Kali AI v2 — Autonomous Penetration Testing Platform

Kali-AI v2.0 is a self-hosted autonomous penetration testing platform built on Kali Linux. A 7-tool scanning pipeline — Nmap, Nuclei, Nikto, WhatWeb, Gobuster, WPScan, and SQLMap — feeds every finding into Claude AI, which produces a professional 10-section PDF security assessment report automatically. Zero manual effort between scan launch and final deliverable.

• SQLMap: SQL injection detection across discovered web parameters — detection-only mode, no data extraction.
• WPScan: WordPress core, plugin, theme, and user vulnerability analysis.
• Email Report Delivery: Send any PDF to any recipient directly from the Reports page — no SMTP config required for on-demand delivery.
• Auto Email Notifications: Optional SMTP sends scan completion alerts with PDF attached to your team.
• Client & Project Tagging: Assign client name and project tag per scan — appears in the PDF cover page, essential for MSSP workflows.
• White-label PDF Reports: Replace Kali-AI branding with your company name and logo for client delivery.
• Scan & Report Management: Delete scans and reports from the UI with cascade removal of all findings.
• Smart Tool Selection: Scan type auto-selects appropriate tools. Individual tools still manually toggleable.

• Security Score Dashboard: Real-time posture score (0–100, A–F), risk gauge, severity breakdown, findings-by-tool chart, 7-day activity timeline.
• Attack Path Visualisation: Interactive D3 force-directed graph showing how vulnerabilities chain into exploitable sequences.
• Scan Delta: New, resolved, and persisting findings automatically tracked between scans of the same target.
• Remediation Tracker: Assign findings, set due dates, track Open → Remediated workflow, export to CSV.
• Security Copilot: AI chat for plain-language queries about findings and recommendations.
• Scheduled & Batch Scanning: Cron-based recurring scans, up to 20 batch targets, 4 parallel.
• RBAC + API: Admin/analyst/auditor roles, X-API-KEY for scripts and SIEM, Slack/Teams webhooks, ECS JSON export.

Quick (Nmap + Nuclei, ~5 min) · Full (all 7 tools, ~20–30 min) · Web (Nuclei + Nikto + WhatWeb + Gobuster + WPScan + SQLMap) · Network (Nmap only). Tools auto-selected by scan type; individually toggleable.

Built for MSSPs delivering white-label client reports, enterprise security teams, penetration testers, WordPress site auditing, compliance gap assessment (NIST, PCI-DSS, ISO 27001), and DevSecOps API-driven pipelines.

1. Deploy the VM (Standard_B2s or larger), open port 80 in your Network Security Group.
2. Browse to http://your-vm-ip/ — complete the first-boot setup wizard to create admin credentials.
3. Add your Anthropic API key: sudo nano /opt/kali-ai/.env → ANTHROPIC_API_KEY. Then: sudo systemctl restart kali-ai
4. Launch a scan — Target: scanme.nmap.org, Type: Quick. PDF report ready within minutes. Click ✉ Email to deliver it.

Required: ANTHROPIC_API_KEY (console.anthropic.com), KALI_AI_API_KEY, APP_SECRET_KEY (openssl rand -hex 32). Optional: SMTP_* for email, REPORT_COMPANY_NAME/LOGO for white-label, DISPLAY_TIMEZONE, SLACK/TEAMS_WEBHOOK_URL. Full docs at /opt/kali-ai/README.md on the VM.

For private offers, volume licensing, MSSP arrangements, advanced tooling, or custom configurations: info@madarsonit.com

• ✅ Azure Marketplace certified  
• ✅ No default passwords  
• ✅ All data stays on your VM  
• ✅ Full source accessible on the VM  
• ✅ Support: info@madarsonit.com

Responsible Use: For authorised security testing only. SQLMap runs in detection-only mode. Users must comply with all applicable laws.

Disclaimer: Kali Linux is a trademark of Offensive Security (GNU GPL). Anthropic Claude requires a separate user-provided API key. WPScan commercial use requires a WPScan licence. Madarson IT does not provide commercial licences for included open-source tools.