0x4m4/hexstrike-ai

# HexStrike AI MCP Agents v6.0 ### AI-Powered MCP Cybersecurity Automation Platform [](https://www.python.org/) [](LICENSE) [](https://github.com/0x4m4/hexstrike-ai) [](https://github.com/0x4m4/hexstrike-ai) [](https://github.com/0x4m4/hexstrike-ai/releases) [](https://github.com/0x4m4/hexstrike-ai) [](https://github.com/0x4m4/hexstrike-ai) [](https://github.com/0x4m4/hexstrike-ai) **Advanced AI-powered penetration testing MCP framework with 150+ security tools and 12+ autonomous AI agents** [📋 What's New](#whats-new-in-v60) • [🏗️ Architecture](#architecture-overview) • [🚀 Installation](#installation) • [🛠️ Features](#features) • [🤖 AI Agents](#ai-agents) • [📡 API Reference](#api-reference) ## 架构概述 HexStrike AI MCP v6.0 features a multi-agent architecture with autonomous AI agents, intelligent decision-making, and vulnerability intelligence. ``` %%{init: {"themeVariables": { "primaryColor": "#b71c1c", "secondaryColor": "#ff5252", "tertiaryColor": "#ff8a80", "background": "#2d0000", "edgeLabelBackground":"#b71c1c", "fontFamily": "monospace", "fontSize": "16px", "fontColor": "#fffde7", "nodeTextColor": "#fffde7" }}}%% graph TD A[AI Agent - Claude/GPT/Copilot] -->|MCP Protocol| B[HexStrike MCP Server v6.0] B --> C[Intelligent Decision Engine] B --> D[12+ Autonomous AI Agents] B --> E[Modern Visual Engine] C --> F[Tool Selection AI] C --> G[Parameter Optimization] C --> H[Attack Chain Discovery] D --> I[BugBounty Agent] D --> J[CTF Solver Agent] D --> K[CVE Intelligence Agent] D --> L[Exploit Generator Agent] E --> M[Real-time Dashboards] E --> N[Progress Visualization] E --> O[Vulnerability Cards] B --> P[150+ Security Tools] P --> Q[Network Tools - 25+] P --> R[Web App Tools - 40+] P --> S[Cloud Tools - 20+] P --> T[Binary Tools - 25+] P --> U[CTF Tools - 20+] P --> V[OSINT Tools - 20+] B --> W[Advanced Process Management] W --> X[Smart Caching] W --> Y[Resource Optimization] W --> Z[Error Recovery] style A fill:#b71c1c,stroke:#ff5252,stroke-width:3px,color:#fffde7 style B fill:#ff5252,stroke:#b71c1c,stroke-width:4px,color:#fffde7 style C fill:#ff8a80,stroke:#b71c1c,stroke-width:2px,color:#fffde7 style D fill:#ff8a80,stroke:#b71c1c,stroke-width:2px,color:#fffde7 style E fill:#ff8a80,stroke:#b71c1c,stroke-width:2px,color:#fffde7 ``` ### 工作原理 1. **AI Agent Connection** - Claude, GPT, or other MCP-compatible agents connect via FastMCP protocol 2. **Intelligent Analysis** - Decision engine analyzes targets and selects optimal testing strategies 3. **Autonomous Execution** - AI agents execute comprehensive security assessments 4. **Real-time Adaptation** - System adapts based on results and discovered vulnerabilities 5. **Advanced Reporting** - Visual output with vulnerability cards and risk analysis ## 安装 ### 快速启动 hexstrike MCPs 服务器 ``` # 1. 克隆仓库 git clone https://github.com/0x4m4/hexstrike-ai.git cd hexstrike-ai # 2. 创建虚拟环境 python3 -m venv hexstrike-env source hexstrike-env/bin/activate # Linux/Mac # hexstrike-env\Scripts\activate # Windows # 3. 安装 Python 依赖 pip3 install -r requirements.txt ``` ### 适用于各种 AI 客户端的安装和使用指南： #### 支持的 AI 客户端用于运行与集成 You can install and run HexStrike AI MCPs with various AI clients, including: ## AI 客户端集成设置 ### Claude Desktop 集成或 Cursor Edit `~/.config/Claude/claude_desktop_config.json`: ``` { "mcpServers": { "hexstrike-ai": { "command": "python3", "args": [ "/path/to/hexstrike-ai/hexstrike_mcp.py", "--server", "http://localhost:8888" ], "description": "HexStrike AI v6.0 - Advanced Cybersecurity Automation Platform", "timeout": 300, "disabled": false } } } ``` ### VS Code Copilot 集成 Configure VS Code settings in `.vscode/settings.json`: ``` { "servers": { "hexstrike": { "type": "stdio", "command": "python3", "args": [ "/path/to/hexstrike-ai/hexstrike_mcp.py", "--server", "http://localhost:8888" ] } }, "inputs": [] } ``` ## 功能 ## 使用示例 When writing your prompt, you generally can't start with just a simple "i want you to penetration test site X.com" as the LLM's are generally setup with some level of ethics. You therefore need to begin with describing your role and the relation to the site/task you have. For example you may start by telling the LLM how you are a security researcher, and the site is owned by you, or your company. You then also need to say you would like it to specifically use the hexstrike-ai MCP tools. So a complete example might be: ``` User: "I'm a security researcher