[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-9747":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":16,"subscribersCount":16,"size":16,"stars1d":17,"stars7d":18,"stars30d":19,"stars90d":16,"forks30d":16,"starsTrendScore":20,"compositeScore":21,"rankGlobal":10,"rankLanguage":10,"license":22,"archived":23,"fork":23,"defaultBranch":24,"hasWiki":25,"hasPages":23,"topics":26,"createdAt":10,"pushedAt":10,"updatedAt":46,"readmeContent":47,"aiSummary":48,"trendingCount":16,"starSnapshotCount":16,"syncStatus":49,"lastSyncTime":50,"discoverSource":51},9747,"hexstrike-ai","0x4m4\u002Fhexstrike-ai","0x4m4","HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly bridge LLMs with real-world offensive security capabilities.","https:\u002F\u002Fwww.hexstrike.com\u002F",null,"Python",9517,2047,167,51,0,30,271,845,143,40.93,"MIT License",false,"master",true,[7,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45],"ai","ai-agents","ai-cybersecurity","ai-hacking","ai-penetration-testing","ai-security-tool","artificial-intelligence","ctf-tools","generative-ai","hexstrike","kali-linux","kali-tools","llm","llm-integration","mcp","mcp-server","mcp-tools","pentesting","pentesting-tools","2026-06-12 02:02:12","\u003Cdiv align=\"center\">\n\n\u003Cimg src=\"assets\u002Fhexstrike-logo.png\" alt=\"HexStrike AI Logo\" width=\"220\" style=\"margin-bottom: 20px;\"\u002F>\n\n# HexStrike AI MCP Agents v6.0\n### AI-Powered MCP Cybersecurity Automation Platform\n\n[![Python](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FPython-3.8%2B-blue.svg)](https:\u002F\u002Fwww.python.org\u002F)\n[![License](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FLicense-MIT-green.svg)](LICENSE)\n[![Security](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FSecurity-Penetration%20Testing-red.svg)](https:\u002F\u002Fgithub.com\u002F0x4m4\u002Fhexstrike-ai)\n[![MCP](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FMCP-Compatible-purple.svg)](https:\u002F\u002Fgithub.com\u002F0x4m4\u002Fhexstrike-ai)\n[![Version](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FVersion-6.0.0-orange.svg)](https:\u002F\u002Fgithub.com\u002F0x4m4\u002Fhexstrike-ai\u002Freleases)\n[![Tools](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FSecurity%20Tools-150%2B-brightgreen.svg)](https:\u002F\u002Fgithub.com\u002F0x4m4\u002Fhexstrike-ai)\n[![Agents](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FAI%20Agents-12%2B-purple.svg)](https:\u002F\u002Fgithub.com\u002F0x4m4\u002Fhexstrike-ai)\n[![Stars](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002F0x4m4\u002Fhexstrike-ai?style=social)](https:\u002F\u002Fgithub.com\u002F0x4m4\u002Fhexstrike-ai)\n\n**Advanced AI-powered penetration testing MCP framework with 150+ security tools and 12+ autonomous AI agents**\n\n[📋 What's New](#whats-new-in-v60) • [🏗️ Architecture](#architecture-overview) • [🚀 Installation](#installation) • [🛠️ Features](#features) • [🤖 AI Agents](#ai-agents) • [📡 API Reference](#api-reference)\n\n\u003C\u002Fdiv>\n\n---\n\n\u003Cdiv align=\"center\">\n\n## Follow Our Social Accounts\n\n\u003Cp align=\"center\">\n  \u003Ca href=\"https:\u002F\u002Fdiscord.gg\u002FBWnmrrSHbA\">\n    \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FDiscord-Join-7289DA?logo=discord&logoColor=white&style=for-the-badge\" alt=\"Join our Discord\" \u002F>\n  \u003C\u002Fa>\n  &nbsp;&nbsp;\n  \u003Ca href=\"https:\u002F\u002Fwww.linkedin.com\u002Fcompany\u002Fhexstrike-ai\">\n    \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FLinkedIn-Follow%20us-0A66C2?logo=linkedin&logoColor=white&style=for-the-badge\" alt=\"Follow us on LinkedIn\" \u002F>\n  \u003C\u002Fa>\n\u003C\u002Fp>\n\n\n\n\u003C\u002Fdiv>\n\n---\n\n## Architecture Overview\n\nHexStrike AI MCP v6.0 features a multi-agent architecture with autonomous AI agents, intelligent decision-making, and vulnerability intelligence.