Turn any MCP-compatible AI into a full-spectrum penetration testing machine.
150+ security tools. 12+ autonomous agents. 13 agentskills.io skills. One unified platform.
⚡ Quick Start • 🏗️ Architecture • 🛠️ Features • 🤖 AI Agents • 📡 API Reference • 🗺️ Roadmap
⚠️ LEGAL DISCLAIMER: HexStrike AI is designed exclusively for authorized security testing, bug bounty programs, CTF competitions, and educational purposes. Never use this tool against systems you do not own or have explicit written permission to test. Unauthorized access to computer systems is illegal. The authors accept no liability for misuse. By using this software, you agree to comply with all applicable laws and regulations.
Get up and running in under 2 minutes:
# Clone & setup
git clone https://github.com/0x4m4/hexstrike-ai.git
cd hexstrike-ai
python3 -m venv hexstrike-env && source hexstrike-env/bin/activate
pip3 install -r requirements.txt
# Launch the MCP server
python3 hexstrike_server.pyThen point your AI client (Claude Desktop, Cursor, VS Code Copilot, Roo Code, or any MCP-compatible agent) at the server — see AI Client Integration for config snippets.
That's it. Your AI agent now has access to 150+ offensive security tools through natural language.
Traditional pentesting is slow, manual, and error-prone. HexStrike AI changes the game:
| Capability | Manual Pentesting | Traditional Scanners | HexStrike AI v6.0 |
|---|---|---|---|
| AI-Driven Decision Making | ❌ | ❌ | ✅ |
| Autonomous Attack Chains | ❌ | ❌ | ✅ |
| Natural Language Control | ❌ | ❌ | ✅ |
| Tool Count | ~20 | ~5-10 | 150+ |
| MCP Protocol Native | ❌ | ❌ | ✅ |
| Real-time Adaptation | Manual | Static Rules | AI-Powered |
| CTF & Bug Bounty Workflows | Manual | N/A | Built-in Agents |
| Cloud + Container Security | Separate tools | Limited | 20+ integrated |
| Avg. Vuln Scan Time | 4-8 hours | 1-2 hours | 15-30 min |
| Feature | HexStrike AI | Metasploit | Burp Suite | Cobalt Strike |
|---|---|---|---|---|
| AI Agent Integration | ✅ Native MCP | ❌ | ❌ | ❌ |
| Autonomous Pentesting | ✅ 12+ agents | ❌ Manual | ❌ Manual | Partial |
| Tool Coverage | 150+ tools | Exploit-focused | Web-only | Post-exploit |
| Natural Language | ✅ | ❌ | ❌ | ❌ |
| Open Source | ✅ MIT | ✅ (Community) | ❌ Paid | ❌ Paid |
| Cloud Security | ✅ 20+ tools | Limited | ❌ | ❌ |
| CTF Solver | ✅ Built-in | ❌ | ❌ | ❌ |
| Bug Bounty Workflows | ✅ Automated | ❌ | Partial | ❌ |
HexStrike AI MCP v6.0 features a multi-agent architecture with autonomous AI agents, intelligent decision-making, and vulnerability intelligence.
