Hexstrike AI Community Edition
HexStrike AI Community Edition - Cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly bridge LLMs with real-world offensive security capabilities.
Install / Use
/learn @CommonHuman-Lab/Hexstrike AI Community EditionQuality Score
Category
Development & EngineeringSupported Platforms
README
HexStrike AI - Community Edition
AI-Powered MCP Cybersecurity Automation Platform
Advanced AI-powered penetration testing MCP framework, on-demand TTP knowledge, and adaptive scanning intelligence
<p align="center"> <a href="https://discord.gg/aC8Q2xJFgp"> <img src="https://img.shields.io/badge/Discord-Join-7289DA?logo=discord&logoColor=white&style=for-the-badge" alt="Join Discord Community" /> </a> </p> </div>🚀 Differences from HexStrike V6
- Bigger Arsenal + Better Agents: Expanded tool coverage, workflow skills, and specialist end-to-end agent systems.
- Dashboard: Run tools, monitor health, stream logs, and export reports from one UI.
- Global Command Palette (
Ctrl/Cmd+K): Jump pages, trigger tools, and move faster with keyboard-first control. - Personalized Run Workflow: Favorite tools, recent targets, and quick compare with previous runs.
- Persistent Run History: Server-side run history survives browser refresh/reset and clears safely with confirmation.
- Theme System Built In: One-click theme switcher with hover preview (Dark, Candy, Unicorn, Minimal, and more).
- Performance Modes:
--compactfor lightweight/local LLM usage and--profilefor targeted tool loading. - Core Improvements: Refactored architecture, updated dependencies, smarter parameter handling, and upgraded MCP orchestration (FastMCP v3).
Details
<details> <summary>Web Dashboard</summary>Served automatically at http://localhost:8888 the moment the server starts — no extra setup required.
What you get:
- Dashboard — KPI cards for tools installed, command telemetry, uptime and more.
- Tool Run — Run any tool, straight from the dashboard!
- Reports — Searchable, filterable tool run history, with export.
- Tool Registry — Searchable, filterable for all registered tools. Click any tool for more details.
- Server Logs — near-realtime SSE log stream.
- Help — IDE/agent configuration snippets for Claude Desktop, VS Code Copilot, Cursor, and OpenCode.
- And much more!
Activate Compact Mode for the MCP server using the
--compactflag. See Flags for more info
- 🚦 Only the two essential gateway tools are loaded—perfect for lightweight deployments, automation pipelines, or running on resource-constrained systems.
- 🏃 Great for running with smaller, local LLMs or when you want minimal overhead.
Specify one or more profiles to load only the relevant ones for your workflow. See Profile flags for more info
- 🚀 Select profiles for targeted workflows to speed up scans and reduce resource usage.
- 🌐 Use --profile full to enable the complete arsenal, it's on default out-the-box for the recommended set.
See Agents for more info
HTB CTF Agent System (@htb-ctf)
A 14-specialist agent system built natively for OpenCode, designed to autonomously solve HTB machines and CTF challenges end-to-end.
Bug Bounty Agent System (@bugbounty)
A 7-specialist agent system built natively for OpenCode, designed for autonomous bug bounty hunting across web, API, and broad wildcard scopes.
Recon Agent System (@recon)
A 5-specialist agent system built natively for OpenCode, designed for pure read-only information gathering across domains, IP addresses, web applications, and APIs.
</details>Installation
Quick Setup & Run Hexstrike Server
Note: Many tools (nmap, masscan, etc.) require elevated privileges for certain scan types. You can either run the setup as
root, or grant individual tool capabilities (e.g.setcap cap_net_raw+ep /usr/bin/nmap). Running as root is simpler but less secure.