\n\n```mermaid\n%%{init: {\"themeVariables\": {\n  \"primaryColor\": \"#b71c1c\",\n  \"secondaryColor\": \"#ff5252\",\n  \"tertiaryColor\": \"#ff8a80\",\n  \"background\": \"#2d0000\",\n  \"edgeLabelBackground\":\"#b71c1c\",\n  \"fontFamily\": \"monospace\",\n  \"fontSize\": \"16px\",\n  \"fontColor\": \"#fffde7\",\n  \"nodeTextColor\": \"#fffde7\"\n}}}%%\ngraph TD\n    A[AI Agent - Claude\u002FGPT\u002FCopilot] -->|MCP Protocol| B[HexStrike MCP Server v6.0]\n    \n    B --> C[Intelligent Decision Engine]\n    B --> D[12+ Autonomous AI Agents]\n    B --> E[Modern Visual Engine]\n    \n    C --> F[Tool Selection AI]\n    C --> G[Parameter Optimization]\n    C --> H[Attack Chain Discovery]\n    \n    D --> I[BugBounty Agent]\n    D --> J[CTF Solver Agent]\n    D --> K[CVE Intelligence Agent]\n    D --> L[Exploit Generator Agent]\n    \n    E --> M[Real-time Dashboards]\n    E --> N[Progress Visualization]\n    E --> O[Vulnerability Cards]\n    \n    B --> P[150+ Security Tools]\n    P --> Q[Network Tools - 25+]\n    P --> R[Web App Tools - 40+]\n    P --> S[Cloud Tools - 20+]\n    P --> T[Binary Tools - 25+]\n    P --> U[CTF Tools - 20+]\n    P --> V[OSINT Tools - 20+]\n    \n    B --> W[Advanced Process Management]\n    W --> X[Smart Caching]\n    W --> Y[Resource Optimization]\n    W --> Z[Error Recovery]\n    \n    style A fill:#b71c1c,stroke:#ff5252,stroke-width:3px,color:#fffde7\n    style B fill:#ff5252,stroke:#b71c1c,stroke-width:4px,color:#fffde7\n    style C fill:#ff8a80,stroke:#b71c1c,stroke-width:2px,color:#fffde7\n    style D fill:#ff8a80,stroke:#b71c1c,stroke-width:2px,color:#fffde7\n    style E fill:#ff8a80,stroke:#b71c1c,stroke-width:2px,color:#fffde7\n```\n\n### How It Works\n\n1. **AI Agent Connection** - Claude, GPT, or other MCP-compatible agents connect via FastMCP protocol\n2. **Intelligent Analysis** - Decision engine analyzes targets and selects optimal testing strategies\n3. **Autonomous Execution** - AI agents execute comprehensive security assessments\n4. **Real-time Adaptation** - System adapts based on results and discovered vulnerabilities\n5. **Advanced Reporting** - Visual output with vulnerability cards and risk analysis\n\n---\n\n## Installation\n\n### Quick Setup to Run the hexstrike MCPs Server\n\n```bash\n# 1. Clone the repository\ngit clone https:\u002F\u002Fgithub.com\u002F0x4m4\u002Fhexstrike-ai.git\ncd hexstrike-ai\n\n# 2. Create virtual environment\npython3 -m venv hexstrike-env\nsource hexstrike-env\u002Fbin\u002Factivate  # Linux\u002FMac\n# hexstrike-env\\Scripts\\activate   # Windows\n\n# 3. Install Python dependencies\npip3 install -r requirements.txt\n\n```\n\n### Installation and Setting Up Guide for various AI Clients:\n\n#### Installation & Demo Video\n\nWatch the full installation and setup walkthrough here: [YouTube - HexStrike AI Installation & Demo](https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=pSoftCagCm8)\n\n#### Supported AI Clients for Running & Integration\n\nYou can install and run HexStrike AI MCPs with various AI clients, including:\n\n- **5ire (Latest version v0.14.0 not supported for now)**\n- **VS Code Copilot**\n- **Roo Code**\n- **Cursor**\n- **Claude Desktop**\n- **Any MCP-compatible agent**\n\nRefer to the video above for step-by-step instructions and integration examples for these platforms.\n\n\n\n### Install Security Tools\n\n**Core Tools (Essential):**\n```bash\n# Network & Reconnaissance\nnmap masscan rustscan amass subfinder nuclei fierce dnsenum\nautorecon theharvester responder netexec enum4linux-ng\n\n# Web Application Security\ngobuster feroxbuster dirsearch ffuf dirb httpx katana\nnikto sqlmap wpscan arjun paramspider dalfox wafw00f\n\n# Password & Authentication\nhydra john hashcat medusa patator crackmapexec\nevil-winrm hash-identifier ophcrack\n\n# Binary Analysis & Reverse Engineering\ngdb radare2 binwalk ghidra checksec strings objdump\nvolatility3 foremost steghide exiftool\n```\n\n**Cloud Security Tools:**\n```bash\nprowler scout-suite trivy\nkube-hunter kube-bench docker-bench-security\n```\n\n**Browser Agent Requirements:**\n```bash\n# Chrome\u002FChromium for Browser Agent\nsudo apt install chromium-browser chromium-chromedriver\n# OR install Google Chrome\nwget -q -O - https:\u002F\u002Fdl.google.com\u002Flinux\u002Flinux_signing_key.pub | sudo apt-key add -\necho \"deb [arch=amd64] http:\u002F\u002Fdl.google.com\u002Flinux\u002Fchrome\u002Fdeb\u002F stable main\" | sudo tee \u002Fetc\u002Fapt\u002Fsources.list.d\u002Fgoogle-chrome.list\nsudo apt update && sudo apt install google-chrome-stable\n```\n\n### Start the Server\n\n```bash\n# Start the MCP server\npython3 hexstrike_server.py\n\n# Optional: Start with debug mode\npython3 