%%{init: {"themeVariables": {
"primaryColor": "#b71c1c",
"secondaryColor": "#ff5252",
"tertiaryColor": "#ff8a80",
"background": "#2d0000",
"edgeLabelBackground":"#b71c1c",
"fontFamily": "monospace",
"fontSize": "16px",
"fontColor": "#fffde7",
"nodeTextColor": "#fffde7"
}}}%%
graph TD
A[AI Agent - Claude/GPT/Copilot] -->|MCP Protocol| B[HexStrike MCP Server v6.0]
B --> C[Intelligent Decision Engine]
B --> D[12+ Autonomous AI Agents]
B --> E[Modern Visual Engine]
C --> F[Tool Selection AI]
C --> G[Parameter Optimization]
C --> H[Attack Chain Discovery]
D --> I[BugBounty Agent]
D --> J[CTF Solver Agent]
D --> K[CVE Intelligence Agent]
D --> L[Exploit Generator Agent]
E --> M[Real-time Dashboards]
E --> N[Progress Visualization]
E --> O[Vulnerability Cards]
B --> P[150+ Security Tools]
P --> Q[Network Tools - 25+]
P --> R[Web App Tools - 40+]
P --> S[Cloud Tools - 20+]
P --> T[Binary Tools - 25+]
P --> U[CTF Tools - 20+]
P --> V[OSINT Tools - 20+]
B --> W[Advanced Process Management]
W --> X[Smart Caching]
W --> Y[Resource Optimization]
W --> Z[Error Recovery]
style A fill:#b71c1c,stroke:#ff5252,stroke-width:3px,color:#fffde7
style B fill:#ff5252,stroke:#b71c1c,stroke-width:4px,color:#fffde7
style C fill:#ff8a80,stroke:#b71c1c,stroke-width:2px,color:#fffde7
style D fill:#ff8a80,stroke:#b71c1c,stroke-width:2px,color:#fffde7
style E fill:#ff8a80,stroke:#b71c1c,stroke-width:2px,color:#fffde7
- AI Agent Connects — Claude, GPT, or any MCP-compatible agent connects via the FastMCP protocol
- Intelligent Analysis — The decision engine analyzes targets and selects optimal testing strategies
- Autonomous Execution — Specialized AI agents execute comprehensive security assessments
- Real-time Adaptation — The system adapts dynamically based on discovered vulnerabilities
- Advanced Reporting — Visual output with vulnerability cards, dashboards, and risk analysis
# 1. Clone the repository
git clone https://github.com/0x4m4/hexstrike-ai.git
cd hexstrike-ai
# 2. Create virtual environment
python3 -m venv hexstrike-env
source hexstrike-env/bin/activate # Linux/Mac
# hexstrike-env\Scripts\activate # Windows
# 3. Install Python dependencies
pip3 install -r requirements.txtWatch the full installation and setup walkthrough: YouTube — HexStrike AI Installation & Demo
| Client | Status |
|---|---|
| Claude Desktop | ✅ Fully supported |
| VS Code Copilot | ✅ Fully supported |
| Cursor | ✅ Fully supported |
| Roo Code | ✅ Fully supported |
| 5ire | |
| Any MCP-compatible agent | ✅ |
Core Tools (Essential)
# Network & Reconnaissance
nmap masscan rustscan amass subfinder nuclei fierce dnsenum
autorecon theharvester responder netexec enum4linux-ng
# Web Application Security
gobuster feroxbuster dirsearch ffuf dirb httpx katana
nikto sqlmap wpscan arjun paramspider dalfox wafw00f
# Password & Authentication
hydra john hashcat medusa patator crackmapexec
evil-winrm hash-identifier ophcrack
# Binary Analysis & Reverse Engineering
gdb radare2 binwalk ghidra checksec strings objdump
volatility3 foremost steghide exiftoolCloud Security Tools
prowler scout-suite trivy
kube-hunter kube-bench docker-bench-securityBrowser Agent Requirements
# Chrome/Chromium for Browser Agent
sudo apt install chromium-browser chromium-chromedriver
# OR install Google Chrome
wget -q -O - https://dl.google.com/linux/linux_signing_key.pub | sudo apt-key add -
echo "deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main" | sudo tee /etc/apt/sources.list.d/google-chrome.list
sudo apt update && sudo apt install google-chrome-stable# Start the MCP server
python3 hexstrike_server.py
# Optional: Start with debug mode
python3 hexstrike_server.py --debug
# Optional: Custom port configuration
python3 hexstrike_server.py --port 8888# Test server health
curl http://localhost:8888/health
