# HexStrike AI

> An open-source MCP server that lets AI agents autonomously run 150+ cybersecurity tools for automated penetration testing, vulnerability discovery, and bug bounty automation.

HexStrike AI is an open-source MCP (Model Context Protocol) server built in Python that bridges large language models with real-world offensive security tooling. Created by Muhammad Osama (0x4m4) and released under the MIT License, it enables AI agents such as Claude, GPT, and GitHub Copilot to autonomously orchestrate over 150 professional security tools for penetration testing, CTF solving, bug bounty hunting, and security research. The repository has accumulated over 9,700 GitHub stars since its creation in July 2025, signaling rapid community adoption.

## What It Is

HexStrike AI is an AI-powered cybersecurity automation platform built around the MCP protocol. Rather than replacing individual security tools, it acts as an intelligent orchestration layer: AI agents connect via FastMCP, an intelligent decision engine selects the right tools and parameters, and 12+ autonomous AI agents execute comprehensive security assessments. The platform covers network reconnaissance, web application testing, binary analysis, cloud security, OSINT, and CTF forensics — all from a single server process.

## Architecture and Agent Model

The platform uses a multi-agent architecture where a central MCP server coordinates specialized agents:

- **IntelligentDecisionEngine** — selects tools and optimizes parameters based on target context
- **BugBountyWorkflowManager** — orchestrates full bug bounty hunting workflows
- **CTFWorkflowManager** — automates CTF challenge solving across categories
- **CVEIntelligenceManager** — monitors and correlates vulnerability intelligence
- **AIExploitGenerator** — assists with automated exploit development
- **VulnerabilityCorrelator** — discovers attack chains across findings
- **BrowserAgent** — headless Chrome automation for dynamic web application analysis

The server exposes REST API endpoints for command execution, telemetry, process management, and AI-powered target analysis, and integrates with Claude Desktop, VS Code Copilot, Roo Code, Cursor, and any MCP-compatible agent.

## Security Tools Arsenal

The platform integrates 150+ tools organized across seven categories:

- **Network Reconnaissance (25+):** Nmap, Rustscan, Masscan, AutoRecon, Amass, Subfinder, Responder, NetExec, Enum4linux-ng
- **Web Application (40+):** Gobuster, Feroxbuster, FFuf, Nuclei (4,000+ templates), SQLMap, WPScan, Dalfox, Wafw00f, Katana, Arjun
- **Authentication & Passwords (12+):** Hydra, Hashcat, John the Ripper, Medusa, Evil-WinRM
- **Binary Analysis & RE (25+):** GDB/PEDA/GEF, Radare2, Ghidra, Binwalk, Pwntools, Angr, Volatility3
- **Cloud & Container (20+):** Prowler, Scout Suite, Trivy, Kube-Hunter, Kube-Bench, Falco, Checkov
- **CTF & Forensics (20+):** Volatility, Foremost, Steghide, ExifTool, CyberChef, RSATool
- **Bug Bounty & OSINT (20+):** Sherlock, Recon-ng, SpiderFoot, TruffleHog, Shodan, Censys

## Setup Path

Installation follows a standard Python workflow: clone the repository, create a virtual environment, install dependencies via `pip`, and start the MCP server with `python3 hexstrike_server.py`. AI client integration requires editing a JSON config file to point the client at the running server. The README provides configuration snippets for Claude Desktop, VS Code Copilot, and Cursor. Security tools themselves must be installed separately from their official sources; the README lists the relevant package names for each category.

## Update: v6.0 and Upcoming v7.0

The current release is **v6.0.0**, which introduced the multi-agent architecture, the Modern Visual Engine with real-time dashboards, smart LRU caching, and the Browser Agent with headless Chrome support. The README announces **v7.0** as coming soon, with planned additions including one-command setup, Docker container support, expansion to 250+ tools/agents, a native desktop client at hexstrike.com, and fixes for MCP client tool limits. The repository was last pushed in April 2026 and continues to receive active development.

## Legal and Ethical Scope

The README explicitly scopes authorized use to penetration testing with written authorization, bug bounty programs within scope, CTF competitions, security research on owned systems, and red team exercises with organizational approval. Unauthorized testing, malicious activities, and data theft are explicitly prohibited. The tool is sponsored by LeaksAPI (leak-check.net) according to the README.

## Features
- 150+ integrated security tools
- 12+ autonomous AI agents
- MCP protocol compatibility (Claude, GPT, Copilot, Cursor)
- Intelligent tool selection and parameter optimization
- Network reconnaissance and scanning (25+ tools)
- Web application security testing (40+ tools)
- Binary analysis and reverse engineering (25+ tools)
- Cloud and container security (20+ tools)
- CTF and forensics tools (20+ tools)
- Bug bounty and OSINT arsenal (20+ tools)
- Headless Chrome browser agent for dynamic web testing
- Smart LRU caching system
- Real-time process management and dashboards
- CVE intelligence and vulnerability correlation
- REST API for command execution and telemetry
- Attack chain discovery
- Automated exploit development assistance
- Audit-ready PDF vulnerability reports

## Integrations
Claude Desktop, VS Code Copilot, Cursor, Roo Code, GPT (OpenAI), GitHub Copilot, Nmap, Nuclei, SQLMap, Metasploit (MSFVenom), Ghidra, Radare2, Prowler, Trivy, Kube-Hunter, Burp Suite, OWASP ZAP, Shodan, Censys, Hydra, Hashcat

## Platforms
WINDOWS, MACOS, LINUX, ANDROID, WEB, API, VSC_EXTENSION, CLI

## Pricing
Open Source

## Version
6.0.0

## Links
- Website: https://www.hexstrike.com/
- Repository: https://github.com/0x4m4/hexstrike-ai
- EveryDev.ai: https://www.everydev.ai/tools/hexstrike-ai