, deploy web pages, or any Feishu/Lark workspace operations.