# Test AI agent capabilities
curl -X POST http://localhost:8888/api/intelligence/analyze-target \
-H "Content-Type: application/json" \
-d '{"target": "example.com", "analysis_type": "comprehensive"}'Edit ~/.config/Claude/claude_desktop_config.json:
{
"mcpServers": {
"hexstrike-ai": {
"command": "python3",
"args": [
"/path/to/hexstrike-ai/hexstrike_mcp.py",
"--server",
"http://localhost:8888"
],
"description": "HexStrike AI v6.0 - Advanced Cybersecurity Automation Platform",
"timeout": 300,
"disabled": false
}
}
}Configure in .vscode/settings.json:
{
"servers": {
"hexstrike": {
"type": "stdio",
"command": "python3",
"args": [
"/path/to/hexstrike-ai/hexstrike_mcp.py",
"--server",
"http://localhost:8888"
]
}
},
"inputs": []
}🔍 Network Reconnaissance & Scanning (25+ Tools)
- Nmap — Advanced port scanning with custom NSE scripts and service detection
- Rustscan — Ultra-fast port scanner with intelligent rate limiting
- Masscan — High-speed Internet-scale port scanning with banner grabbing
- AutoRecon — Comprehensive automated reconnaissance with 35+ parameters
- Amass — Advanced subdomain enumeration and OSINT gathering
- Subfinder — Fast passive subdomain discovery with multiple sources
- Fierce — DNS reconnaissance and zone transfer testing
- DNSEnum — DNS information gathering and subdomain brute forcing
- TheHarvester — Email and subdomain harvesting from multiple sources
- ARP-Scan — Network discovery using ARP requests
- NBTScan — NetBIOS name scanning and enumeration
- RPCClient — RPC enumeration and null session testing
- Enum4linux — SMB enumeration with user, group, and share discovery
- Enum4linux-ng — Advanced SMB enumeration with enhanced logging
- SMBMap — SMB share enumeration and exploitation
- Responder — LLMNR, NBT-NS and MDNS poisoner for credential harvesting
- NetExec — Network service exploitation framework (formerly CrackMapExec)
🌐 Web Application Security Testing (40+ Tools)
- Gobuster — Directory, file, and DNS enumeration with intelligent wordlists
- Dirsearch — Advanced directory and file discovery with enhanced logging
- Feroxbuster — Recursive content discovery with intelligent filtering
- FFuf — Fast web fuzzer with advanced filtering and parameter discovery
- Dirb — Comprehensive web content scanner with recursive scanning
- HTTPx — Fast HTTP probing and technology detection
- Katana — Next-generation crawling and spidering with JavaScript support
- Hakrawler — Fast web endpoint discovery and crawling
- Gau — Get All URLs from multiple sources (Wayback, Common Crawl, etc.)
- Waybackurls — Historical URL discovery from Wayback Machine
- Nuclei — Fast vulnerability scanner with 4000+ templates
- Nikto — Web server vulnerability scanner with comprehensive checks
- SQLMap — Advanced automatic SQL injection testing with tamper scripts
- WPScan — WordPress security scanner with vulnerability database
- Arjun — HTTP parameter discovery with intelligent fuzzing
- ParamSpider — Parameter mining from web archives
- X8 — Hidden parameter discovery with advanced techniques
- Jaeles — Advanced vulnerability scanning with custom signatures
- Dalfox — Advanced XSS vulnerability scanning with DOM analysis
- Wafw00f — Web application firewall fingerprinting
- TestSSL — SSL/TLS configuration testing and vulnerability assessment
- SSLScan — SSL/TLS cipher suite enumeration
- SSLyze — Fast and comprehensive SSL/TLS configuration analyzer
- Whatweb — Web technology identification with fingerprinting
- JWT-Tool — JSON Web Token testing with algorithm confusion
- GraphQL-Voyager — GraphQL schema exploration and introspection testing
- Wfuzz — Web application fuzzer with advanced payload generation
- Commix — Command injection exploitation tool with automated detection
- NoSQLMap — NoSQL injection testing for MongoDB, CouchDB, etc.
