MCP Server that enables AI agents to perform autonomous cybersecurity testing and penetration testing through 70+ integrated security tools
๐๏ธ Architecture โข ๐ Installation โข ๐ ๏ธ Features โข ๐ค AI Usage โข ๐ก API Reference โข โญ Star Us
HexStrike AI MCP Agents is a Model Context Protocol (MCP) server that bridges AI agents with cybersecurity tools. This project serves as the foundation for HexStrike AI - a separate automated AI pentesting platform.
%%{init: {"themeVariables": {
"primaryColor": "#b71c1c",
"secondaryColor": "#ff5252",
"tertiaryColor": "#ff8a80",
"background": "#2d0000",
"edgeLabelBackground":"#b71c1c",
"fontFamily": "monospace",
"fontSize": "20px",
"fontColor": "#fffde7",
"nodeTextColor": "#fffde7"
}}}%%
graph TD
A[AI Agent - Claude/GPT/Copilot] -->|MCP Protocol| B[HexStrike MCP Server]
B -->|Tool Execution| C[Security Tools - nmap/nuclei/etc]
B -->|File Operations| D[Payload Generation]
B -->|Process Control| E[Real-time Monitoring]
C -->|Results| B
D -->|Payloads| B
E -->|Status| B
B -->|Analysis & Results| A
style A fill:#b71c1c,stroke:#ff5252,stroke-width:3px,color:#fffde7
style B fill:#ff5252,stroke:#b71c1c,stroke-width:3px,color:#fffde7
style C fill:#ff8a80,stroke:#b71c1c,stroke-width:3px,color:#fffde7
style D fill:#b71c1c,stroke:#ff8a80,stroke-width:3px,color:#fffde7
style E fill:#b71c1c,stroke:#ff5252,stroke-width:3px,color:#fffde7
- AI Agent Connection: Claude, GPT, or other MCP-compatible AI agents connect to this server
- Intelligent Tool Usage: AI agents autonomously select and execute appropriate security tools
- Real-time Results: Agents receive live feedback and adapt their testing strategies
- Autonomous Pentesting: AI performs comprehensive security assessments without human intervention
Note: Some components of this project are integrated into the main HexStrike AI automated pentesting platform.
Enable your AI agents to become autonomous cybersecurity experts with access to professional-grade security tools and intelligent automation capabilities.
- ๐ค AI Agent Developers - Provide your agents with cybersecurity capabilities
- ๐ Automated Penetration Testing - Let AI agents perform comprehensive security assessments
- ๐ฐ Bug Bounty Automation - AI-driven target analysis and vulnerability discovery
- ๐ CTF Automation - AI agents that can solve security challenges
- ๐ฌ Security Research - Automated tool orchestration and payload generation
- ๐ Security Training - AI tutors with practical security tool access
| ๐ค AI Agent Integration | ๐ ๏ธ 70+ Security Tools | โก Real-time Control |
|---|---|---|
| MCP protocol for seamless AI connection | Complete penetration testing toolkit | Command termination & progress tracking |
| ๐ง Intelligent Automation | ๐ Modern API Testing | ๐ Advanced Monitoring |
|---|---|---|
| AI-driven tool selection & usage | GraphQL, JWT, REST API security | Live dashboards & system metrics |
- ๐ฅ Zero Human Intervention - AI agents handle complete security assessments
- ๐จ Beautiful Real-time Output - Progress bars, ETA calculations, visual status
- ๐ง Intelligent Tool Selection - AI chooses the right tools for each scenario
- ๐ Live Dashboard - Monitor all AI agent activities with system metrics
- ๐ Smart Caching - Optimized performance for repeated operations
- ๐ก๏ธ Comprehensive Coverage - Network, web, binary, cloud, CTF tools
๐ Network Reconnaissance & Scanning
- Nmap - Advanced port scanning with custom NSE scripts
- Amass - Comprehensive subdomain enumeration and OSINT
- Subfinder - Fast passive subdomain discovery
- Nuclei - Fast vulnerability scanner with 4000+ templates
- AutoRecon - Automated reconnaissance with 35+ parameters
- Fierce - DNS reconnaissance and zone transfer testing
- Masscan - High-speed Internet-scale port scanner
๐ Web Application Security Testing
- Gobuster - Directory, file, and DNS enumeration
- FFuf - Fast web fuzzer with advanced filtering capabilities
- Dirb - Comprehensive web content scanner
