Simplified AI-Driven Pentesting with Kali MCP Server Powered by Kali Linux MCP Server for maximum tool compatibility
ELIOT is a simplified AI-powered penetration testing assistant that uses the official Kali Linux MCP (Model Context Protocol) server. This approach provides:
- Simplified Architecture: Uses official Kali MCP server instead of custom tool wrappers
- All Kali Tools Available: Access to every tool in Kali Linux without manual configuration
- AI-Driven Intelligence: Natural language understanding with automatic tool selection
- Clean Codebase: Reduced from 600+ lines to ~200 lines of clean, maintainable code
- Official Support: Built on Kali's official MCP implementation
- 🤖 AI-Powered Intelligence - Gemini 2.5 Pro integration
- 💬 Interactive Mode - Chat-based command interface
- 🔄 Autonomous Mode - Unattended penetration testing
- 🎯 Smart Targeting - Automatic network discovery
- 🛠️ Tool Integration - nmap, metasploit, sqlmap, hydra, and more
- 📊 Minimal Token Usage - Optimized for long-term operation
- 🔧 ELF Binary - Single executable deployment
# Clone and run immediately
git clone https://github.com/modhack2003/Eliot_THE_AI.git
cd Eliot_THE_AI
python3 main.py 2>/dev/null# Clean interface (recommended - no warnings/errors in chat)
python3 main.py 2>/dev/null
# Or use the binary
chmod +x eliot
./eliot
# Direct execution (with warnings visible)
python3 main.py# Clone the repository
git clone https://github.com/modhack2003/Eliot_THE_AI.git
cd Eliot_THE_AI
# Deploy ELIOT
chmod +x deploy_eliot_kali.sh
sudo ./deploy_eliot_kali.sh
# Configure
sudo nano /etc/eliot/config.yaml
# Start hacking!
eliot-interactive# Build standalone ELF binaries
chmod +x build_eliot_linux.sh
./build_eliot_linux.sh
# Install from package
tar -xzf eliot-hacker-assistant-linux.tar.gz
cd eliot-hacker-assistant
sudo ./install.sheliot-interactive
[USER] You: find gateway
[AI] ELIOT: [Detects your LAN gateway: 192.168.1.1]
[USER] You: scan 192.168.1.0/24
[AI] ELIOT: [Scans network and shows live hosts]
[USER] You: do anything
[AI] ELIOT: [Switches to autonomous mode]eliot
# ELIOT automatically discovers targets and attempts exploitationfind gateway- Detect LAN gateway/routerping TARGET- Ping a target hostscan NETWORK- Scan network rangecheck vulnerabilities TARGET- Run vulnerability scanexploit TARGET- Attempt to exploit targettest web URL- Test web applicationbrute force SERVICE TARGET- Brute force attackhelp- Show all commandsdo anything- Switch to autonomous modequit- Exit ELIOT
eliot --help- Show autonomous mode helpeliot --check- Check system requirementseliot --config FILE- Use custom config file
# /etc/eliot/config.yaml
llm:
providers:
- name: gemini
model: gemini-2.5-pro
api_keys:
- "YOUR_GEMINI_API_KEY_1"
- "YOUR_GEMINI_API_KEY_2"
max_tokens: 4000
temperature: 0.7
priority: 1
agent:
autonomous: false
interactive_mode: true
never_ask: false
continuous_mode: false
max_iterations: unlimited
decision_timeout: 30
retry_attempts: 5
escalation_threshold: 10
database:
type: mongodb
connection_string: "mongodb+srv://user:[email protected]/database"┌─────────────────────────────────────────────────────────────┐
│ ELIOT ARCHITECTURE │
│ │
│ ┌─────────────────────────────────────────────────────────┐ │
│ │ INTERACTIVE MODE │ │
│ │ • Chat Interface (interactive_agent.py) │ │
│ │ • User Commands & Real-time Execution │ │
│ │ • Ethical Oversight & Target Validation │ │
