Skip to main content
Glama

HexStrike AI MCP Server

by b-bogus

HexStrike AI MCP Server

A standalone network MCP (Model Context Protocol) server that provides direct access to HexStrike AI security tools without requiring local client files.

Overview

This repository contains a network-accessible MCP server that connects to HexStrike AI's Flask API backend and exposes 150+ security tools through the MCP protocol. This allows AI agents like Claude Code to access powerful cybersecurity tools remotely.

Architecture

AI Agent (Claude Code) ----MCP over network----> hexstrike_mcp_server.py:8889 | HTTP requests ↓ HexStrike Flask API:8888 ↓ Security Tools (nmap, etc.)

Features

  • Network MCP Server: Direct MCP access over TCP/IP - no local files required
  • 150+ Security Tools: Complete access to HexStrike AI's security arsenal
  • AI Intelligence: AI-powered target analysis and tool selection
  • Specialized Workflows: Bug bounty hunting, CTF challenges, penetration testing
  • Real-time Monitoring: Process management and telemetry
  • Zero Client Setup: No local HexStrike files needed on client machines

Quick Start

Prerequisites

  • Python 3.8+
  • HexStrike AI Flask server running on the same machine
  • Required Python packages: requests, fastmcp

Installation

  1. Download this MCP server:
git clone https://github.com/b-bogus/hexstrike-ai_mcp_server.git cd hexstrike-ai_mcp_server
  1. Install dependencies:
pip install -r requirements.txt
  1. Start HexStrike Flask API (on same machine):
# Download and run HexStrike AI from https://github.com/0x4m4/hexstrike-ai python3 hexstrike_server.py
  1. Start the MCP server:
python3 hexstrike_mcp_server.py --host 0.0.0.0 --port 8889

Client Configuration

For Claude Code in VS Code:

Add to your VS Code user settings (Ctrl+Shift+P → "Preferences: Open User Settings (JSON)"):

{ "mcp.servers": { "hexstrike-ai": { "command": "stdio", "args": [], "env": { "MCP_SERVER_URL": "http://YOUR_SERVER_IP:8889" }, "description": "HexStrike AI MCP Server", "timeout": 300 } } }

Available Tools

Network & Reconnaissance

  • nmap_scan() - Advanced port scanning
  • rustscan_scan() - Ultra-fast port scanning
  • amass_enum() - Subdomain enumeration
  • subfinder_scan() - Passive subdomain discovery

Web Application Security

  • gobuster_scan() - Directory enumeration
  • nuclei_scan() - Vulnerability scanning with 4000+ templates
  • sqlmap_scan() - SQL injection testing
  • httpx_scan() - HTTP probing and technology detection

Binary Analysis

  • ghidra_analyze() - Advanced reverse engineering
  • radare2_analyze() - Binary analysis framework
  • gdb_debug() - GNU debugger with exploit development
  • volatility_analyze() - Memory forensics

Cloud Security

  • prowler_assess() - AWS/Azure/GCP security assessment
  • trivy_scan() - Container vulnerability scanning
  • kube_hunter_scan() - Kubernetes penetration testing

AI Intelligence & Workflows

  • ai_analyze_target() - AI-powered target analysis
  • ai_select_tools() - Intelligent tool selection
  • bugbounty_reconnaissance() - Bug bounty hunting workflows
  • ctf_solve_challenge() - Automated CTF challenge solving

Usage Example

Once configured, use with any MCP-compatible AI agent:

User: "Scan example.com for open ports and vulnerabilities" AI Agent: I'll perform a comprehensive scan of example.com using HexStrike tools. [Agent automatically calls nmap_scan(), then nuclei_scan(), analyzes results, and provides detailed security assessment]

Command Line Options

python3 hexstrike_mcp_server.py [options] Options: --host HOST Host to bind to (default: 0.0.0.0) --port PORT Port to listen on (default: 8889) --api-url URL HexStrike Flask API URL (default: http://localhost:8888) --debug Enable debug logging --help Show help message

Security Considerations

⚠️ Important: This tool provides AI agents with access to powerful security tools.

  • Authorized Use Only: Only use on systems you own or have explicit permission to test
  • Network Security: Run on isolated networks or with proper firewall rules
  • Authentication: Consider implementing authentication for production deployments
  • Monitoring: Monitor AI agent activities through the telemetry endpoints

Troubleshooting

Connection Issues:

  • Verify HexStrike Flask API is running on port 8888
  • Check firewall settings for port 8889
  • Test connectivity: curl http://SERVER_IP:8889/health

No Tools Available:

  • Ensure security tools are installed on the server machine
  • Check /health endpoint for tool availability status

Client Connection Failed:

  • Verify MCP client configuration
  • Check server logs for connection attempts
  • Test with debug mode: --debug
  • HexStrike AI: https://github.com/0x4m4/hexstrike-ai - The main security tools framework
  • FastMCP: MCP server framework used by this project

License

MIT License - see LICENSE file for details.

Contributing

Contributions welcome! Please:

  1. Fork the repository
  2. Create a feature branch
  3. Submit a pull request

Support

For support and questions:

  • Create an issue on GitHub
  • Review the troubleshooting section
  • Check the setup documentation
-
security - not tested
F
license - not found
-
quality - not tested

remote-capable server

The server can be hosted and run remotely because it primarily relies on remote services or has no dependency on the local environment.

AI-powered cybersecurity automation platform with 150+ security tools and 12+ autonomous AI agents for penetration testing, vulnerability assessment, and bug bounty hunting. Enables comprehensive security testing through intelligent tool selection and automated workflows.

  1. Overview
    1. Architecture
      1. Features
        1. Quick Start
          1. Prerequisites
          2. Installation
          3. Client Configuration
        2. Available Tools
          1. Network & Reconnaissance
          2. Web Application Security
          3. Binary Analysis
          4. Cloud Security
          5. AI Intelligence & Workflows
        3. Usage Example
          1. Command Line Options
            1. Security Considerations
              1. Troubleshooting
                1. Related Projects
                  1. License
                    1. Contributing
                      1. Support

                        MCP directory API

                        We provide all the information about MCP servers via our MCP API.

                        curl -X GET 'https://glama.ai/api/mcp/v1/servers/b-bogus/hexstrike-ai_mcp_server'

                        If you have feedback or need assistance with the MCP directory API, please join our Discord server