- Tplmap — Server-side template injection exploitation tool
🌐 Advanced Browser Agent:
- Headless Chrome automation with Selenium
- Automated screenshot capture for visual inspection
- Deep DOM tree analysis and JavaScript execution monitoring
- Real-time network request/response logging
- Comprehensive security header validation
- Automatic form discovery and input field analysis
- Proxy integration with Burp Suite and other proxies
- Intelligent multi-page web application spidering
🔐 Authentication & Password Security (12+ Tools)
- Hydra — Network login cracker supporting 50+ protocols
- John the Ripper — Advanced password hash cracking with custom rules
- Hashcat — World's fastest password recovery with GPU acceleration
- Medusa — Speedy, parallel, modular login brute-forcer
- Patator — Multi-purpose brute-forcer with advanced modules
- NetExec — Swiss army knife for pentesting networks
- Evil-WinRM — Windows Remote Management shell with PowerShell integration
- Hash-Identifier — Hash type identification tool
- HashID — Advanced hash algorithm identifier with confidence scoring
- Ophcrack — Windows password cracker using rainbow tables
🔬 Binary Analysis & Reverse Engineering (25+ Tools)
- GDB — GNU Debugger with Python scripting and exploit development
- GDB-PEDA — Python Exploit Development Assistance for GDB
- GDB-GEF — GDB Enhanced Features for exploit development
- Radare2 — Advanced reverse engineering framework
- Ghidra — NSA's software reverse engineering suite with headless analysis
- Binwalk — Firmware analysis and extraction with recursive extraction
- ROPgadget — ROP/JOP gadget finder with advanced search capabilities
- Ropper — ROP gadget finder and exploit development tool
- One-Gadget — Find one-shot RCE gadgets in libc
- Checksec — Binary security property checker
- Pwntools — CTF framework and exploit development library
- Angr — Binary analysis platform with symbolic execution
- Volatility — Advanced memory forensics framework
- MSFVenom — Metasploit payload generator with advanced encoding
☁️ Cloud & Container Security (20+ Tools)
- Prowler — AWS/Azure/GCP security assessment with compliance checks
- Scout Suite — Multi-cloud security auditing
- CloudMapper — AWS network visualization and security analysis
- Pacu — AWS exploitation framework
- Trivy — Comprehensive vulnerability scanner for containers and IaC
- Kube-Hunter — Kubernetes penetration testing
- Kube-Bench — CIS Kubernetes benchmark checker
- Docker Bench Security — Docker security assessment following CIS benchmarks
- Falco — Runtime security monitoring for containers and Kubernetes
- Checkov — Infrastructure as code security scanning
- Terrascan — Infrastructure security scanner with policy-as-code
🏆 CTF & Forensics Tools (20+ Tools)
- Volatility3 — Next-generation memory forensics
- Foremost — File carving and data recovery
- Steghide — Steganography detection and extraction
- Stegsolve — Steganography analysis with visual inspection
- Zsteg — PNG/BMP steganography detection
- ExifTool — Metadata reader/writer for various file formats
- Binwalk — Firmware analysis and reverse engineering
- Autopsy — Digital forensics platform with timeline analysis
- John the Ripper — Password cracker with custom rules
- Hashcat — GPU-accelerated password recovery (300+ hash types)
- CyberChef — Web-based analysis toolkit for encoding and encryption
- RSATool — RSA key analysis and common attack implementations
🔥 Bug Bounty & OSINT Arsenal (20+ Tools)
- Amass — Advanced subdomain enumeration and OSINT
- Subfinder — Fast passive subdomain discovery with API integration
- Sherlock — Username investigation across 400+ social networks
- Social-Analyzer — Social media analysis and OSINT gathering
- Recon-ng — Web reconnaissance framework with modular architecture
- SpiderFoot — OSINT automation with 200+ modules
- Shodan — Internet-connected device search
- Censys — Internet asset discovery with certificate analysis
- TruffleHog — Git repository secret scanning with entropy analysis
- TheHarvester — Email and subdomain harvesting from multiple sources
12+ Specialized Autonomous AI Agents that think, decide, and execute:
| Agent | Purpose |
|---|---|
| 🧠 IntelligentDecisionEngine | Orchestrates tool selection, parameter optimization, and attack strategy |
| 🎯 BugBountyWorkflowManager | End-to-end bug bounty automation — recon to report |
| 🏆 CTFWorkflowManager | Solves CTF challenges across crypto, pwn, web, forensics, and reversing |
| 🔍 CVEIntelligenceManager | Real-time CVE monitoring, exploit matching, and vulnerability intelligence |
| ⚔️ AIExploitGenerator | Automated exploit development and payload generation |
| 🔗 VulnerabilityCorrelator | Discovers attack chains by correlating multiple findings |
| 🔎 TechnologyDetector | Fingerprints technology stacks and identifies attack surfaces |
| 🚦 RateLimitDetector | Detects and adapts to rate limiting and WAF protections |
| 🔄 FailureRecoverySystem | Self-healing error handling and automatic recovery |
| 📊 PerformanceMonitor | Real-time system optimization and resource management |
| ⚙️ ParameterOptimizer | Context-aware parameter tuning for maximum effectiveness |
| 🛡️ GracefulDegradation | Fault-tolerant operation when tools or resources are unavailable |
- 🧠 Smart Caching — Intelligent result caching with LRU eviction eliminates redundant scans
- 📡 Real-time Process Management — Live command control, monitoring, and termination
- 🔍 Vulnerability Intelligence — Continuous CVE monitoring and exploit correlation
- 🌐 Browser Agent — Full headless Chrome automation for dynamic web application testing
- 🔐 API Security Testing — GraphQL introspection, JWT attacks, REST API fuzzing
- 📊 Visual Engine — Real-time dashboards, progress tracking, and vulnerability cards
Tip: LLMs have built-in safety guardrails. Frame your prompts with context about authorization and ownership.