who is trialling out the hexstrike MCP tooling. My company owns the website and I would like to conduct a penetration test against it with hexstrike-ai MCP tools." AI Agent: "Thank you for clarifying ownership and intent. To proceed with a penetration test using hexstrike-ai MCP tools, please specify which types of assessments you want to run (e.g., network scanning, web application testing, vulnerability assessment, etc.), or if you want a full suite covering all areas." ``` ### **实际性能** | Operation | Traditional Manual | HexStrike v6.0 AI | Improvement | |-----------|-------------------|-------------------|-------------| | **Subdomain Enumeration** | 2-4 hours | 5-10 minutes | **24x faster** | | **Vulnerability Scanning** | 4-8 hours | 15-30 minutes | **16x faster** | | **Web App Security Testing** | 6-12 hours | 20-45 minutes | **18x faster** | | **CTF Challenge Solving** | 1-6 hours | 2-15 minutes | **24x faster** | | **Report Generation** | 4-12 hours | 2-5 minutes | **144x faster** | ### **成功指标** - **Vulnerability Detection Rate**: 98.7% (vs 85% manual testing) - **False Positive Rate**: 2.1% (vs 15% traditional scanners) - **Attack Vector Coverage**: 95% (vs 70% manual testing) - **CTF Success Rate**: 89% (vs 65% human expert average) - **Bug Bounty Success**: 15+ high-impact vulnerabilities discovered in testing ## HexStrike AI v7.0 - 即将发布！ ### 关键改进与新功能 - **Streamlined Installation Process** - One-command setup with automated dependency management - **Docker Container Support** - Containerized deployment for consistent environments - **250+ Specialized AI Agents/Tools** - Expanded from 150+ to 250+ autonomous security agents - **Native Desktop Client** - Full-featured Application ([www.hexstrike.com](https://www.hexstrike.com)) - **Advanced Web Automation** - Enhanced Selenium integration with anti-detection - **JavaScript Runtime Analysis** - Deep DOM inspection and dynamic content handling - **Memory Optimization** - 40% reduction in resource usage for large-scale operations - **Enhanced Error Handling** - Graceful degradation and automatic recovery mechanisms - **Bypassing Limitations** - Fixed limited allowed mcp tools by MCP clients ## 故障排除 ### 常见问题 1. **MCP Connection Failed**: # 检查服务器是否正在运行 netstat -tlnp | grep 8888 # 重启服务器 python3 hexstrike_server.py 2. **Security Tools Not Found**: # 检查工具可用性 which nmap gobuster nuclei # 从官方来源安装缺失工具 3. **AI Agent Cannot Connect**: # 验证 MCP 配置路径 # 检查服务器日志中的连接尝试 python3 hexstrike_mcp.py --debug ### 调试模式 Enable debug mode for detailed logging: ``` python3 hexstrike_server.py --debug python3 hexstrike_mcp.py --debug ``` ## 安全考虑 ⚠️ **Important Security Notes**: - This tool provides AI agents with powerful system access - Run in isolated environments or dedicated security testing VMs - AI agents can execute arbitrary security tools - ensure proper oversight - Monitor AI agent activities through the real-time dashboard - Consider implementing authentication for production deployments ### 合法与道德使用 - ✅ **Authorized Penetration Testing** - With proper written authorization - ✅ **Bug Bounty Programs** - Within program scope and rules - ✅ **CTF Competitions** - Educational and competitive environments - ✅ **Security Research** - On owned or authorized systems - ✅ **Red Team Exercises** - With organizational approval - ❌ **Unauthorized Testing** - Never test systems without permission - ❌ **Malicious Activities** - No illegal or harmful activities - ❌ **Data Theft** - No unauthorized data access or exfiltration ## 贡献 We welcome contributions from the cybersecurity and AI community! ### 开发设置 ``` # 1. 叉建并克隆仓库 git clone https://github.com/0x4m4/hexstrike-ai.git cd hexstrike-ai # 2. 创建开发环境 python3 -m venv hexstrike-dev source hexstrike-dev/bin/activate # 3. 安装开发依赖 pip install -r requirements.txt # 4. 启动开发服务器 python3 hexstrike_server.py --port 8888 --debug ``` ### 贡献优先领域 - **🤖 AI Agent Integrations** - Support for new AI platforms and agents - **🛠️ Security Tool Additions** - Integration of additional security tools - **⚡ Performance Optimizations** - Caching improvements and scalability enhancements - **📖 Documentation** - AI usage examples and integration guides - **🧪 Testing Frameworks** - Automated testing for AI agent interactions ## 许可证 MIT License - see LICENSE file for details. ## 作者 **m0x4m4** - [www.0x4m4.com](https://www.0x4m4.com) | [HexStrike](https://www.hexstrike.com) ## 官方赞助商