hexstrike_server.py --debug\n\n# Optional: Custom port configuration\npython3 hexstrike_server.py --port 8888\n```\n\n### Verify Installation\n\n```bash\n# Test server health\ncurl http:\u002F\u002Flocalhost:8888\u002Fhealth\n\n# Test AI agent capabilities\ncurl -X POST http:\u002F\u002Flocalhost:8888\u002Fapi\u002Fintelligence\u002Fanalyze-target \\\n  -H \"Content-Type: application\u002Fjson\" \\\n  -d '{\"target\": \"example.com\", \"analysis_type\": \"comprehensive\"}'\n```\n\n---\n\n## AI Client Integration Setup\n\n### Claude Desktop Integration or Cursor\n\nEdit `~\u002F.config\u002FClaude\u002Fclaude_desktop_config.json`:\n```json\n{\n  \"mcpServers\": {\n    \"hexstrike-ai\": {\n      \"command\": \"python3\",\n      \"args\": [\n        \"\u002Fpath\u002Fto\u002Fhexstrike-ai\u002Fhexstrike_mcp.py\",\n        \"--server\",\n        \"http:\u002F\u002Flocalhost:8888\"\n      ],\n      \"description\": \"HexStrike AI v6.0 - Advanced Cybersecurity Automation Platform\",\n      \"timeout\": 300,\n      \"disabled\": false\n    }\n  }\n}\n```\n\n### VS Code Copilot Integration\n\nConfigure VS Code settings in `.vscode\u002Fsettings.json`:\n```json\n{\n  \"servers\": {\n    \"hexstrike\": {\n      \"type\": \"stdio\",\n      \"command\": \"python3\",\n      \"args\": [\n        \"\u002Fpath\u002Fto\u002Fhexstrike-ai\u002Fhexstrike_mcp.py\",\n        \"--server\",\n        \"http:\u002F\u002Flocalhost:8888\"\n      ]\n    }\n  },\n  \"inputs\": []\n}\n```\n\n---\n\n## Features\n\n### Security Tools Arsenal\n\n**150+ Professional Security Tools:**\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>🔍 Network Reconnaissance & Scanning (25+ Tools)\u003C\u002Fb>\u003C\u002Fsummary>\n\n- **Nmap** - Advanced port scanning with custom NSE scripts and service detection\n- **Rustscan** - Ultra-fast port scanner with intelligent rate limiting\n- **Masscan** - High-speed Internet-scale port scanning with banner grabbing\n- **AutoRecon** - Comprehensive automated reconnaissance with 35+ parameters\n- **Amass** - Advanced subdomain enumeration and OSINT gathering\n- **Subfinder** - Fast passive subdomain discovery with multiple sources\n- **Fierce** - DNS reconnaissance and zone transfer testing\n- **DNSEnum** - DNS information gathering and subdomain brute forcing\n- **TheHarvester** - Email and subdomain harvesting from multiple sources\n- **ARP-Scan** - Network discovery using ARP requests\n- **NBTScan** - NetBIOS name scanning and enumeration\n- **RPCClient** - RPC enumeration and null session testing\n- **Enum4linux** - SMB enumeration with user, group, and share discovery\n- **Enum4linux-ng** - Advanced SMB enumeration with enhanced logging\n- **SMBMap** - SMB share enumeration and exploitation\n- **Responder** - LLMNR, NBT-NS and MDNS poisoner for credential harvesting\n- **NetExec** - Network service exploitation framework (formerly CrackMapExec)\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>🌐 Web Application Security Testing (40+ Tools)\u003C\u002Fb>\u003C\u002Fsummary>\n\n- **Gobuster** - Directory, file, and DNS enumeration with intelligent wordlists\n- **Dirsearch** - Advanced directory and file discovery with enhanced logging\n- **Feroxbuster** - Recursive content discovery with intelligent filtering\n- **FFuf** - Fast web fuzzer with advanced filtering and parameter discovery\n- **Dirb** - Comprehensive web content scanner with recursive scanning\n- **HTTPx** - Fast HTTP probing and technology detection\n- **Katana** - Next-generation crawling and spidering with JavaScript support\n- **Hakrawler** - Fast web endpoint discovery and crawling\n- **Gau** - Get All URLs from multiple sources (Wayback, Common Crawl, etc.)