│ │ • MCP Client Integration │ │
│ └─────────────────────────────────────────────────────────┘ │
│ │ │
│ ▼ │
│ ┌─────────────────────────────────────────────────────────┐ │
│ │ AUTONOMOUS MODE │ │
│ │ • AI Decision Making (autonomous_workflow.py) │ │
│ │ • Target Discovery & Profiling │ │
│ │ • Automated Exploitation & Learning │ │
│ │ • Multi-Provider LLM Management │ │
│ └─────────────────────────────────────────────────────────┘ │
│ │ │
│ ▼ │
│ ┌─────────────────────────────────────────────────────────┐ │
│ │ CORE SYSTEM │ │
│ │ • LLM Manager (OpenAI, Anthropic, Gemini, Ollama) │ │
│ │ • Intelligence Gathering & Exploit Development │ │
│ │ • Persistence Layer (MongoDB) │ │
│ │ • Target Profiling & Vulnerability Scanning │ │
│ └─────────────────────────────────────────────────────────┘ │
└─────────────────────────────────────────────────────────────┘
┌─────────────────────────────────────────────────────────────────────────────────┐
│ ELIOT WORKFLOW │
└─────────────────────────────────────────────────────────────────────────────────┘
│
▼
┌─────────────────────────────────────────────────────────────────────────────────┐
│ SYSTEM INITIALIZATION │
├─────────────────────────────────────────────────────────────────────────────────┤
│ 1. Load Configuration (config.yaml) │
│ 2. Initialize LLM Manager (Multi-provider support) │
│ 3. Connect to MongoDB (Token tracking & persistence) │
│ 4. Initialize MCP Client (Kali tools integration) │
│ 5. Test API Keys (Real-time validation) │
└─────────────────────────────────────────────────────────────────────────────────┘
│
▼
┌─────────────────────────────────────────────────────────────────────────────────┐
│ MODE SELECTION │
├─────────────────────────────────────────────────────────────────────────────────┤
│ │
│ ┌─────────────────────────┐ ┌─────────────────────────┐ │
│ │ INTERACTIVE MODE │ │ AUTONOMOUS MODE │ │
│ │ │ │ │ │
│ │ • Chat-based interface │ │ • Unattended operation │ │
│ │ • User-controlled │ │ • AI decision making │ │
│ │ • Real-time execution │ │ • Continuous scanning │ │
│ │ • Ethical oversight │ │ • Automated exploitation │ │
│ └─────────────────────────┘ └─────────────────────────┘ │
│ │ │ │
│ ▼ ▼ │
└─────────────────────────────────────────────────────────────────────────────────┘
│
▼
┌─────────────────────────────────────────────────────────────────────────────────┐
│ INTERACTIVE WORKFLOW │
├─────────────────────────────────────────────────────────────────────────────────┤
│ │
│ User Input → Command Router → [Shell Commands | AI Processing] │
│ │ │ │ │ │
│ ▼ ▼ ▼ ▼ │
│ ┌─────────┐ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │
│ │ Natural │ │ Direct │ │ Shell │ │ AI │ │
│ │Language │ │ Commands │ │ Commands │ │ Processing │ │
│ │ Request │ │ (help,quit) │ │ (ls,ping) │ │ (scan,test) │ │
│ └─────────┘ └─────────────┘ └─────────────┘ └─────────────┘ │
│ │ │ │ │ │
│ ▼ ▼ ▼ ▼ │
│ ┌─────────┐ ┌─────────────┐ ┌─────────────┐ ┌─────────────┐ │
│ │Response │ │ Status │ │ subprocess │ │ LLM Manager │ │
│ │ Display │ │ Messages │ │ Direct │ │ + MCP │ │
│ └─────────┘ └─────────────┘ └─────────────┘ └─────────────┘ │
│ │
└─────────────────────────────────────────────────────────────────────────────────┘
│
▼
┌─────────────────────────────────────────────────────────────────────────────────┐
│ AUTONOMOUS WORKFLOW │
├─────────────────────────────────────────────────────────────────────────────────┤
