How to Turn Claude into a Hacker

Claude is a brilliant AI assistant. But with the right tools — MCP servers, Docker, and a Kali Linux container — you can transform it into a full-blown pentesting co-pilot that runs nmap, sqlmap, nikto, and more, all from a simple chat prompt.

Offensive Security  |  MCP + Docker  |  For authorized testing only

// 00 — What is MCP and why does it matter?

MCP — the Model Context Protocol — is Anthropic’s open standard that lets Claude connect to external tools, APIs, and servers. Think of it as giving Claude hands. Instead of just answering questions about hacking, Claude can actually run the tools.

The result? You describe what you want in plain English. Claude figures out which tool to call, runs it inside a sandboxed Docker container, and returns the results directly in your chat window. No tab switching, no manual command wiring.

Architecture Overview

// system flow

You  (Claude Desktop)

  ↓  stdio transport

Docker MCP Gateway  (orchestrator)

  ↓  spawns on demand

Kali Linux MCP Server  (Docker container)

  ↓  executes

nmap / sqlmap / nikto / dirb / wpscan / searchsploit

A community-maintained GitHub repository (docker-mcp-tutorial) is the reference implementation that makes this whole thing click. It includes a custom MCP Builder Prompt — a meta-prompt you feed to Claude that generates a complete, working MCP server from a plain English description.

// 01 — What you need before starting

Docker Desktop

Runs and manages your MCP server containers. Install and keep it running in the background.

Claude Desktop

The local app that connects to your MCP servers via stdio transport.

Python 3.11+

MCP servers are written in Python using the FastMCP library.

FastMCP

The Python library that wraps your tools and exposes them as MCP endpoints.

▶ PREREQUISITE CHECK

Run `docker ps` and `docker mcp –help` in your terminal. If both respond cleanly, you’re ready to build.

// 02 — The MCP Builder Prompt: Claude builds Claude’s tools

The most powerful trick in this approach is the MCP Builder Prompt. It turns Claude into a senior MCP developer. You open the prompt template, describe what you want, and Claude generates all 5 files needed to deploy a working MCP server.

▶ HOW TO USE IT

Open mcp-builder-prompt/mcp-builder-prompt.md from the repo. Paste its contents into Claude, then describe your desired server. Claude will generate server.py, Dockerfile, requirements.txt, catalog.yaml, and CLAUDE.md — everything ready to run.

Example prompt for a pentesting server

// prompt input

“Build an MCP server using a Kali Linux Docker container

with security tools: nmap, nikto, sqlmap, wpscan, dirb,

and searchsploit. Create Python functions wrapped with

FastMCP decorators for each tool, sanitizing inputs and

returning formatted text results. Run as non-root with

proper capabilities for network tools.”

Claude will output a production-ready server with error handling, input sanitization, and Docker configuration — built to the exact spec of the MCP protocol. No boilerplate writing required.

Critical rules Claude follows when generating servers

• Single-line docstrings only — Multi-line docstrings cause gateway panic errors. Every tool gets exactly one line.
• No complex type hints — No Optional, Union, or List[str]. Every parameter is param: str = “”.
• Always return strings — All tools must return formatted strings, never dicts, lists, or None.
• Log to stderr only — stdout is reserved for MCP protocol messages. Debugging info goes to stderr.

// 03 — Building the Kali Linux pentesting server

Once Claude generates your files, deploying takes about 5 minutes. Here’s the complete flow:

// server.py skeleton (generated by Claude)

from fastmcp import FastMCP

import subprocess, shlex, logging, sys

logging.basicConfig(stream=sys.stderr, level=logging.INFO)

mcp = FastMCP(“kali-pentest”)

@mcp.tool()

def nmap_scan(target: str = “”, flags: str = “”) -> str:

    “Run nmap scan against a target host or IP.”

    if not target:

        return “Error: target is required”

    cmd = shlex.split(f”nmap {flags} {target}”)

    result = subprocess.run(cmd, capture_output=True, text=True, timeout=60)

    return result.stdout or result.stderr

# … sqlmap_scan, nikto_scan, dirb_scan, etc.

if __name__ == “__main__”:

    mcp.run()

// Dockerfile

FROM python:3.11-slim

RUN apt-get update && apt-get install -y \

    nmap nikto sqlmap dirb \

    && rm -rf /var/lib/apt/lists/*

WORKDIR /app

COPY requirements.txt .