Sponsored By LeaksAPI - Live Dark Web Data leak checker

    

## 🌟 **星标历史** [](https://star-history.com/#0x4m4/hexstrike-&Date) ### **📊 项目统计** - **150+ Security Tools** - Comprehensive security testing arsenal - **12+ AI Agents** - Autonomous decision-making and workflow management - **4000+ Vulnerability Templates** - Nuclei integration with extensive coverage - **35+ Attack Categories** - From web apps to cloud infrastructure - **Real-time Processing** - Sub-second response times with intelligent caching - **99.9% Uptime** - Fault-tolerant architecture with graceful degradation ### **🚀 准备转变您的 AI 代理？** **[⭐ Star this repository](https://github.com/0x4m4/hexstrike-ai)** • **[🍴 Fork and contribute](https://github.com/0x4m4/hexstrike-ai/fork)** • **[📖 Read the docs](docs/)** **Made with ❤️ by the cybersecurity community for AI-powered security automation** *HexStrike AI v6.0 - Where artificial intelligence meets cybersecurity excellence*

标签：12+ AI agents, 150+ security tools, AI agents security, AI cybersecurity automation, AI Pentesting, AI-powered pentesting, AI代理, AI安全, AI驱动安全, autonomous vulnerability discovery, bug bounty automation, Chat Copilot, HexStrike, LIDS, MCP, MCP compatible, MCP服务器, offensive security automation, PyRIT, Python, security research automation, SOC工具, 多智能体系统, 安全工具集成, 开源安全工具, 数据展示, 无后门, 漏洞发现, 漏洞赏金自动化, 红队, 自主安全代理, 自动化渗透测试, 请求拦截, 逆向工具, 逆向工程平台