Container-Backed Pentest Toolkit
Run an nmap port scan and service-version detection on a CIDR or host, fully containerised.
kali_nmapContainer-backed network discovery. The framework runs nmap inside a Kali Linux container per call, parses the output into typed findings, and hands them back to the agent as structured text — no nmap installation required on the host.
Built from KaliToolbox.nmap(): a single shared Kali Dockerfile (~2 GB, cached by SHA1 content hash) is built once and reused across all 18 Kali tools. Per-tool entrypoint override means each capability runs with its own command, env-var mapping, network mode, and timeout. Output goes through NmapOutputParser to produce typed Findings with normalised service names (ssl/http→https, microsoft-ds→smb).
When a user asks:
Audit the network 192.168.1.0/24 — discover live hosts and inventory their services.
the agent calls the tool:
kali_nmap(target="192.168.1.0/24")and gets back: kali_nmap: 4 finding(s) — 192.168.1.1:80 http (lighttpd 1.4.71), 192.168.1.1:443 https, 192.168.1.5:22 ssh (OpenSSH 9.2p1), 192.168.1.10:445 smb
Set these before calling the tool. Values marked required must be present or the tool call will fail.
swarmai.skill.container.runtime required Auto-configured ContainerSkillRuntime singleton. Requires a working Docker daemon on the host.
swarmai.skill.container.policy.allowed-base-images optional Allowlist for FROM images. Defaults to alpine, kalilinux/kali-rolling, python:* — extend per deployment.
swarmai.skill.container.approval-gate optional Pluggable image-approval gate (Auto/Console/Remembering/Callback). Defaults to AutoApprovalGate.
Wire this tool into a SwarmAI crew. Use the YAML DSL for declarative workflows, or the Java builder API when you want full programmatic control.
YAML DSL
# kali-audit.yaml
name: kali-audit-crew
process: SEQUENTIAL
agents:
- id: auditor
role: Senior network security analyst
goal: Audit a network range, then write a Markdown report
tools:
- kali_nmap
- kali_whatweb
- kali_smbmap
- kali_ssh_audit
tasks:
- id: audit-task
agent: auditor
description: Audit 192.168.1.0/24, follow up on each interesting service, produce a findings report.Java
import ai.intelliswarm.swarmai.agent.Agent;
import ai.intelliswarm.swarmai.skill.runtime.ContainerSkillRuntime;
import ai.intelliswarm.swarmai.skill.runtime.KaliToolbox;
import ai.intelliswarm.swarmai.task.Task;
import ai.intelliswarm.swarmai.tool.base.BaseTool;
import java.util.List;
ContainerSkillRuntime runtime = new ContainerSkillRuntime();
KaliToolbox toolbox = new KaliToolbox(runtime);
List<BaseTool> tools = toolbox.all(); // 18 callable tools
Agent auditor = Agent.builder()
.role("Senior network security analyst")
.goal("Audit the target network and produce a findings report")
.chatClient(chatClient)
.tools(tools)
.build();
Task audit = Task.builder()
.description("Audit 192.168.1.0/24 — start with kali_nmap, follow up on each open service.")
.agent(auditor)
.build();Real scenarios where agents put this tool to work.
Implementation lives at swarmai-core/src/main/java/ai/intelliswarm/swarmai/skill/runtime/KaliToolbox.java in the swarm-ai repository.