RUN pip install -r requirements.txt

COPY server.py .

USER nobody

CMD [“python”, “server.py”]

// build & register

# Build the Docker image

docker build -t kali-mcp-server .

# Register in your custom catalog

mkdir -p ~/.docker/mcp/catalogs

nano ~/.docker/mcp/catalogs/custom.yaml

# Add to catalog:

# kali-pentest:

#   image: kali-mcp-server

#   description: Kali Linux pentesting tools

// 04 — Connecting the server to Claude Desktop

Edit your Claude Desktop config to point at the Docker MCP Gateway. The gateway acts as a proxy — one connection in Claude, all your MCP servers available on demand.

// ~/Library/Application Support/Claude/claude_desktop_config.json

{

  “mcpServers”: {

    “mcp-toolkit-gateway”: {

      “command”: “docker”,

      “args”: [

        “run”, “-i”, “–rm”,

        “-v”, “/var/run/docker.sock:/var/run/docker.sock”,

        “-v”, “/Users/YOU/.docker/mcp:/mcp”,

        “docker/mcp-gateway”,

        “–catalog=/mcp/catalogs/custom.yaml”,

        “–transport=stdio”

      ]

    }

  }

}

Quit Claude Desktop completely and reopen it. The gateway will spin up on first use. You should see your MCP server listed in Claude’s tool panel.

▶ VERIFY IT WORKS

In Claude, type: “Run an nmap scan on scanme.nmap.org” — you should see Claude call the nmap_scan tool and return live results directly in the chat window.

// 05 — Using Claude as your pentesting co-pilot

Once connected, Claude doesn’t just run commands — it reasons about the output. It identifies open ports, suggests follow-up scans, correlates nikto findings with CVEs, and proposes attack paths, all in natural language.

Example workflow prompts

// recon phase

“Run a full nmap scan on 192.168.1.10, identify open ports,

then run nikto against any web services you find.”

// exploitation phase

“The target is running WordPress 5.8 on port 80.

Run wpscan with the aggressive plugin detection mode

and identify exploitable vulnerabilities.”

// injection testing

“Test this URL for SQL injection using sqlmap with

level 3 risk 2: http://target.local/page?id=1

Report any injectable parameters found.”

Claude chains tools automatically. Ask it to “do a full web app recon” and it’ll run nmap, pass open ports to nikto, look up CVEs with searchsploit, and summarize everything — without you writing a single command.

// 06 — Storing secrets safely

If your MCP server needs API keys (e.g., for Shodan, VirusTotal), never hardcode them in environment variables. Docker MCP has a dedicated secrets manager:

// secrets management

# Store a secret

docker mcp secret set SHODAN_API_KEY=”your-key-here”

# Verify it’s stored

docker mcp secret list

# Secrets are injected as env vars at container runtime

# — never written to disk or visible in docker inspect

Containers run as non-root with minimal Linux capabilities. The Docker socket is mounted read-only where possible. Each tool call is isolated — a crash in one tool doesn’t bring down the gateway.

[!] AUTHORIZED TESTING ONLY

Running nmap, sqlmap, nikto, or any security tool against systems you do not own or have explicit written permission to test is illegal in most jurisdictions. Always operate within a signed scope of work. Use lab environments like HackTheBox, TryHackMe, or your own VMs for practice.

The tools demonstrated here are standard in any professional penetration tester’s toolkit — but the law doesn’t care about your tools, only your authorization.

// 07 — What this changes for security professionals

The combination of Claude + MCP + Docker is genuinely new territory. You get the reasoning of a large language model fused with the execution power of real pentesting tools — all sandboxed, all auditable, all controllable from a chat interface.

For bug bounty hunters, this speeds up recon dramatically. For pentesters, it reduces the cognitive overhead of chaining tools. For security teams building internal tooling, the MCP Builder Prompt means you can spin up custom security automation servers in an afternoon, not a sprint.

▶ GET STARTED

Clone the docker-mcp-tutorial repo, open the MCP Builder Prompt, describe your ideal security server, and let Claude build it for you.

Reference: github.com/docker-mcp-tutorial  |  For educational and authorized testing purposes only

claude + mcp + docker = your ai pentesting co-pilot