Container-Backed Pentest Toolkit
Identify web server software, frameworks, CMS platforms, and JavaScript libraries on a target host.
kali_whatwebContainer-backed HTTP fingerprinter. Uses WhatWeb inside the shared Kali image to produce a stack identification report; falls back to a curl HEAD when the site has no banner.
Built from KaliToolbox.whatweb(). triggerWhen guidance in the manifest tells the agent to invoke this after kali_nmap finds an HTTP port. Parameter schema: target (URL or host).
When a user asks:
Fingerprint http://192.168.1.1
the agent calls the tool:
kali_whatweb(target="http://192.168.1.1")and gets back: http://192.168.1.1 [200 OK] HTTPServer[lighttpd/1.4.71], Lighttpd[1.4.71], Title[Router admin], Cookies[SESSION]
Set these before calling the tool. Values marked required must be present or the tool call will fail.
swarmai.skill.container.runtime required Shared ContainerSkillRuntime; required for all KaliToolbox tools.
Wire this tool into a SwarmAI crew. Use the YAML DSL for declarative workflows, or the Java builder API when you want full programmatic control.
YAML DSL
# Composes naturally with kali_nmap in a reactive audit:
# 1. agent calls kali_nmap → finds 192.168.1.1:80 open
# 2. agent calls kali_whatweb(target='http://192.168.1.1') → fingerprints stack
# 3. agent decides next step based on what it foundJava
import ai.intelliswarm.swarmai.skill.runtime.KaliToolbox;
import ai.intelliswarm.swarmai.skill.runtime.ContainerSkillRuntime;
import ai.intelliswarm.swarmai.tool.base.BaseTool;
BaseTool whatweb = new KaliToolbox(new ContainerSkillRuntime()).whatweb();
String result = (String) whatweb.execute(java.util.Map.of("target", "http://192.168.1.1"));Real scenarios where agents put this tool to work.
Implementation lives at swarmai-core/src/main/java/ai/intelliswarm/swarmai/skill/runtime/KaliToolbox.java in the swarm-ai repository.