# 1. Clone the repository
git clone https://github.com/CommonHuman-Lab/hexstrike-ai-community-edition.git
cd hexstrike-ai-community-edition
# 2. Create virtual environment
python3 -m venv hexstrike-env
source hexstrike-env/bin/activate # Linux/Mac
# sudo source hexstrike-env/bin/activate # Linux as root
# hexstrike-env\Scripts\activate # Windows
# 3. Install Python dependencies
pip3 install -r requirements.txt
# 4. Start the API server
python3 hexstrike_server.py
# 5. Dashboard automatically at http://localhost:8888
# 6. In a separate terminal, start the MCP client
# (use the venv python to ensure dependencies are available)
hexstrike-env/bin/python3 hexstrike_mcp.py --server http://localhost:8888 --profile full
See Flags on how to customize the experience.
Verify Installation
# Browse to http://localhost:8888
# Test server API health
curl http://localhost:8888/health
Use Hexstrike
Installation & Demo Video
Watch the full installation and setup walkthrough here: YouTube - HexStrike AI Installation & Demo
<details> <summary>Supported AI Clients for Running & Integration</summary>You can install and run HexStrike AI MCPs with various AI clients, including:
- 5ire (Latest version v0.14.0 not supported for now)
- VS Code Copilot
- Roo Code
- Cursor
- Claude Desktop
- OpenCode
- Any MCP-compatible agent
Refer to the video above for step-by-step instructions and integration examples for these platforms.
</details> <details> <summary>Claude Desktop Integration or Cursor</summary>Edit ~/.config/Claude/claude_desktop_config.json:
{
"mcpServers": {
"hexstrike": {
"command": "/path/to/hexstrike/hexstrike-env/bin/python3",
"args": [
"/path/to/hexstrike/hexstrike_mcp.py",
"--server",
"http://localhost:8888",
"--profile",
"full"
],
"description": "HexStrike AI Community Edition",
"timeout": 300,
"disabled": false
}
}
}
Configure VS Code settings in .vscode/settings.json:
{
"servers": {
"hexstrike": {
"type": "stdio",
"command": "/path/to/hexstrike/hexstrike-env/bin/python3",
"args": [
"/path/to/hexstrike/hexstrike_mcp.py",
"--server",
"http://localhost:8888",
"--profile",
"full"
]
}
},
"inputs": []
}
Configure OpenCode settings in ~/.config/opencode/opencode.json:
{
"$schema": "https://opencode.ai/config.json",
"mcp": {
"hexstrike": {
"type": "local",
"command": [
"/path/to/hexstrike/hexstrike-env/bin/python3",
"/path/to/hexstrike/hexstrike_mcp.py",
"--server",
"http://127.0.0.1:8888",
"--profile",
"default"
],
"enabled": true
}
}
}
Security Configuration
<details> <summary>Network Binding</summary>By default, the server binds to 127.0.0.1 (localhost only). To configure security:
# Set an API token (server will require Bearer auth on all requests)
export HEXSTRIKE_API_TOKEN=your-secret-token
# Optionally bind to all interfaces (NOT recommended without a token)
export HEXSTRIKE_HOST=0.0.0.0
# Start the server
python3 hexstrike_server.py
Features
Security Tools Arsenal
Categories:
<details> <summary><b>🤖 Automated Recon & Enumeration</b></summary>- BBot – AI-powered reconnaissance and enumeration framework supporting subdomain discovery, module filtering, and safe/fast scanning
- MySQL Query – Direct SQL querying and enumeration for MySQL/MariaDB databases
- PostgreSQL Query – Direct SQL querying and enumeration for PostgreSQL databases
- SQLite Query – Local file-based SQL querying for SQLite databases
- Nmap - Advanced port scanning with custom NSE scripts and service detection
- Rustscan - Ultra-fast port scanner with intelligent rate limiting
- Masscan - High-speed Internet-scale port scanning with banner grabbing
- AutoRecon - Comprehensive automated reconnaissance with 35+ parameters
- Amass - Advanced subdomain enumeration and OSINT gathering
- Subfinder - Fast passive subdomain discovery with multiple sources
- Fierce - DNS reconnaissance and zone transfer testing
- DNSEnum - DNS information gathering and subdomain brute forcing
- TheHarvester - Email and subdomain harvesting from multiple sources