│ │
│ ┌─────────────────┐ ┌─────────────────┐ ┌─────────────────┐ │
│ │ DISCOVERY │───▶│ PROFILING │───▶│ RESEARCH │ │
│ │ │ │ │ │ │ │
│ │ • Network scan │ │ • Service det. │ │ • Vuln search │ │
│ │ • Host discov. │ │ • OS detection │ │ • Exploit find │ │
│ │ • Target enum. │ │ • Port mapping │ │ • CVE analysis │ │
│ └─────────────────┘ └─────────────────┘ └─────────────────┘ │
│ │ │ │ │
│ ▼ ▼ ▼ │
│ ┌─────────────────┐ ┌─────────────────┐ ┌─────────────────┐ │
│ │ EXPLOITATION │◀───│ DECISION │───▶│ LEARNING │ │
│ │ │ │ MAKING │ │ │ │
│ │ • Metasploit │ │ │ │ • Pattern anal. │ │
│ │ • Custom exp. │ │ • LLM reasoning │ │ • Success rate │ │
│ │ • Brute force │ │ • Context eval │ │ • Knowledge upd │ │
│ └─────────────────┘ └─────────────────┘ └─────────────────┘ │
│ │ │ │ │
│ ▼ ▼ ▼ │
│ ┌─────────────────┐ ┌─────────────────┐ ┌─────────────────┐ │
│ │ POST-EXPLOIT │ │ ESCALATION │ │ PERSISTENCE │ │
│ │ │ │ │ │ │ │
│ │ • Session mgmt │ │ • Priv. esc. │ │ • Backdoor │ │
│ │ • Data extract │ │ • Root access │ │ • Cron jobs │ │
│ │ • Lateral mov. │ │ • Admin rights │ │ • Service reg │ │
│ └─────────────────┘ └─────────────────┘ └─────────────────┘ │
│ │
└─────────────────────────────────────────────────────────────────────────────────┘
│
▼
┌─────────────────────────────────────────────────────────────────────────────────┐
│ CORE COMPONENTS │
├─────────────────────────────────────────────────────────────────────────────────┤
│ │
│ ┌─────────────────┐ ┌─────────────────┐ ┌─────────────────┐ │
│ │ LLM MANAGER │ │ MCP CLIENT │ │ DATABASE │ │
│ │ │ │ │ │ │ │
│ │ • OpenAI │ │ • Kali tools │ │ • MongoDB │ │
│ │ • Anthropic │ │ • nmap, msf │ │ • Experiences │ │
│ │ • Gemini │ │ • hydra, sqlmap │ │ • Targets │ │
│ │ • Ollama │ │ • nikto, gob. │ │ • Sessions │ │
│ │ • API rotation │ │ • Tool exec. │ │ • Patterns │ │
│ └─────────────────┘ └─────────────────┘ └─────────────────┘ │
│ │ │ │ │
│ ▼ ▼ ▼ │
│ ┌─────────────────┐ ┌─────────────────┐ ┌─────────────────┐ │
│ │ INTELLIGENCE │ │ EXPLOIT DEV │ │ TARGETS │ │
│ │ │ │ │ │ │ │
│ │ • Web research │ │ • Code gen. │ │ • Scanner │ │
│ │ • Exploit search│ │ • Payload dev │ │ • Profiler │ │
│ │ • CVE analysis │ │ • Custom exp. │ │ • Vuln detect │ │
│ │ • Threat intel │ │ • Shellcode │ │ • Service enum │ │
│ └─────────────────┘ └─────────────────┘ └─────────────────┘ │
│ │
└─────────────────────────────────────────────────────────────────────────────────┘
│
▼
┌─────────────────────────────────────────────────────────────────────────────────┐
│ DATA FLOW │
├─────────────────────────────────────────────────────────────────────────────────┤
│ │
│ Input → Processing → Execution → Results → Learning → Adaptation │
│ │ │ │ │ │ │ │
│ ▼ ▼ ▼ ▼ ▼ ▼ │
│ User Command Tool/MCP Output Pattern Improved │
│ Request Router Execution Storage Analysis Decisions │
│ │
│ ┌─────────────────────────────────────────────────────────────────────────┐ │
│ │ CONTINUOUS LEARNING LOOP │ │
│ │ │ │
│ │ Experience → Analysis → Pattern Recognition → Knowledge Update │ │
│ │ │ │ │ │ │ │
│ │ ▼ ▼ ▼ ▼ │ │
│ │ Success/ Statistical ML Analysis Database Update │ │
│ │ Failure Analysis & Clustering & Model Training │ │
│ └─────────────────────────────────────────────────────────────────────────┘ │
│ │
└─────────────────────────────────────────────────────────────────────────────────┘
- ✅ Chat-based interface with natural language