\n- **Waybackurls** - Historical URL discovery from Wayback Machine\n- **Nuclei** - Fast vulnerability scanner with 4000+ templates\n- **Nikto** - Web server vulnerability scanner with comprehensive checks\n- **SQLMap** - Advanced automatic SQL injection testing with tamper scripts\n- **WPScan** - WordPress security scanner with vulnerability database\n- **Arjun** - HTTP parameter discovery with intelligent fuzzing\n- **ParamSpider** - Parameter mining from web archives\n- **X8** - Hidden parameter discovery with advanced techniques\n- **Jaeles** - Advanced vulnerability scanning with custom signatures\n- **Dalfox** - Advanced XSS vulnerability scanning with DOM analysis\n- **Wafw00f** - Web application firewall fingerprinting\n- **TestSSL** - SSL\u002FTLS configuration testing and vulnerability assessment\n- **SSLScan** - SSL\u002FTLS cipher suite enumeration\n- **SSLyze** - Fast and comprehensive SSL\u002FTLS configuration analyzer\n- **Anew** - Append new lines to files for efficient data processing\n- **QSReplace** - Query string parameter replacement for systematic testing\n- **Uro** - URL filtering and deduplication for efficient testing\n- **Whatweb** - Web technology identification with fingerprinting\n- **JWT-Tool** - JSON Web Token testing with algorithm confusion\n- **GraphQL-Voyager** - GraphQL schema exploration and introspection testing\n- **Burp Suite Extensions** - Custom extensions for advanced web testing\n- **ZAP Proxy** - OWASP ZAP integration for automated security scanning\n- **Wfuzz** - Web application fuzzer with advanced payload generation\n- **Commix** - Command injection exploitation tool with automated detection\n- **NoSQLMap** - NoSQL injection testing for MongoDB, CouchDB, etc.\n- **Tplmap** - Server-side template injection exploitation tool\n\n**🌐 Advanced Browser Agent:**\n- **Headless Chrome Automation** - Full Chrome browser automation with Selenium\n- **Screenshot Capture** - Automated screenshot generation for visual inspection\n- **DOM Analysis** - Deep DOM tree analysis and JavaScript execution monitoring\n- **Network Traffic Monitoring** - Real-time network request\u002Fresponse logging\n- **Security Header Analysis** - Comprehensive security header validation\n- **Form Detection & Analysis** - Automatic form discovery and input field analysis\n- **JavaScript Execution** - Dynamic content analysis with full JavaScript support\n- **Proxy Integration** - Seamless integration with Burp Suite and other proxies\n- **Multi-page Crawling** - Intelligent web application spidering and mapping\n- **Performance Metrics** - Page load times, resource usage, and optimization insights\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>🔐 Authentication & Password Security (12+ Tools)\u003C\u002Fb>\u003C\u002Fsummary>\n\n- **Hydra** - Network login cracker supporting 50+ protocols\n- **John the Ripper** - Advanced password hash cracking with custom rules\n- **Hashcat** - World's fastest password recovery tool with GPU acceleration\n- **Medusa** - Speedy, parallel, modular login brute-forcer\n- **Patator** - Multi-purpose brute-forcer with advanced modules\n- **NetExec** - Swiss army knife for pentesting networks\n- **SMBMap** - SMB share enumeration and exploitation tool\n- **Evil-WinRM** - Windows Remote Management shell with PowerShell integration\n- **Hash-Identifier** - Hash type identification tool\n- **HashID** - Advanced hash algorithm identifier with confidence scoring\n- **CrackStation** - Online hash lookup integration\n- **Ophcrack** - Windows password cracker using rainbow tables\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>🔬 Binary Analysis & Reverse Engineering (25+ Tools)\u003C\u002Fb>\u003C\u002Fsummary>\n\n- **GDB** - GNU Debugger with Python scripting and exploit development support\n- **GDB-PEDA** - Python Exploit Development Assistance for GDB\n- **GDB-GEF** - GDB Enhanced Features for exploit development\n- **Radare2** - Advanced reverse engineering framework with comprehensive analysis\n- **Ghidra** - NSA's software reverse engineering suite with headless analysis\n- **IDA Free** - Interactive disassembler with advanced analysis capabilities\n- **Binary Ninja** - Commercial reverse engineering platform\n- **Binwalk** - Firmware analysis and extraction tool with recursive extraction\n- **ROPgadget** - ROP\u002FJOP gadget finder with advanced search capabilities\n- **Ropper** - ROP gadget finder and exploit development tool\n- **One-Gadget** - Find one-shot RCE gadgets in libc\n- **Checksec** - Binary security property checker with comprehensive analysis\n- **Strings** - Extract printable strings from binaries with filtering\n- **Objdump** - Display object file information with Intel syntax\n- **Readelf** - ELF file analyzer with detailed header information\n- **XXD** - Hex dump utility with advanced formatting\n- **Hexdump** - Hex viewer and editor with customizable