Kali Security Tools Actor > Comprehensive security testing platform with 600+ Kali Linux tools for penetration testing, vulnerability scanning, and security research. ## 🔐 Overview The Kali Security Tools Actor brings the power of Kali Linux's extensive security toolkit to the Apify platform. Run professional-grade penetration testing, vulnerability assessments, and security research directly in the cloud without managing local infrastructure. ### Key Features - 🛡️ 600+ Security Tools - Complete Kali Linux arsenal including Nmap, Metasploit, Gobuster, SQLmap, and more - 🤖 AI Integration - Natural language interface for complex security workflows via AGENTS.md - ☁️ Cloud-Native - Run resource-intensive scans without local infrastructure - 📊 Structured Output - JSON-formatted results with severity scoring and CVSS ratings - 🎯 Multiple Scan Modes - Reconnaissance, vulnerability scanning, web application testing, network analysis - 📈 Comprehensive Reporting - Executive summaries and detailed technical reports - 🔒 Built-in Safeguards - Authorization controls and ethical hacking best practices --- ## ⚠️ Legal & Ethical Use ### 🆕 NEW: User-Friendly Authorization System You are responsible for ensuring you have permission to scan all targets. This Actor now features a simplified authorization system that doesn't block scans but helps document your purpose. 📖 See AUTHORIZATION_GUIDE.md for complete details ### Quick Start Authorization Minimal scan (just 2 fields required): json { "mode": "reconnaissance", "targets": ["scanme.nmap.org"] } With authorization (recommended): json { "mode": "reconnaissance", "targets": ["scanme.nmap.org"], "authorization": { "purpose": "security_research", "notes": "Learning network scanning" } } This Actor is designed for: - ✅ Authorized penetration testing engagements - ✅ Bug bounty programs - ✅ CTF (Capture The Flag) competitions - ✅ Security research and learning labs - ✅ Your own infrastructure and systems Prohibited Uses: - ❌ Scanning systems without authorization - ❌ Malicious exploitation - ❌ Denial of service attacks - ❌ Unauthorized data access Legal Compliance: Users must comply with all applicable laws including: - Computer Fraud and Abuse Act (CFAA) - United States - Computer Misuse Act - United Kingdom - Local and international cybersecurity regulations --- ## 🚀 Quick Start ### 1. Basic Reconnaissance Scan json { "mode": "reconnaissance", "targets": ["scanme.nmap.org"], "authorization": { "confirmed": true, "scopeType": "research" }, "portScan": { "enabled": true, "scanType": "version", "ports": "top-1000", "timing": "T3" } } ### 2. Web Application Security Assessment json { "mode": "web_application_scan", "targets": ["https://example.com"], "authorization": { "confirmed": true, "scopeType": "penetration_test" }, "webDiscovery": { "enabled": true, "wordlist": "/usr/share/wordlists/dirb/common.txt", "extensions": ["php", "html", "js", "txt"] }, "vulnerabilityScan": { "nikto": true, "sqlmap": false, "wpscan": false } } ### 3. Comprehensive Vulnerability Scan json { "mode": "vulnerability_scan", "targets": ["192.168.1.100"], "authorization": { "confirmed": true, "scopeType": "own_infrastructure" }, "portScan": { "enabled": true, "scanType": "comprehensive", "ports": "all" }, "vulnerabilityScan": { "nikto": true, "sqlmap": true, "wpscan": true } } --- ## 📋 Input Schema ### Required Fields | Field | Type | Description | |-------|------|-------------| | mode | string | Scan mode: reconnaissance, vulnerability_scan, web_application_scan, network_scan, password_attack, custom_workflow | | targets | array | List of targets (IPs, domains, URLs, or CIDR ranges) | | authorization.confirmed | boolean | Confirmation that you have permission to scan (REQUIRED) | | authorization.scopeType | string | Type of engagement: penetration_test, bug_bounty, ctf, research, own_infrastructure | ### Optional Configuration #### Port Scanning json { "portScan": { "enabled": true, "scanType": "stealth|connect|version|aggressive|comprehensive", "ports": "top-1000|all|80,443|1-65535", "timing": "T0|T1|T2|T3|T4|T5" } } #### Web Discovery json { "webDiscovery": { "enabled": true, "wordlist": "/usr/share/wordlists/dirb/common.txt", "extensions": ["php", "html", "js", "txt"] } } #### Vulnerability Scanning json { "vulnerabilityScan": { "nikto": true, "sqlmap": true, "wpscan": true } } --- ## 📊 Output Structure ### Dataset The Actor stores findings as structured JSON objects: json { "findingId": "nmap_192.168.1.1_80", "timestamp": "2025-11-07T12:00:00.000Z", "target": "192.168.1.1", "category": "reconnaissance", "severity": "info", "title": "Open Port: 80/tcp", "description": "Port 80/tcp is open on 192.168.1.1. Service: http", "tool": "nmap", "port": 80, "protocol": "tcp", "service": "http", "version": "Apache/2.4.41" } ### Severity Levels | Level | Description | Action Required | |-------|-------------|-----------------| | critical | Immediate exploitation possible | Fix immediately | | high | Serious vulnerability | Address quickly | | medium | Moderate risk | Remediate soon | | low | Minor issue | Fix when possible | | info | Informational | No immediate action | ### Key-Value Store Outputs - executive-summary - High-level overview with counts and statistics - technical-report - Detailed findings with remediation recommendations - raw/ - Unprocessed tool outputs (if enabled) --- ## 🛠️ Available Tools ### Currently Implemented | Tool | Category | Purpose | |------|----------|---------| | Nmap | Reconnaissance | Network scanning, port discovery, OS detection | | Gobuster | Web Discovery | Directory and file brute-forcing | | Nikto | Vulnerability | Web server vulnerability scanning | | SQLmap | Vulnerability | SQL injection detection (coming soon) | | WPScan | Vulnerability | WordPress security scanning (coming soon) | ### Full Kali Arsenal (600+ Tools) - Reconnaissance (150+ tools): Nmap, Masscan, DNSenum, Sublist3r, Fierce - Vulnerability Analysis (80+ tools): Nikto, Nuclei, OpenVAS, WPScan - Web Applications (60+ tools): Burp Suite, OWASP ZAP, SQLmap, XSSer - Password Attacks (40+ tools): Hydra, John the Ripper, Hashcat, Medusa - Wireless Attacks (30+ tools): Aircrack-ng, Reaver, Wifite - Exploitation (50+ tools): Metasploit, Armitage, SET - Forensics (40+ tools): Volatility, Binwalk, Foremost - Reverse Engineering (35+ tools): Ghidra, Radare2, OllyDbg --- ## 🎯 Use Cases ### 1. Penetration Testing Comprehensive security assessments for organizations with proper authorization. ### 2. Bug Bounty Hunting Automated reconnaissance and vulnerability discovery for bug bounty programs. ### 3. CTF Competitions Rapid enumeration and exploitation for Capture The Flag challenges. ### 4. Security Research Academic and professional security research with ethical constraints. ### 5. Infrastructure Auditing Regular security assessments of your own systems and networks. ### 6. Red Team Operations Offensive security operations for authorized engagements. --- ## 📚 Documentation ### For Developers - AGENTS.md - AI agent instructions for Cursor, Copilot, and other coding assistants - claude.md - Comprehensive development plan and architecture guide ### For Users - Input Examples - See Quick Start section above - API Reference - https://docs.apify.com/api/v2 --- ## 🔧 Development ### Local Setup bash # Clone the repository git clone https://github.com/yourusername/kali-security-tools-actor.git cd kali-security-tools-actor # Install dependencies npm install # Run locally (requires Kali Linux or Docker) apify run # Push to Apify platform apify login apify push ### Directory Structure .actor/ ├── actor.json # Actor configuration ├── input_schema.json # Input validation schema ├── output_schema.json # Output configuration └── dataset_schema.json # Dataset structure src/ └── main.js # Actor entry point Dockerfile # Kali Linux container AGENTS.md # AI integration guide README.md # This file ### Testing Targets Use these authorized targets for testing: - scanme.nmap.org - Nmap's official test server - testphp.vulnweb.com - Acunetix vulnerable test site - TryHackMe.com - Cybersecurity training platform - HackTheBox.com - Penetration testing labs --- ## 🤝 Contributing Contributions are welcome! Please follow these guidelines: 1. Fork the repository 2. Create a feature branch (git checkout -b feature/amazing-feature) 3. Commit your changes (git commit -m 'Add amazing feature') 4. Push to the branch (git push origin feature/amazing-feature) 5. Open a Pull Request ### Development Roadmap - [ ] Complete SQLmap integration - [ ] Add WPScan functionality - [ ] Implement Metasploit RPC client - [ ] Add AI-powered vulnerability analysis - [ ] Create PDF report generation - [ ] Implement real-time notifications - [ ] Add custom workflow support - [ ] Integrate CVE/CWE databases --- ## 📄 License This project is licensed under the MIT License - see the LICENSE file for details. --- ## ⚡ Support ### Getting Help - Documentation: https://docs.apify.com - Issues: https://github.com/yourusername/kali-security-tools-actor/issues - Apify Support: support@apify.com ### Reporting Security Issues If you discover a security vulnerability, please email security@yourdomain.com instead of using the issue tracker. --- ## 🙏 Acknowledgments - Kali Linux Team - For the comprehensive security toolkit - Apify - For the cloud platform and Actor framework - Security Community - For continuous improvements and feedback --- ## ⚠️ Disclaimer This Actor is provided for educational and authorized security testing purposes only. The developers and Apify are not responsible for any misuse or damage caused by this tool. Users are solely responsible for ensuring they have proper authorization before scanning any systems. USE AT YOUR OWN RISK. ALWAYS OBTAIN EXPLICIT PERMISSION BEFORE SCANNING. --- ## 📊 Statistics - 600+ Security Tools available - Sub-second initialization time - Cloud-scalable infrastructure - JSON-structured output - Multiple scan modes supported --- Built with ❤️ by the Security Tools Team Powered by Kali Linux • Apify • Claude AI