Kali AI — Autonomous Penetration Testing Platform

Kali-AI is a self-hosted, AI-powered autonomous penetration testing platform built on Kali Linux. It orchestrates industry-standard security tools, analyses findings with Claude AI, and generates professional 10-section PDF security reports — all from a single web interface with no manual effort from scan launch to final output.

Designed for MSSPs, security teams, red teams, and penetration testers who need repeatable, automated assessments without SaaS pricing, data residency risk, or per-finding fees. Launch a scan and return to a completed AI-analysed report ready for stakeholders.

On scan launch, Kali-AI runs Nmap (port/service discovery), Nuclei (CVE/misconfiguration detection), Nikto (web server analysis), WhatWeb (tech fingerprinting), and Gobuster (directory enumeration). Findings are correlated, deduplicated, enriched with NIST NVD CVE data, and analysed by Claude to produce an executive summary, risk rating, attack path analysis, prioritised remediation plan, and compliance observations. Reports are delivered as a professional PDF covering 10 sections including cover page, contents, risk overview, detailed findings with CVSS scores, attack paths, and NIST, PCI-DSS, and ISO 27001 gap notes.

• Security Score Dashboard: Real-time posture score (0-100, A-F), risk gauge, severity breakdown, findings-by-tool chart, and 7-day activity timeline. Updates automatically as issues are resolved.
• Email Delivery: Scan completion notifications with findings summary and on-demand PDF delivery.
• Scheduled Scans: Cron-based scans with type selection (Full, Quick, Web, Network) and up to 20 targets per batch with parallel execution.
• Attack Path Visualisation: Interactive D3 graph showing vulnerability chains.
• Scan Delta: Comparison showing new, resolved, and persistent findings.
• Remediation Tracker: Assign findings, set due dates, track status, add notes, export to CSV.
• Security Copilot: AI assistant for plain-language risk and remediation queries.
• RBAC: Admin, analyst, auditor roles with JWT authentication.
• Integrations: Slack/Teams webhooks, ECS JSON export, REST API with X-API-KEY auth.
• First-Boot Setup: No default passwords; credentials set on first access.

• MSSPs delivering automated scans with client-ready reports
• Enterprise teams running continuous internal assessments
• Penetration testers accelerating reconnaissance and reporting
• Red teams mapping attack paths and chained exploitation
• Compliance programs requiring NIST, PCI-DSS, ISO 27001 gap observations
• Bug bounty research with AI-assisted triage
• Security labs, training, and DevSecOps pipelines via API

1. Deploy the VM and open port 80.
2. Browse to http://your-vm-ip/ to access setup.
3. Create an admin account (min. 12-character password).
4. Add your Anthropic API key in Settings.
5. Launch a scan (e.g., scanme.nmap.org).
6. View the AI-analysed PDF report in Reports.

Managed via /opt/kali-ai/.env. Restart with sudo systemctl restart kali-ai.

• ANTHROPIC_API_KEY — Required for Claude analysis
• APP_SECRET_KEY — JWT signing secret
• SMTP_HOST / SMTP_USER / SMTP_PASSWORD / SMTP_TO — Email delivery
• DISPLAY_TIMEZONE — Report timezone
• SLACK_WEBHOOK_URL / TEAMS_WEBHOOK_URL — Optional notifications

Full docs at /opt/kali-ai/README.md.

• ✓ Azure Marketplace certified and production-ready
• ✓ No default passwords or hidden data egress
• ✓ All data stored locally; AI uses your API key
• ✓ Full source available on the VM
• ✓ Support: info@madarsonit.com

For authorised security testing only. Users must comply with applicable laws. Kali Linux is a trademark of Offensive Security. Claude is a third-party service requiring a user-provided API key. Madarson IT does not provide commercial licenses for included open-source tools.

Contact: Enterprise offers, MSSP arrangements, and custom configurations: info@madarsonit.com