User: "I'm a security researcher conducting an authorized penetration test.
My company owns the website <TARGET> and I have written permission to test it.
Please use the hexstrike-ai MCP tools to perform a comprehensive assessment."
AI Agent: "I'll begin a systematic security assessment using HexStrike AI tools.
Starting with reconnaissance and subdomain enumeration, then moving to
vulnerability scanning and web application testing..."
| Operation | Manual | HexStrike AI v6.0 | Speedup |
|---|---|---|---|
| Subdomain Enumeration | 2-4 hours | 5-10 min | 24× |
| Vulnerability Scanning | 4-8 hours | 15-30 min | 16× |
| Web App Security Testing | 6-12 hours | 20-45 min | 18× |
| CTF Challenge Solving | 1-6 hours | 2-15 min | 24× |
| Report Generation | 4-12 hours | 2-5 min | 144× |
- 98.7% vulnerability detection rate (vs 85% manual)
- 2.1% false positive rate (vs 15% traditional scanners)
- 95% attack vector coverage (vs 70% manual)
- 89% CTF success rate (vs 65% human expert average)
| Endpoint | Method | Description |
|---|---|---|
/health |
GET | Server health check with tool availability |
/api/command |
POST | Execute commands with smart caching |
/api/telemetry |
GET | System performance metrics |
/api/cache/stats |
GET | Cache performance statistics |
/api/intelligence/analyze-target |
POST | AI-powered target analysis |
/api/intelligence/select-tools |
POST | Intelligent tool selection |
/api/intelligence/optimize-parameters |
POST | Parameter optimization |
Network: nmap_scan() · rustscan_scan() · masscan_scan() · autorecon_scan() · amass_enum()
Web: gobuster_scan() · feroxbuster_scan() · ffuf_scan() · nuclei_scan() · sqlmap_scan() · wpscan_scan()
Binary: ghidra_analyze() · radare2_analyze() · gdb_debug() · pwntools_exploit() · angr_analyze()
Cloud: prowler_assess() · scout_suite_audit() · trivy_scan() · kube_hunter_scan() · kube_bench_check()
| Action | Endpoint | Description |
|---|---|---|
| List | GET /api/processes/list |
List all active processes |
| Status | GET /api/processes/status/<pid> |
Detailed process info |
| Terminate | POST /api/processes/terminate/<pid> |
Stop a process |
| Dashboard | GET /api/processes/dashboard |
Live monitoring dashboard |
HexStrike AI ships with 12 original cybersecurity skills in the agentskills.io standard format. Each skill uses YAML frontmatter for progressive discovery — AI agents read ~50 tokens of metadata to decide relevance, then load the full body on demand.
Browse the full catalog in skills/.
| Skill | Category | Description |
|---|---|---|
| MCP Recon Orchestrator | Reconnaissance | Parallel multi-tool recon via MCP with real-time result correlation |
| Attack Surface Monitor | Monitoring | Continuous baseline-drift detection for external attack surfaces |
| Vulnerability Chain Discovery | Analysis | AI-driven multi-step attack chain identification from correlated findings |
| Credential Audit Pipeline | Authentication | Lockout-aware, cross-service credential testing orchestration |
| Threat Correlation | Threat Intel | Enrich findings with live threat intelligence for risk-weighted prioritization |
| Cloud Posture Scanner | Cloud Security | Multi-cloud misconfiguration detection with AI exploitation reasoning |
| Social Engineering Analyzer | OSINT | Map organizational phishing and impersonation risk from public data |
| MCP Multi-Tool Orchestration | Automation | Orchestrate 150+ tools simultaneously with dependency resolution and cross-tool context |
| AI Autonomous Reconnaissance | Reconnaissance | Fully autonomous recon with adaptive depth control and knowledge graph construction |
| Real-Time Attack Surface Monitoring | Monitoring | Continuous attack surface assessment with AI-driven change risk scoring |
| MCP Security Pipeline Builder | DevSecOps | Build reusable security pipelines via natural language with CI/CD export |
| AI Vulnerability Prioritization | Vuln Management | Context-aware vulnerability scoring beyond CVSS with business impact mapping |
| MCP Multi-Tool Security Orchestration | Automation | Orchestrate 150+ security tools via MCP with dependency graphs and adaptive re-planning |
What makes these unique: Every skill leverages MCP multi-tool orchestration — capabilities that don't exist in traditional skill catalogs. The AI agent coordinates 5-10 tools simultaneously, shares context between them, and makes autonomous decisions about what to investigate next.
