I Saw Someone Build an AI-Powered Kali Lab at BSides San Diego. Then I Built My Own.

spac3gh0st — Mon, 13 Apr 2026 23:02:25 +0000

How a conference demo turned into a full bug bounty lab with Claude Desktop, Discord remote access, and automated health monitoring on Windows and Linux.

I'll be upfront. I've been to a handful of security conferences and I'm not completely new to this world, but I'm not a full-time security researcher either and I don't have a long list of bug bounty wins. This is also the first time I've written about anything publicly, so bear with me. What I do have is a habit of seeing something interesting and refusing to let it go until I actually understand it.

That habit kicked in hard at BSides San Diego.

The Demo That Started It

I was at a talk where Kannan Prabu Ramamoorthy spun up an MCP server connected to a handful of Kali tools. If you haven't seen MCP (Model Context Protocol) before, the short version is this: it lets you connect Claude Desktop to external tools so you can control them through natural language. Instead of typing nmap flags into a terminal, you just describe what you want and Claude figures out the command, runs it, and hands you the output.

His demo, BsidesMCPDemo, was clean and intentionally minimal. Each security tool had its own Python file, a thin server.py wired them together, and that was it. nmap, nikto, gobuster, header scanning, all callable through Claude. It ran on a Mac. The design philosophy was one file per tool, debug one thing at a time. For a workshop setting that made perfect sense.

Watching it work clicked something for me. This wasn't just a neat trick. It was a genuinely different way to run recon. You could chain tools, ask follow-up questions about the output, and have Claude help you interpret what you were seeing, all in one place.

I left that talk wanting to build the same thing.

The Problem

When I got home and started looking for resources, I ran into a wall. Almost everything I found assumed you were on a Mac, or glossed over the networking side completely, or stopped at "here's a Docker container, good luck." I'm on Windows. My lab runs on a Linux VM in VMware. The gap between a cool macOS demo and actually making this work in a Windows/Linux environment was bigger than I expected.

Maybe I didn't look hard enough. But I decided if I was going to actually understand this, I needed to build it myself from scratch rather than copy a setup I only half understood.

What I Built

The core idea is pretty straightforward. Claude Desktop on Windows talking to a Kali Linux Docker container running inside an Ubuntu VM. The bridge between them is an MCP server that exposes 35 security tools, nmap, nikto, gobuster, sqlmap, subfinder and more, as things Claude can call directly.

You ask Claude to run a scan. Claude picks the right tool, runs it through the MCP server, gets the output back, and can reason about what it found. No switching between terminals, no copying output between windows.

Windows (Claude Desktop)
    │
    └── mcp-remote → localhost:8000
                          │
                     netsh portproxy
                          │
                    Ubuntu VM (VMware)
                          │
                       Docker
                          │
                  Kali Container (35 tools)

Getting the networking right took longer than I expected. The netsh portproxy setup on Windows to forward traffic into the VM, UFW firewall rules on the Ubuntu side to keep things locked down, making sure Docker bound to 0.0.0.0 so the port mapping actually worked. None of this is hard once you know it but it's the kind of thing that isn't documented anywhere in one place.

Going Further Than the Demo

Once the basic setup was working I kept adding things. This is where it got interesting.

I wanted to be able to kick off recon from my phone without SSHing into anything, so I built a Discord bot with slash commands. /port_scan, /dns_enum, /web_audit, /subdomain_enum and about 20 others. The bot only responds to my user ID, only works in my private server, and blocks the most dangerous tools from being run remotely. Every command gets logged to an audit file. I can run recon from anywhere with a phone signal.

The /investigate command is probably my favourite part of the whole thing. You point it at a target domain and it plans the recon strategy itself. It picks the first tool, runs it, reads the output, decides what to run next, chains up to 8 tool calls automatically, then writes a structured bug bounty report at the end. It costs maybe $0.10 per run on the Anthropic API. Watching it work is genuinely impressive.

I also added a /health endpoint to the MCP server and a separate monitor that polls it every 10 seconds. If the server goes down or comes back up, I get a Discord embed immediately. Both the bot and the monitor run as systemd services so they restart automatically on boot.

And for mobile access, I set up Tailscale so I can reach the whole lab from my phone over a WireGuard-encrypted tunnel without opening any ports to the internet. Combined with the Discord bot it means I have full recon capability from my phone wherever I am.

What I Learned

The networking is the hard part. The AI integration is honestly the easy part because Claude is good at this and the MCP protocol is well-designed. Getting Docker, VMware NAT networking, Windows port proxying, and UFW all playing nicely together is where the actual problem-solving happens.

Building this also made me think more carefully about security in layers than I expected. What the Docker container can access, what UFW allows through, what the Discord bot will and won't run remotely, what gets logged. I learned more about defence-in-depth from building a home lab than from reading about it.

Writing the installer scripts was the most revealing part though. When you have to automate something you can't hand-wave the parts you don't fully understand. I hit several points where I thought I understood how something worked and the script immediately proved me wrong.

The Setup Is Open Source

Everything is on GitHub at github.com/spac3gh0st00/Kali-MCP-Bounty-Lab.

I wrote two installer scripts, one for the Ubuntu VM side and one for Windows, that handle the full setup automatically. If you want to run this yourself it should take about 20 to 30 minutes and most of that is Docker pulling the Kali image.

Worth calling out the people whose work made this possible. The original inspiration was Kannan Prabu Ramamoorthy's BsidesMCPDemo, the workshop that started this whole thing. If you want to see the minimal clean foundation the concept is built on, his repo is the place to start. The expanded tool implementations and containerised server come from k3nn3dy-ai's kali-mcp. What I built on top is the Windows/Linux networking bridge, installer automation, Discord layer, health monitoring, and mobile access.

Who This Is For

If you're doing bug bounty research or security learning and you want a setup that actually works on Windows with a Linux VM, this is the gap I was trying to fill. It's not a professional red team platform. It's a home lab that lets you move faster and experiment with AI-assisted recon in a way that's more accessible than most of what I found documented.

If you saw a similar demo at a conference and thought "I want that but I'm on Windows," this is for you.

Thanks for stopping by!

The repo is at github.com/spac3gh0st00/Kali-MCP-Bounty-Lab. Authorised testing only — bug bounty programs you're enrolled in, CTFs, systems you own.

DEV Community: spac3gh0st