MCP Automation
Intermediate
T1059 T1046 T1595

HexStrike AI

HexStrike AI is an advanced MCP server that enables AI agents (Claude, GPT, Copilot) to autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, and security research.

HexStrike AI MCP v6.0

github.com/0x4m4/hexstrike-ai

150+
Security Tools
12+
AI Agents
4000+
Vuln Templates
35+
Attack Categories

Architecture Overview

HexStrike AI MCP Architecture

flowchart LR A["AI Clients Claude · Copilot · Cursor"] -->|MCP| B["HexStrike Server hexstrike_mcp.py"] B --> C["Decision Engine + Recovery System"] C --> D["12+ AI Agents BugBounty · CTF · CVE Exploit · Recon · Detect"] D --> E["150+ Tools Nmap · Nuclei · SQLMap Ghidra · Prowler · Ffuf"]

Installation

1. Clone Repository

bash 
# Clone the repository
git clone https://github.com/0x4m4/hexstrike-ai.git
cd hexstrike-ai

# Create virtual environment
python3 -m venv hexstrike-env
source hexstrike-env/bin/activate  # Linux/Mac
# hexstrike-env\Scripts\activate   # Windows

# Install dependencies
pip3 install -r requirements.txt
# Clone the repository
git clone https://github.com/0x4m4/hexstrike-ai.git
cd hexstrike-ai

# Create virtual environment
python3 -m venv hexstrike-env
source hexstrike-env/bin/activate  # Linux/Mac
# hexstrike-env\Scripts\activate   # Windows

# Install dependencies
pip3 install -r requirements.txt

2. Install Security Tools

Network & Reconnaissance

bash 
sudo apt install nmap masscan rustscan amass subfinder nuclei \
  fierce dnsenum autorecon theharvester responder netexec enum4linux-ng
sudo apt install nmap masscan rustscan amass subfinder nuclei \
  fierce dnsenum autorecon theharvester responder netexec enum4linux-ng

Web Application Security

bash 
sudo apt install gobuster feroxbuster dirsearch ffuf dirb httpx katana \
  nikto sqlmap wpscan arjun paramspider dalfox wafw00f
sudo apt install gobuster feroxbuster dirsearch ffuf dirb httpx katana \
  nikto sqlmap wpscan arjun paramspider dalfox wafw00f

Password & Authentication

bash 
sudo apt install hydra john hashcat medusa patator crackmapexec \
  evil-winrm hash-identifier ophcrack
sudo apt install hydra john hashcat medusa patator crackmapexec \
  evil-winrm hash-identifier ophcrack

3. Start the Server

bash 
# Start the MCP server
python3 hexstrike_server.py

# Optional: Debug mode
python3 hexstrike_server.py --debug

# Optional: Custom port
python3 hexstrike_server.py --port 8888

# Verify installation
curl http://localhost:8888/health
# Start the MCP server
python3 hexstrike_server.py

# Optional: Debug mode
python3 hexstrike_server.py --debug

# Optional: Custom port
python3 hexstrike_server.py --port 8888

# Verify installation
curl http://localhost:8888/health

AI Client Integration

Claude Desktop / Cursor

Edit ~/.config/Claude/claude_desktop_config.json:

claude_desktop_config.json
json 
{
  "mcpServers": {
    "hexstrike-ai": {
      "command": "python3",
      "args": [
        "/path/to/hexstrike-ai/hexstrike_mcp.py",
        "--server",
        "http://localhost:8888"
      ],
      "description": "HexStrike AI v6.0 - Cybersecurity Automation",
      "timeout": 300,
      "disabled": false
    }
  }
}
{
  "mcpServers": {
    "hexstrike-ai": {
      "command": "python3",
      "args": [
        "/path/to/hexstrike-ai/hexstrike_mcp.py",
        "--server",
        "http://localhost:8888"
      ],
      "description": "HexStrike AI v6.0 - Cybersecurity Automation",
      "timeout": 300,
      "disabled": false
    }
  }
}

VS Code Copilot

Configure .vscode/settings.json:

settings.json
json 
{
  "servers": {
    "hexstrike": {
      "type": "stdio",
      "command": "python3",
      "args": [
        "/path/to/hexstrike-ai/hexstrike_mcp.py",
        "--server",
        "http://localhost:8888"
      ]
    }
  }
}
{
  "servers": {
    "hexstrike": {
      "type": "stdio",
      "command": "python3",
      "args": [
        "/path/to/hexstrike-ai/hexstrike_mcp.py",
        "--server",
        "http://localhost:8888"
      ]
    }
  }
}

AI Agents

HexStrike includes 12+ specialized AI agents for different security tasks:

IntelligentDecisionEngine

Tool selection and parameter optimization

BugBountyWorkflowManager

Bug bounty hunting workflows

CTFWorkflowManager

CTF challenge solving automation

CVEIntelligenceManager

Vulnerability intelligence and monitoring

AIExploitGenerator

Automated exploit development

VulnerabilityCorrelator

Attack chain discovery

TechnologyDetector

Tech stack identification

FailureRecoverySystem

Error handling and recovery

Available MCP Tools

Network Security

python 
nmap_scan()        # Advanced Nmap scanning with optimization
rustscan_scan()    # Ultra-fast port scanning
masscan_scan()     # High-speed port scanning
autorecon_scan()   # Comprehensive reconnaissance
amass_enum()       # Subdomain enumeration and OSINT
nmap_scan()        # Advanced Nmap scanning with optimization
rustscan_scan()    # Ultra-fast port scanning
masscan_scan()     # High-speed port scanning
autorecon_scan()   # Comprehensive reconnaissance
amass_enum()       # Subdomain enumeration and OSINT

Web Application

python 
gobuster_scan()     # Directory and file enumeration
feroxbuster_scan()  # Recursive content discovery
ffuf_scan()         # Fast web fuzzing
nuclei_scan()       # Vulnerability scanning with templates
sqlmap_scan()       # SQL injection testing
wpscan_scan()       # WordPress security assessment
gobuster_scan()     # Directory and file enumeration
feroxbuster_scan()  # Recursive content discovery
ffuf_scan()         # Fast web fuzzing
nuclei_scan()       # Vulnerability scanning with templates
sqlmap_scan()       # SQL injection testing
wpscan_scan()       # WordPress security assessment

Binary Analysis

python 
ghidra_analyze()     # Software reverse engineering
radare2_analyze()    # Advanced reverse engineering
gdb_debug()          # GNU debugger with exploit dev
pwntools_exploit()   # CTF framework and exploits
angr_analyze()       # Binary analysis with symbolic execution
ghidra_analyze()     # Software reverse engineering
radare2_analyze()    # Advanced reverse engineering
gdb_debug()          # GNU debugger with exploit dev
pwntools_exploit()   # CTF framework and exploits
angr_analyze()       # Binary analysis with symbolic execution

Cloud Security

python 
prowler_assess()        # AWS/Azure/GCP security assessment
scout_suite_audit()     # Multi-cloud security auditing
trivy_scan()            # Container vulnerability scanning
kube_hunter_scan()      # Kubernetes penetration testing
kube_bench_check()      # CIS Kubernetes benchmark
prowler_assess()        # AWS/Azure/GCP security assessment
scout_suite_audit()     # Multi-cloud security auditing
trivy_scan()            # Container vulnerability scanning
kube_hunter_scan()      # Kubernetes penetration testing
kube_bench_check()      # CIS Kubernetes benchmark

Usage Examples

Prompting AI Agents

When prompting, establish your role and authorization. LLMs have ethical guardrails that require context.

Example Prompt

text 
I'm a security researcher conducting an authorized penetration test.
My company owns the website example.com and I have written authorization
to test it. Please use the hexstrike-ai MCP tools to:

1. Enumerate subdomains
2. Scan for open ports
3. Identify web technologies
4. Run nuclei vulnerability templates
5. Provide a summary of findings
I'm a security researcher conducting an authorized penetration test.
My company owns the website example.com and I have written authorization
to test it. Please use the hexstrike-ai MCP tools to:

1. Enumerate subdomains
2. Scan for open ports
3. Identify web technologies
4. Run nuclei vulnerability templates
5. Provide a summary of findings

Bug Bounty Workflow

text 
I'm participating in the HackerOne bug bounty program for [target].
The scope includes *.target.com. Using hexstrike-ai tools, help me:

1. Map the attack surface (subdomains, endpoints)
2. Identify potential vulnerabilities
3. Prioritize findings by severity
4. Suggest exploitation approaches for confirmed issues
I'm participating in the HackerOne bug bounty program for [target].
The scope includes *.target.com. Using hexstrike-ai tools, help me:

1. Map the attack surface (subdomains, endpoints)
2. Identify potential vulnerabilities
3. Prioritize findings by severity
4. Suggest exploitation approaches for confirmed issues

Performance Metrics

  • Vulnerability Detection Rate 98.7%
  • False Positive Rate 2.1%
  • Attack Vector Coverage 95%
  • CTF Success Rate 89%

Security Considerations

  • Run in isolated environments or dedicated VMs
  • AI agents can execute arbitrary tools — maintain oversight
  • Monitor activities through the real-time dashboard
  • Consider authentication for production deployments

Lab Exercises

🎯

Practice Labs

📦
HTB: AutoRecon Challenge Hack The Box medium
T1046T1595
Open Lab
🏠
THM: AI-Assisted Pentesting TryHackMe medium
T1059T1046
Open Lab
📦
HTB: Nuclei Templates Lab Hack The Box easy
T1595
Open Lab
🔧
Custom: MCP Tool Integration Custom Lab hard
T1059
Open Lab
Need help setting up? Check our Lab Setup Guide →

Related Topics

AI Pentesting Copilots

AI-assisted penetration testing with PentestGPT and ReconAIzer.

Offensive AI Introduction

Foundations of AI-powered offensive security.

Vulnerability Scanning

Manual and automated vulnerability scanning methodology.

Reconnaissance

Information gathering and attack surface mapping.