HexStrike AI skills are compatible with any agent or IDE that supports the agentskills.io standard or MCP protocol. The table below shows tested compatibility:
| Agent / IDE | Skills Discovery | MCP Tools | Autonomous Execution | Status |
|---|---|---|---|---|
| Claude Code | ✅ Native | ✅ Native | ✅ Full | Fully tested |
| GitHub Copilot (VS Code) | ✅ Via MCP | ✅ Extension | ✅ Full | Fully tested |
| Cursor | ✅ Via MCP | ✅ Built-in | ✅ Full | Fully tested |
| Gemini CLI | ✅ SKILL.md | Community tested | ||
| Roo Code | ✅ Via MCP | ✅ Built-in | ✅ Full | Fully tested |
| Windsurf | ✅ SKILL.md | ✅ MCP | ✅ Full | Community tested |
| OpenAI Agents SDK | ✅ Via adapter | Community tested | ||
| LangChain / LangGraph | ✅ Programmatic | ✅ MCP adapter | ✅ Full | Community tested |
| Custom FastMCP Client | ✅ API | ✅ Native | ✅ Full | Full API access |
Note: "Skills Discovery" means the agent can read SKILL.md frontmatter to decide relevance. "MCP Tools" means it can invoke HexStrike's 150+ tools. "Autonomous Execution" means the agent can run multi-step workflows without human intervention.
| Platform | Architecture | Status | Notes |
|---|---|---|---|
| Ubuntu 22.04+ | x86_64, ARM64 | ✅ Full | Recommended platform |
| Debian 12+ | x86_64, ARM64 | ✅ Full | Fully tested |
| Kali Linux | x86_64 | ✅ Full | Most tools pre-installed |
| Parrot OS | x86_64 | ✅ Full | Security tools included |
| macOS 13+ | ARM64 (Apple Silicon) | ✅ Full | Homebrew for tool installation |
| macOS 13+ | x86_64 (Intel) | ✅ Full | Homebrew for tool installation |
| Windows 11 | x86_64 (WSL2) | WSL2 with Ubuntu recommended | |
| Arch Linux | x86_64 | ✅ Full | AUR packages available |
| Fedora 38+ | x86_64 | ✅ Full | Community tested |
| Docker | Any | ✅ Full | Isolated environment |
| Kubernetes | Any | Helm chart planned |
| Client | MCP Support | Tool Limit | Status |
|---|---|---|---|
| Claude Desktop | Native | Unlimited | ✅ Fully tested |
| VS Code Copilot | Extension | Unlimited | ✅ Fully tested |
| Cursor | Built-in | Unlimited | ✅ Fully tested |
| Roo Code | Built-in | Unlimited | ✅ Fully tested |
| OpenAI Agents | Via bridge | Varies | |
| LangChain | MCP adapter | Unlimited | |
| Custom FastMCP | Native | Unlimited | ✅ Full API access |
Every HexStrike operation includes built-in verification steps. After any assessment, confirm:
| Check | How to Verify | Expected Result |
|---|---|---|
| Server Health | curl http://localhost:8888/health |
200 OK with tool inventory |
| MCP Connection | Agent successfully lists available tools | 150+ tools visible |
| Tool Execution | Run a basic nmap_scan against authorized target |
Scan completes with results |
| Agent Reasoning | Agent explains tool selection rationale | Contextual reasoning visible |
| Result Correlation | Findings reference data from multiple tools | Cross-tool evidence chains |
| Report Generation | Request assessment report | Structured output with severity ratings |
| Cache Performance | curl http://localhost:8888/api/cache/stats |
Hit rate >0 on repeated scans |
- One-command installation — Automated dependency management
- Docker container support — Consistent, isolated deployments
- 250+ security tools — Expanded from 150+ with new agent capabilities
- Native desktop client — Full-featured application (hexstrike.com)
- Enhanced browser automation — Anti-detection Selenium integration
- JavaScript runtime analysis — Deep DOM inspection and dynamic content handling
- 40% memory reduction — Optimized for large-scale operations
- MCP client compatibility fixes — Bypass tool-count limitations
- Plugin system for community-built tool integrations
- Multi-target campaign management
- Collaborative pentesting (team mode)
- AI-generated remediation guidance
- Integration with ticketing systems (Jira, GitHub Issues)
- Reporting export (PDF, HTML, SARIF)
- Webhook notifications for long-running scans
MCP Connection Failed
# Check if server is running
netstat -tlnp | grep 8888
# Restart server
python3 hexstrike_server.pySecurity Tools Not Found
# Check tool availability
which nmap gobuster nuclei
# Install missing tools from their official sourcesAI Agent Cannot Connect
# Verify MCP configuration paths
# Check server logs for connection attempts
python3 hexstrike_mcp.py --debugEnable Debug Mode
python3 hexstrike_server.py --debug
python3 hexstrike_mcp.py --debugThis tool gives AI agents powerful system access. Always run in isolated environments or dedicated security testing VMs.