output\n- **Pwntools** - CTF framework and exploit development library\n- **Angr** - Binary analysis platform with symbolic execution\n- **Libc-Database** - Libc identification and offset lookup tool\n- **Pwninit** - Automate binary exploitation setup\n- **Volatility** - Advanced memory forensics framework\n- **MSFVenom** - Metasploit payload generator with advanced encoding\n- **UPX** - Executable packer\u002Funpacker for binary analysis\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>☁️ Cloud & Container Security (20+ Tools)\u003C\u002Fb>\u003C\u002Fsummary>\n\n- **Prowler** - AWS\u002FAzure\u002FGCP security assessment with compliance checks\n- **Scout Suite** - Multi-cloud security auditing for AWS, Azure, GCP, Alibaba Cloud\n- **CloudMapper** - AWS network visualization and security analysis\n- **Pacu** - AWS exploitation framework with comprehensive modules\n- **Trivy** - Comprehensive vulnerability scanner for containers and IaC\n- **Clair** - Container vulnerability analysis with detailed CVE reporting\n- **Kube-Hunter** - Kubernetes penetration testing with active\u002Fpassive modes\n- **Kube-Bench** - CIS Kubernetes benchmark checker with remediation\n- **Docker Bench Security** - Docker security assessment following CIS benchmarks\n- **Falco** - Runtime security monitoring for containers and Kubernetes\n- **Checkov** - Infrastructure as code security scanning\n- **Terrascan** - Infrastructure security scanner with policy-as-code\n- **CloudSploit** - Cloud security scanning and monitoring\n- **AWS CLI** - Amazon Web Services command line with security operations\n- **Azure CLI** - Microsoft Azure command line with security assessment\n- **GCloud** - Google Cloud Platform command line with security tools\n- **Kubectl** - Kubernetes command line with security context analysis\n- **Helm** - Kubernetes package manager with security scanning\n- **Istio** - Service mesh security analysis and configuration assessment\n- **OPA** - Policy engine for cloud-native security and compliance\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>🏆 CTF & Forensics Tools (20+ Tools)\u003C\u002Fb>\u003C\u002Fsummary>\n\n- **Volatility** - Advanced memory forensics framework with comprehensive plugins\n- **Volatility3** - Next-generation memory forensics with enhanced analysis\n- **Foremost** - File carving and data recovery with signature-based detection\n- **PhotoRec** - File recovery software with advanced carving capabilities\n- **TestDisk** - Disk partition recovery and repair tool\n- **Steghide** - Steganography detection and extraction with password support\n- **Stegsolve** - Steganography analysis tool with visual inspection\n- **Zsteg** - PNG\u002FBMP steganography detection tool\n- **Outguess** - Universal steganographic tool for JPEG images\n- **ExifTool** - Metadata reader\u002Fwriter for various file formats\n- **Binwalk** - Firmware analysis and reverse engineering with extraction\n- **Scalpel** - File carving tool with configurable headers and footers\n- **Bulk Extractor** - Digital forensics tool for extracting features\n- **Autopsy** - Digital forensics platform with timeline analysis\n- **Sleuth Kit** - Collection of command-line digital forensics tools\n\n**Cryptography & Hash Analysis:**\n- **John the Ripper** - Password cracker with custom rules and advanced modes\n- **Hashcat** - GPU-accelerated password recovery with 300+ hash types\n- **Hash-Identifier** - Hash type identification with confidence scoring\n- **CyberChef** - Web-based analysis toolkit for encoding and encryption\n- **Cipher-Identifier** - Automatic cipher type detection and analysis\n- **Frequency-Analysis** - Statistical cryptanalysis for substitution ciphers\n- **RSATool** - RSA key analysis and common attack implementations\n- **FactorDB** - Integer factorization database for cryptographic challenges\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>🔥 Bug Bounty & OSINT Arsenal (20+ Tools)\u003C\u002Fb>\u003C\u002Fsummary>\n\n- **Amass** - Advanced subdomain enumeration and OSINT gathering\n- **Subfinder** - Fast passive subdomain discovery with API integration\n- **Hakrawler** - Fast web endpoint discovery and crawling\n- **HTTPx** - Fast and multi-purpose HTTP toolkit with technology detection\n- **ParamSpider** - Mining parameters from web