- ✅ Real-time command execution
- ✅ User-controlled actions with ethical oversight
- ✅ Step-by-step guidance and explanations
- ✅ Target specification and validation
- ✅ Seamless switch to autonomous mode
- ✅ Unattended operation with AI decision making
- ✅ Automatic target discovery and reconnaissance
- ✅ Smart failure handling with alternative methods
- ✅ Limited cycles (prevents infinite loops)
- ✅ Minimal token usage for long-term operation
- ✅ Learning from successful/failed attempts
- ✅ Multi-Provider LLM Support (OpenAI, Anthropic, Gemini, Ollama)
- ✅ Advanced API key rotation and failover
- ✅ MongoDB persistence for experience storage
- ✅ MCP (Model Context Protocol) integration
- ✅ Cross-platform support (Linux/Kali optimized)
- ✅ Systemd service integration
- ✅ ELF binary distribution (single executable)
- ✅ Professional logging and monitoring
- ✅ Self-learning and adaptation capabilities
- ✅ Intelligence gathering and exploit development
- Use only in controlled environments with proper authorization
- Ensure legal compliance before testing any systems
- User assumes full legal responsibility for all activities
- Not intended for malicious or unauthorized activities
- Follow ethical hacking guidelines and responsible disclosure
Eliot_THE_AI/
├── agent/ # Core agent modules
│ ├── autonomous_workflow.py # Autonomous workflow engine
│ ├── core.py # Core agent functionality
│ ├── interactive_agent.py # Interactive chat interface
│ ├── llm_manager.py # Multi-provider LLM management
│ ├── config_manager.py # Configuration management
│ ├── exploit_dev/ # Exploit development tools
│ ├── intelligence/ # Intelligence gathering modules
│ ├── learning/ # Self-learning capabilities
│ ├── persistence/ # Database and logging
│ ├── targets/ # Target profiling and scanning
│ └── tools/ # Pentesting tool integrations
├── main.py # Main application entry point
├── interactive_main.py # Interactive mode entry point
├── run_agent.py # Agent runner
├── start_agent.py # Agent starter
├── mcp_client.py # MCP server client
├── config.yaml # Configuration template
├── requirements.txt # Python dependencies
├── build_eliot_linux.sh # ELF binary builder
├── deploy_eliot_kali.sh # Kali Linux deployment
├── ELIOT_DEPLOYMENT_GUIDE.md # Complete deployment guide
├── DATABASE_SETUP.md # MongoDB setup guide
└── README.md # This file
MongoDB Connection Error
# Check MongoDB status
sudo systemctl status mongodb
sudo systemctl start mongodb
# Or configure Atlas connection in config.yamlAPI Key Issues
# Verify API keys in configuration
sudo nano /etc/eliot/config.yaml
eliot --checkPermission Errors
# Fix permissions
sudo chown -R eliot:eliot /opt/eliot
sudo chown -R eliot:eliot /var/log/eliot- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
This project is for educational and authorized testing purposes only. See LICENSE for details.
ELIOT - THE AI HACKER ASSISTANT
by Bikram@2003
- Gemini 2.5 Pro for AI capabilities
- Kali Linux community for penetration testing tools
- Open source security tools (nmap, metasploit, sqlmap, etc.)
- 📖 Documentation: ELIOT_DEPLOYMENT_GUIDE.md
- 🐛 Issues: GitHub Issues
- 💬 Discussions: GitHub Discussions
ELIOT is ready to assist you with your penetration testing tasks. Remember to use it responsibly and ethically!
# Start hacking with ELIOT!
eliot-interactiveELIOT - THE AI HACKER ASSISTANT by Bikram@2003 🚀
"Intelligence meets penetration testing"