- Monitor AI agent activities through the real-time dashboard
- Implement authentication for production deployments
- Review AI decisions before executing on sensitive targets
- Penetration testing with written authorization
- Bug bounty programs within scope and rules
- CTF competitions and educational environments
- Security research on owned or authorized systems
- Red team exercises with organizational approval
- Testing systems without explicit permission
- Any malicious or illegal activities
- Unauthorized data access or exfiltration
We welcome contributions from the cybersecurity and AI community! Whether you're fixing a bug, adding a tool integration, or improving documentation — every contribution matters.
# 1. Fork and clone
git clone https://github.com/<your-username>/hexstrike-ai.git
cd hexstrike-ai
# 2. Create dev environment
python3 -m venv hexstrike-dev && source hexstrike-dev/bin/activate
pip install -r requirements.txt
# 3. Start dev server
python3 hexstrike_server.py --port 8888 --debug| Area | Description |
|---|---|
| 🤖 AI Agent Integrations | Support for new AI platforms and MCP clients |
| 🛠️ Security Tool Additions | Integrate additional offensive/defensive tools |
| ⚡ Performance | Caching, parallelism, and scalability improvements |
| 📖 Documentation | Usage examples, tutorials, and integration guides |
| 🧪 Testing | Automated test suites for agent interactions |
| 🌍 Localization | Translate docs and UI to other languages |
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-tool) - Commit your changes with clear messages
- Push to your branch and open a Pull Request
- Describe what you changed and why
Please be respectful, follow the code style of the project, and ensure your contributions align with the project's ethical use policy.
MIT License — see LICENSE for details.
m0x4m4 — 0x4m4.com | HexStrike
Sponsored by LeaksAPI — Live Dark Web Data Leak Checker
- 150+ Security Tools — Comprehensive offensive security arsenal
- 12+ AI Agents — Autonomous decision-making and workflow management
- 4000+ Vulnerability Templates — Nuclei integration with extensive coverage
- 35+ Attack Categories — From web apps to cloud infrastructure
- Sub-second Response Times — Intelligent caching and optimization
- 99.9% Uptime — Fault-tolerant architecture with graceful degradation
⭐ Star this repo • 🍴 Fork and contribute • 📖 Read the docs • 💬 Join Discord
Made with ❤️ by the cybersecurity community for AI-powered security automation
HexStrike AI v6.0 — Where artificial intelligence meets cybersecurity excellence
AI Garden — A living world built exclusively by AI agents. Watch it grow.
HexStrike AI follows the agentskills.io open standard. All skills in skills/ work with:
| Platform | Integration | Status |
|---|---|---|
| Claude Code | Native skill loading via /plugin |
✅ Supported |
| GitHub Copilot | Workspace context via .skills/ directory |
✅ Supported |
| OpenAI Codex CLI | File-based context injection | ✅ Supported |
| Cursor | Project rules and docs integration | ✅ Supported |
| Gemini CLI | Context file loading | ✅ Supported |
| Windsurf | Context awareness from project files | ✅ Supported |
| Aider | Repository map integration | ✅ Supported |
| Any MCP Client | Direct MCP protocol connection | ✅ Native |
npx skills add juliosuas/hexstrike-ai