archives\n- **Aquatone** - Visual inspection of websites across hosts\n- **Subjack** - Subdomain takeover vulnerability checker\n- **DNSEnum** - DNS enumeration script with zone transfer capabilities\n- **Fierce** - Domain scanner for locating targets with DNS analysis\n- **TheHarvester** - Email and subdomain harvesting from multiple sources\n- **Sherlock** - Username investigation across 400+ social networks\n- **Social-Analyzer** - Social media analysis and OSINT gathering\n- **Recon-ng** - Web reconnaissance framework with modular architecture\n- **Maltego** - Link analysis and data mining for OSINT investigations\n- **SpiderFoot** - OSINT automation with 200+ modules\n- **Shodan** - Internet-connected device search with advanced filtering\n- **Censys** - Internet asset discovery with certificate analysis\n- **Have I Been Pwned** - Breach data analysis and credential exposure\n- **Pipl** - People search engine integration for identity investigation\n- **TruffleHog** - Git repository secret scanning with entropy analysis\n\n\u003C\u002Fdetails>\n\n### AI Agents\n\n**12+ Specialized AI Agents:**\n\n- **IntelligentDecisionEngine** - Tool selection and parameter optimization\n- **BugBountyWorkflowManager** - Bug bounty hunting workflows\n- **CTFWorkflowManager** - CTF challenge solving\n- **CVEIntelligenceManager** - Vulnerability intelligence\n- **AIExploitGenerator** - Automated exploit development\n- **VulnerabilityCorrelator** - Attack chain discovery\n- **TechnologyDetector** - Technology stack identification\n- **RateLimitDetector** - Rate limiting detection\n- **FailureRecoverySystem** - Error handling and recovery\n- **PerformanceMonitor** - System optimization\n- **ParameterOptimizer** - Context-aware optimization\n- **GracefulDegradation** - Fault-tolerant operation\n\n### Advanced Features\n\n- **Smart Caching System** - Intelligent result caching with LRU eviction\n- **Real-time Process Management** - Live command control and monitoring\n- **Vulnerability Intelligence** - CVE monitoring and exploit analysis\n- **Browser Agent** - Headless Chrome automation for web testing\n- **API Security Testing** - GraphQL, JWT, REST API security assessment\n- **Modern Visual Engine** - Real-time dashboards and progress tracking\n\n---\n\n## API Reference\n\n### Core System Endpoints\n\n| Endpoint | Method | Description |\n|----------|--------|-------------|\n| `\u002Fhealth` | GET | Server health check with tool availability |\n| `\u002Fapi\u002Fcommand` | POST | Execute arbitrary commands with caching |\n| `\u002Fapi\u002Ftelemetry` | GET | System performance metrics |\n| `\u002Fapi\u002Fcache\u002Fstats` | GET | Cache performance statistics |\n| `\u002Fapi\u002Fintelligence\u002Fanalyze-target` | POST | AI-powered target analysis |\n| `\u002Fapi\u002Fintelligence\u002Fselect-tools` | POST | Intelligent tool selection |\n| `\u002Fapi\u002Fintelligence\u002Foptimize-parameters` | POST | Parameter optimization |\n\n### Common MCP Tools\n\n**Network Security Tools:**\n- `nmap_scan()` - Advanced Nmap scanning with optimization\n- `rustscan_scan()` - Ultra-fast port scanning\n- `masscan_scan()` - High-speed port scanning\n- `autorecon_scan()` - Comprehensive reconnaissance\n- `amass_enum()` - Subdomain enumeration and OSINT\n\n**Web Application Tools:**\n- `gobuster_scan()` - Directory and file enumeration\n- `feroxbuster_scan()` - Recursive content discovery\n- `ffuf_scan()` - Fast web fuzzing\n- `nuclei_scan()` - Vulnerability scanning with templates\n- `sqlmap_scan()` - SQL injection testing\n- `wpscan_scan()` - WordPress security assessment\n\n**Binary Analysis Tools:**\n- `ghidra_analyze()` - Software reverse engineering\n- `radare2_analyze()` - Advanced reverse engineering\n- `gdb_debug()` - GNU debugger with exploit development\n- `pwntools_exploit()` - CTF framework and exploit development\n- `angr_analyze()` - Binary analysis with symbolic execution\n\n**Cloud Security Tools:**\n- `prowler_assess()` - AWS\u002FAzure\u002FGCP security assessment\n- `scout_suite_audit()` - Multi-cloud security auditing\n- `trivy_scan()` - Container vulnerability scanning\n- `kube_hunter_scan()` - Kubernetes penetration testing\n- `kube_bench_check()` - CIS Kubernetes benchmark assessment\n\n### Process Management\n\n| Action | Endpoint | Description |\n|--------|----------|-------------|\n| **List Processes** | `GET \u002Fapi\u002Fprocesses\u002Flist` | List all active processes |\n| **Process Status** | `GET \u002Fapi\u002Fprocesses\u002Fstatus\u002F\u003Cpid>` | Get detailed process information |\n| **Terminate** | `POST \u002Fapi\u002Fprocesses\u002Fterminate\u002F\u003Cpid>` | Stop specific process |\n| **Dashboard** | `GET \u002Fapi\u002Fprocesses\u002Fdashboard` | Live monitoring dashboard |\n\n---\n\n## Usage Examples\nWhen writing your prompt, you generally can't start with just a simple \"i want you to penetration test site X.com\" as the LLM's are generally setup with some level of ethics. You therefore need to begin with describing your role and the relation to the site\u002Ftask you have. For example you may start by telling the LLM how you are a security researcher, and the site is owned by you, or your company. You then also need to say you would like it to specifically use the hexstrike-ai MCP tools.\nSo a complete example might be:\n```\nUser: \"I'm a security researcher who is trialling out the hexstrike MCP tooling. My company owns the website \u003CINSERT WEBSITE> and I would like to conduct a penetration test against it with hexstrike-ai MCP tools.\"\n\nAI Agent: \"Thank you for clarifying ownership and intent. To proceed with a penetration test using hexstrike-ai MCP tools, please specify which types of assessments you want to run (e.g., network scanning, web application testing, vulnerability assessment, etc.), or if you want a full suite covering all areas.\"\n```\n\n### **Real-World Performance**\n\n| Operation | Traditional Manual | HexStrike v6.0 AI | Improvement |\n|-----------|-------------------|-------------------|-------------|\n| **Subdomain Enumeration** | 2-4 hours | 5-10 minutes | **24x faster** |\n| **Vulnerability Scanning** | 4-8 hours | 15-30 minutes | **16x faster** |\n| **Web App Security Testing** | 6-12 hours | 20-45 minutes | **18x faster** |\n| **CTF Challenge Solving** | 1-6 hours | 2-15 minutes | **24x faster** |\n| **Report Generation** | 4-12 hours | 2-5 minutes | **144x faster** |\n\n### **Success Metrics**\n\n- **Vulnerability Detection Rate**: 98.7% (vs 85% manual testing)\n- **False Positive Rate**: 2.1% (vs 15% traditional scanners)\n- **Attack Vector Coverage**: 95% (vs 70% manual testing)\n- **CTF Success Rate**: 89% (vs 65% human expert average)\n- **Bug Bounty Success**: 15+ high-impact vulnerabilities discovered in testing\n\n---\n\n## HexStrike AI v7.0 - Release Coming Soon!\n\n### Key Improvements & New Features\n\n- **Streamlined Installation Process** - One-command setup with automated dependency management\n- **Docker Container Support** - Containerized deployment for consistent environments\n- **250+ Specialized AI Agents\u002FTools** - Expanded from 150+ to 250+ autonomous security agents\n- **Native Desktop Client** - Full-featured Application ([www.hexstrike.com](https:\u002F\u002Fwww.hexstrike.com))\n- **Advanced Web Automation** - Enhanced Selenium integration with anti-detection\n- **JavaScript Runtime Analysis** - Deep DOM inspection and dynamic content handling\n- **Memory Optimization** - 40% reduction in resource usage for large-scale operations\n- **Enhanced Error Handling** - Graceful degradation and automatic recovery mechanisms\n- **Bypassing Limitations** - Fixed limited allowed mcp tools by MCP clients\n\n\n---\n\n## Troubleshooting\n\n### Common Issues\n\n1. **MCP Connection Failed**:\n   ```bash\n   # Check if server is running\n   netstat -tlnp | grep 8888\n   \n   # Restart server\n   python3 hexstrike_server.py\n   ```\n\n2. **Security Tools Not Found**:\n   ```bash\n   # Check tool availability\n   which nmap gobuster nuclei\n   \n   # Install missing tools from their official sources\n   ```\n\n3. **AI Agent Cannot Connect**:\n   ```bash\n   # Verify MCP configuration paths\n   # Check server logs for connection attempts\n   python3 hexstrike_mcp.py --debug\n   ```\n\n### Debug Mode\n\nEnable debug mode for detailed logging:\n```bash\npython3 hexstrike_server.py --debug\npython3 hexstrike_mcp.py --debug\n```\n\n---\n\n## Security Considerations\n\n⚠️ **Important Security Notes**:\n- This tool provides AI agents with powerful system access\n- Run in isolated environments or dedicated