- Nikto - Web server vulnerability scanner
- SQLMap - Advanced automatic SQL injection testing
- WPScan - WordPress security scanner with vulnerability database
- Burp Suite - Professional web security testing platform
- OWASP ZAP - Web application security scanner
- Arjun - HTTP parameter discovery tool
- Wafw00f - Web application firewall fingerprinting
- Feroxbuster - Fast content discovery tool
- Dotdotpwn - Directory traversal fuzzer
- XSSer - Cross-site scripting detection and exploitation
- Wfuzz - Web application fuzzer
๐ Authentication & Password Security
- Hydra - Network login cracker supporting 50+ protocols
- John the Ripper - Advanced password hash cracking
- Hashcat - World's fastest password recovery tool
- Medusa - Speedy, parallel, modular login brute-forcer
- Patator - Multi-purpose brute-forcer
- CrackMapExec - Swiss army knife for pentesting networks
- Evil-WinRM - Windows Remote Management shell
๐ฌ Binary Analysis & Reverse Engineering
- GDB - GNU Debugger with Python scripting
- Radare2 - Advanced reverse engineering framework
- Binwalk - Firmware analysis and extraction tool
- ROPgadget - ROP/JOP gadget finder
- Checksec - Binary security property checker
- Strings - Extract printable strings from binaries
- Objdump - Display object file information
- Ghidra - NSA's software reverse engineering suite
- XXD - Hex dump utility
๐ Advanced CTF & Forensics Tools
- Volatility3 - Advanced memory forensics framework
- Foremost - File carving and data recovery
- Steghide - Steganography detection and extraction
- ExifTool - Metadata reader/writer for various file formats
- HashPump - Hash length extension attack tool
- Binwalk - Firmware analysis and reverse engineering
- Autopsy - Digital forensics platform
- Sleuth Kit - Collection of command-line digital forensics tools
โ๏ธ Cloud & Container Security
- Prowler - AWS/Azure/GCP security assessment tool
- Trivy - Comprehensive vulnerability scanner for containers
- Scout Suite - Multi-cloud security auditing tool
- Kube-Hunter - Kubernetes penetration testing tool
- Kube-Bench - CIS Kubernetes benchmark checker
- CloudSploit - Cloud security scanning and monitoring
๐ฅ Bug Bounty & Reconnaissance Arsenal
- Hakrawler - Fast web endpoint discovery and crawling
- HTTPx - Fast and multi-purpose HTTP toolkit
- ParamSpider - Mining parameters from dark corners of web archives
- Aquatone - Visual inspection of websites across hosts
- Subjack - Subdomain takeover vulnerability checker
- DNSENUM - DNS enumeration script
- Fierce - Domain scanner for locating targets
๐ฏ Intelligent Payload Generation
Smart Attack Vector Creation:
- XSS Payloads - Basic, advanced, filter bypass techniques
- SQL Injection - Database-specific, blind, time-based attacks
- Command Injection - OS-specific, blind execution techniques
- LFI/RFI - Local/remote file inclusion with wrapper techniques
- SSTI - Server-side template injection for various engines
- XXE - XML external entity attacks with data exfiltration
- CSRF - Cross-site request forgery payload generation
Features:
- ๐ง Context Awareness - AI adapts payloads to target technology
- ๐ฏ Risk Assessment - Automatic payload severity rating
- ๐ Encoding Variations - URL, HTML, Unicode encoding
- ๐ Success Probability - AI-calculated effectiveness scores
๐งช Automated Vulnerability Testing
- Intelligent Test Cases - AI-guided vulnerability assessment
- Response Analysis - Automated vulnerability confirmation
- False Positive Reduction - Smart filtering and validation
- Comprehensive Reports - Detailed security assessments
- Attack Chaining - Multi-stage exploit development
๐ Advanced API Security Testing
- GraphQL Security - Introspection, depth limiting, batch query testing
- JWT Analysis - Algorithm confusion, signature bypass, token manipulation
- REST API Testing - Endpoint discovery, parameter fuzzing, authentication bypass
- API Schema Analysis - OpenAPI/Swagger security assessment
