Kali AI — Autonomous Penetration Testing Platform

Kali-AI is a self-hosted, AI-powered autonomous penetration testing platform built on Kali Linux. It orchestrates industry-standard security tools, analyses findings with Claude AI, and generates professional 10‑section PDF security assessment reports — all from a single web interface with no manual effort between scan launch and final deliverable.

Designed for MSSPs, security teams, red teams, and penetration testers who require repeatable, automated vulnerability assessments without cloud SaaS pricing, data residency risk, or per-finding fees. Launch a scan, walk away, and return to a completed AI‑analysed report ready for clients or stakeholders.

On scan launch, Kali-AI automatically runs Nmap (port and service discovery), Nuclei (CVE and misconfiguration detection), Nikto (web server analysis), WhatWeb (technology fingerprinting), and Gobuster (directory enumeration). Findings are correlated, deduplicated, enriched with NIST NVD CVE data, and analysed by Anthropic Claude to produce an executive summary, risk rating, attack path analysis, prioritised remediation plan, and compliance observations. Reports are delivered as a professional PDF covering 10 sections including cover page, table of contents, risk overview, detailed findings with CVSS scores, attack paths, and NIST, PCI‑DSS, and ISO 27001 gap notes.

• Security Score Dashboard: Real-time posture score (0–100, A–F), risk gauge, severity breakdown, findings-by-tool view, activity timeline, and asset risk heatmap.
• Attack Path Visualisation: Interactive D3 graph showing how vulnerabilities chain into exploitable sequences.
• Scan Delta: Automatic comparison to previous scans showing new, resolved, and persistent findings.
• Remediation Tracker: Assign findings, set due dates, track status, add notes, and export to CSV.
• Security Copilot: Built‑in AI assistant for plain‑language queries about risk and remediation.
• Scheduling & Batch Scanning: Recurring scans, up to 20 targets per batch with parallel execution.
• RBAC: Admin, analyst, and auditor roles with JWT authentication.
• Integrations: Slack and Teams webhooks, ECS JSON export, and full REST API with X‑API‑KEY auth.
• First‑Boot Setup: No default passwords; credentials set by the operator on first access.

• MSSPs delivering automated scans with client‑ready PDF reports
• Enterprise teams running continuous internal vulnerability assessment
• Penetration testers accelerating reconnaissance and reporting
• Red teams mapping attack paths and chained exploitation
• Compliance programs requiring NIST, PCI‑DSS, and ISO 27001 gap observations
• Bug bounty research with AI‑assisted triage
• Security labs, training, and DevSecOps pipelines via API

1. Deploy the VM and open port 80.
2. Browse to http://your-vm-ip/ to access the first‑boot setup wizard.
3. Create an admin account (minimum 12‑character password).
4. Add your Anthropic API key in Settings (pay‑per‑use, no subscription).
5. Launch a scan (example target: scanme.nmap.org).
6. View the completed AI‑analysed PDF report in the Reports section.

Configuration is managed via /opt/kali-ai/.env. Restart the service after changes with sudo systemctl restart kali-ai.

• ANTHROPIC_API_KEY — Required for Claude analysis.
• KALI_AI_API_KEY — REST API access key (X‑API‑KEY header).
• APP_SECRET_KEY — JWT signing secret.
• DISPLAY_TIMEZONE — Report timestamp timezone.
• SLACK_WEBHOOK_URL / TEAMS_WEBHOOK_URL — Optional notifications.

Full documentation is available at /opt/kali-ai/README.md on the VM.

• ✅ Azure Marketplace certified and production‑ready
• ✅ No default passwords or hidden data egress
• ✅ All data stored locally; AI uses your own API key
• ✅ Full source accessible on the VM for audit and extension
• ✅ Professional cybersecurity support: info@madarsonit.com

Intended for authorised security testing only. Users must comply with applicable laws. Kali Linux is a trademark of Offensive Security. Anthropic Claude is a third‑party service requiring a user‑provided API key. Madarson IT does not provide commercial licenses for included open-source tools

Contact: Enterprise offers and custom configurations: info@madarsonit.com