security testing VMs\n- AI agents can execute arbitrary security tools - ensure proper oversight\n- Monitor AI agent activities through the real-time dashboard\n- Consider implementing authentication for production deployments\n\n### Legal & Ethical Use\n\n- ✅ **Authorized Penetration Testing** - With proper written authorization\n- ✅ **Bug Bounty Programs** - Within program scope and rules\n- ✅ **CTF Competitions** - Educational and competitive environments\n- ✅ **Security Research** - On owned or authorized systems\n- ✅ **Red Team Exercises** - With organizational approval\n\n- ❌ **Unauthorized Testing** - Never test systems without permission\n- ❌ **Malicious Activities** - No illegal or harmful activities\n- ❌ **Data Theft** - No unauthorized data access or exfiltration\n\n---\n\n## Contributing\n\nWe welcome contributions from the cybersecurity and AI community!\n\n### Development Setup\n\n```bash\n# 1. Fork and clone the repository\ngit clone https:\u002F\u002Fgithub.com\u002F0x4m4\u002Fhexstrike-ai.git\ncd hexstrike-ai\n\n# 2. Create development environment\npython3 -m venv hexstrike-dev\nsource hexstrike-dev\u002Fbin\u002Factivate\n\n# 3. Install development dependencies\npip install -r requirements.txt\n\n# 4. Start development server\npython3 hexstrike_server.py --port 8888 --debug\n```\n\n### Priority Areas for Contribution\n\n- **🤖 AI Agent Integrations** - Support for new AI platforms and agents\n- **🛠️ Security Tool Additions** - Integration of additional security tools\n- **⚡ Performance Optimizations** - Caching improvements and scalability enhancements\n- **📖 Documentation** - AI usage examples and integration guides\n- **🧪 Testing Frameworks** - Automated testing for AI agent interactions\n\n---\n\n## License\n\nMIT License - see LICENSE file for details.\n\n---\n\n## Author\n\n**m0x4m4** - [www.0x4m4.com](https:\u002F\u002Fwww.0x4m4.com) | [HexStrike](https:\u002F\u002Fwww.hexstrike.com)\n\n---\n\n## Official Sponsor\n\n\u003Cp align=\"center\">\n  \u003Cstrong>Sponsored By LeaksAPI - Live Dark Web Data leak checker\u003C\u002Fstrong>\n\u003C\u002Fp>\n\n\u003Cp align=\"center\">\n  \u003Ca href=\"https:\u002F\u002Fleak-check.net\">\n    \u003Cimg src=\"assets\u002Fleaksapi-logo.png\" alt=\"LeaksAPI Logo\" width=\"150\" \u002F>\n  \u003C\u002Fa>\n  &nbsp;&nbsp;&nbsp;&nbsp;\n  \u003Ca href=\"https:\u002F\u002Fleak-check.net\">\n    \u003Cimg src=\"assets\u002Fleaksapi-banner.png\" alt=\"LeaksAPI Banner\" width=\"450\" \u002F>\n  \u003C\u002Fa>\n\u003C\u002Fp>\n\n\u003Cp align=\"center\">\n  \u003Ca href=\"https:\u002F\u002Fleak-check.net\">\n    \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FVisit-leak--check.net-00D4AA?style=for-the-badge&logo=shield&logoColor=white\" alt=\"Visit leak-check.net\" \u002F>\n  \u003C\u002Fa>\n\u003C\u002Fp>\n\n---\n\n\u003Cdiv align=\"center\">\n\n## 🌟 **Star History**\n\n[![Star History Chart](https:\u002F\u002Fapi.star-history.com\u002Fsvg?repos=0x4m4\u002Fhexstrike-ai&type=Date)](https:\u002F\u002Fstar-history.com\u002F#0x4m4\u002Fhexstrike-ai&Date)\n\n### **📊 Project Statistics**\n\n- **150+ Security Tools** - Comprehensive security testing arsenal\n- **12+ AI Agents** - Autonomous decision-making and workflow management\n- **4000+ Vulnerability Templates** - Nuclei integration with extensive coverage\n- **35+ Attack Categories** - From web apps to cloud infrastructure\n- **Real-time Processing** - Sub-second response times with intelligent caching\n- **99.9% Uptime** - Fault-tolerant architecture with graceful degradation\n\n### **🚀 Ready to Transform Your AI Agents?**\n\n**[⭐ Star this repository](https:\u002F\u002Fgithub.com\u002F0x4m4\u002Fhexstrike-ai)** • **[🍴 Fork and contribute](https:\u002F\u002Fgithub.com\u002F0x4m4\u002Fhexstrike-ai\u002Ffork)** • **[📖 Read the docs](docs\u002F)**\n\n---\n\n**Made with ❤️ by the cybersecurity community for AI-powered security automation**\n\n*HexStrike AI v6.0 - Where artificial intelligence meets cybersecurity excellence*\n\n\u003C\u002Fdiv>\n","HexStrike AI MCP Agents 是一个先进的MCP服务器，允许AI代理（如Claude、GPT、Copilot等）自主运行超过150种网络安全工具，用于自动化渗透测试、漏洞发现、漏洞赏金自动化和安全研究。其核心功能包括通过多代理架构实现的智能决策引擎、工具选择AI以及参数优化等功能，能够无缝连接大语言模型与实际的攻击性安全能力。该项目采用Python编写，并基于MIT许可证发布。它适用于需要高效、自动化的网络安全测试和研究场景中，例如企业内部的安全审计或红队演练。",2,"2026-06-11 03:24:31","top_topic"]