- Comprehensive Audits - Multi-technique API penetration testing
๐ฎ Real-time Process Management
Advanced Command Control:
- Live Termination - Stop scans without server restart
- Progress Tracking - Real-time progress bars with ETA calculations
- Process Dashboard - Monitor all active scans simultaneously
- Resource Management - CPU and memory optimization
- Pause/Resume - Full control over long-running operations
Visual Progress Display:
โก PROGRESS โฃท [โโโโโโโโโโโโโโโโโโโโ] 60.5% | 12.3s | ETA: 8s | PID: 87369
๐ FINAL RESULTS โ
โโ Command: nmap -sV -sC example.com
โโ Duration: 15.2s
โโ Output Size: 2847 bytes
โโ Exit Code: 0
โโ Status: SUCCESS | Cached: Yes๐ Intelligent Caching System
- Performance Optimization - Smart result caching with LRU eviction
- Context-Aware TTL - Dynamic cache expiration based on command type
- Hit Rate Optimization - Statistical analysis and cache tuning
- Memory Management - Configurable cache size and cleanup
- Cache Analytics - Detailed performance metrics
# Recommended Environment
OS: Kali Linux 2023.1+ / Ubuntu 20.04+ / Debian 11+
Python: 3.8+ with pip
RAM: 4GB+ (8GB recommended)
Storage: 20GB+ free space
Network: High-speed internet for tool updates# 1. Clone the repository
git clone https://github.com/0x4m4/hexstrike-ai.git
cd hexstrike-ai
# 2. Install Python dependencies
pip3 install -r requirements.txtRequired Tools (install separately from their respective sources):
- Network Tools: nmap, amass, subfinder, nuclei, autorecon, fierce, masscan
- Web Tools: gobuster, ffuf, dirb, nikto, sqlmap, wpscan, burpsuite, zaproxy
- Password Tools: hydra, john, hashcat, medusa, patator, crackmapexec
- Binary Tools: gdb, radare2, binwalk, ropgadget, checksec, ghidra
- Forensics Tools: volatility3, foremost, steghide, exiftool, hashpump
- Cloud Tools: prowler, trivy, scout-suite, kube-hunter, kube-bench
- Recon Tools: hakrawler, httpx, paramspider, aquatone, subjack, dnsenum
Note: Each tool should be installed according to its official documentation. Even if not all tools are installed it will work fine and will ignore that tool.
# Start the MCP server
python3 hexstrike_server.py
# Verify server is running
curl http://localhost:5000/healthUse the provided MCP configuration file hexstrike-ai-mcp.json with your AI agent.
Claude MCP Configuration
Configure Claude Desktop:
Edit ~/.config/Claude/claude_desktop_config.json:
{
"mcpServers": {
"hexstrike-ai": {
"command": "python3",
"args": [
"/path/to/hexstrike-ai/hexstrike_mcp.py",
"--server", "http://localhost:5000"
],
"env": {
"HEXSTRIKE_SERVER": "http://localhost:5000"
}
}
}
}VS Code MCP Configuration
Configure VS Code settings in .vscode/settings.json:
{
"servers": {
"hexstrike": {
"type": "stdio",
"command": "python3",
"args": [
"/path/to/hexstrike-ai/hexstrike_mcp.py",
"--server",
"http://localhost:5000"
]
}
},
"inputs": []
}Cursor MCP Setup Guide
Configure Cursor settings in ~/.cursor/mcp_settings.json:
{
"mcpServers": {
"hexstrike-ai": {
"command": "python3",
"args": [
"/path/to/hexstrike-ai/hexstrike_mcp.py",
"--server", "http://localhost:5000"
],
"description": "HexStrike AI MCP Agents v5.0"
}
}
}User: "Perform a comprehensive security assessment of example.com"
AI Agent: "I'll conduct a multi-phase security assessment:
1. Starting with network reconnaissance using nmap...
2. Performing subdomain enumeration with amass...
3. Running web application scans with nuclei...
4. Testing for common vulnerabilities...
[Real-time results and analysis follow]"
User: "Find XSS vulnerabilities in this web application"
AI Agent: "I'll test for XSS vulnerabilities:
1. Crawling the application with hakrawler...
2. Discovering parameters with paramspider...
3. Generating contextual XSS payloads...
4. Testing each injection point...
[Detailed vulnerability report with proof-of-concepts]"
User: "Audit this GraphQL API for security issues"
AI Agent: "I'll perform a comprehensive GraphQL security audit:
1. Testing introspection queries...
2. Analyzing query depth limitations...
3. Checking for batch query vulnerabilities...
4. Examining authentication bypass techniques...
[Complete API security assessment with recommendations]"
| Endpoint | Method | Description | Parameters |
|---|---|---|---|
/health |
GET | Server health check | None |
/api/command |
POST | Execute arbitrary commands | command, use_cache |
/api/telemetry |
GET | System performance metrics | None |
/api/cache/stats |
GET | Cache performance statistics | None |
Network Security Tools
| Tool | Endpoint | Key Parameters |
|---|---|---|
| Nmap | /api/tools/nmap |
target, scan_type, ports, additional_args |
| Amass | /api/tools/amass |
domain, mode, additional_args |
| Subfinder | /api/tools/subfinder |
domain, silent, additional_args |
| Nuclei | /api/tools/nuclei |
target, severity, additional_args |
Intelligent Security Testing
| Feature | Endpoint | Key Parameters |
|---|---|---|
| Payload Generation | /api/ai/generate_payload |
attack_type, complexity, technology |
| Payload Testing | /api/ai/test_payload |
payload, target_url, method |
| Attack Suite | /api/ai/generate_attack_suite |
target_url, attack_types |
Real-time Command Control
| Action | Endpoint | Description |
|---|---|---|
| List Processes | GET /api/processes/list |
List all active processes |
| Process Status | GET /api/processes/status/<pid> |
Get detailed process information |
| Terminate | POST /api/processes/terminate/<pid> |
Stop specific process |
| Dashboard | GET /api/processes/dashboard |
Live monitoring dashboard |
-
MCP Connection Failed:
# Check if server is running netstat -tlnp | grep 5000 # Restart server python3 hexstrike_server.py
-
Security Tools Not Found:
# Check tool availability which nmap gobuster nuclei # Install missing tools from their official sources
-
AI Agent Cannot Connect:
# Verify MCP configuration paths # Check server logs for connection attempts python3 hexstrike_mcp.py --debug
Enable debug mode for detailed logging:
python3 hexstrike_server.py --debug
python3 hexstrike_mcp.py --debug- โก Result Caching: Optimized performance for repeated operations
- ๐ Concurrent Execution: Multiple tools can run simultaneously
- ๐ Real-time Progress: Live command output and progress tracking
- ๐พ Memory Optimization: Efficient handling of large outputs
- ๐ง Automatic Cleanup: Temporary files and processes are managed
- MCP Integration: Full Model Context Protocol support for AI agents
- Advanced Process Control: Real-time command termination and monitoring
- Enhanced Caching: LRU cache with intelligent TTL management
- Cloud Security: Comprehensive cloud and container security tools
- AI Automation: Intelligent payload generation and testing capabilities
- File Operations: Complete file management system for AI agents
- Real-time command output streaming
- Progress indicators for long-running operations
- Contextual payload generation system
- Advanced API security testing (GraphQL, JWT)
- Comprehensive process dashboard
- Enhanced error handling with detailed logging
- This tool provides AI agents with powerful system access
- Run in isolated environments or dedicated security testing VMs
- AI agents can execute arbitrary security tools - ensure proper oversight
- Monitor AI agent activities through the real-time dashboard
- Consider implementing authentication for production deployments
We welcome contributions from the cybersecurity and AI community!
# 1. Fork and clone the repository
git clone https://github.com/0x4m4/hexstrike-ai.git
cd hexstrike-ai
# 2. Create development environment
python3 -m venv hexstrike-dev
source hexstrike-dev/bin/activate
# 3. Install development dependencies
pip install -r requirements.txt
# 4. Start development server
python3 hexstrike_server.py --port 5000 --debug- ๐ค AI Agent Integrations - Support for new AI platforms and agents
- ๐ ๏ธ Security Tool Additions - Integration of additional security tools
- โก Performance Optimizations - Caching improvements and scalability enhancements
- ๐ Documentation - AI usage examples and integration guides
- ๐งช Testing Frameworks - Automated testing for AI agent interactions
MIT License - see LICENSE file for details.
m0x4m4 - www.0x4m4.com | HexStrike
HexStrike AI MCP Agents v5.0 - Empowering AI agents with autonomous cybersecurity capabilities!