Connects to HexStrike AI's Flask API backend to access 150+ security tools for cybersecurity operations including network reconnaissance, vulnerability scanning, and penetration testing
Provides Kubernetes security assessment and penetration testing capabilities through the kube_hunter_scan tool
Enables container vulnerability scanning for security assessment of containerized applications
HexStrike AI MCP Server
A standalone network MCP (Model Context Protocol) server that provides direct access to HexStrike AI security tools without requiring local client files.
Overview
This repository contains a network-accessible MCP server that connects to HexStrike AI's Flask API backend and exposes 150+ security tools through the MCP protocol. This allows AI agents like Claude Code to access powerful cybersecurity tools remotely.
Architecture
Features
- Network MCP Server: Direct MCP access over TCP/IP - no local files required
- 150+ Security Tools: Complete access to HexStrike AI's security arsenal
- AI Intelligence: AI-powered target analysis and tool selection
- Specialized Workflows: Bug bounty hunting, CTF challenges, penetration testing
- Real-time Monitoring: Process management and telemetry
- Zero Client Setup: No local HexStrike files needed on client machines
Quick Start
Prerequisites
- Python 3.8+
- HexStrike AI Flask server running on the same machine
- Required Python packages:
requests
,fastmcp
Installation
- Download this MCP server:
- Install dependencies:
- Start HexStrike Flask API (on same machine):
- Start the MCP server:
Client Configuration
For Claude Code in VS Code:
Add to your VS Code user settings (Ctrl+Shift+P
→ "Preferences: Open User Settings (JSON)"):
Available Tools
Network & Reconnaissance
nmap_scan()
- Advanced port scanningrustscan_scan()
- Ultra-fast port scanningamass_enum()
- Subdomain enumerationsubfinder_scan()
- Passive subdomain discovery
Web Application Security
gobuster_scan()
- Directory enumerationnuclei_scan()
- Vulnerability scanning with 4000+ templatessqlmap_scan()
- SQL injection testinghttpx_scan()
- HTTP probing and technology detection
Binary Analysis
ghidra_analyze()
- Advanced reverse engineeringradare2_analyze()
- Binary analysis frameworkgdb_debug()
- GNU debugger with exploit developmentvolatility_analyze()
- Memory forensics
Cloud Security
prowler_assess()
- AWS/Azure/GCP security assessmenttrivy_scan()
- Container vulnerability scanningkube_hunter_scan()
- Kubernetes penetration testing
AI Intelligence & Workflows
ai_analyze_target()
- AI-powered target analysisai_select_tools()
- Intelligent tool selectionbugbounty_reconnaissance()
- Bug bounty hunting workflowsctf_solve_challenge()
- Automated CTF challenge solving
Usage Example
Once configured, use with any MCP-compatible AI agent:
Command Line Options
Security Considerations
⚠️ Important: This tool provides AI agents with access to powerful security tools.
- Authorized Use Only: Only use on systems you own or have explicit permission to test
- Network Security: Run on isolated networks or with proper firewall rules
- Authentication: Consider implementing authentication for production deployments
- Monitoring: Monitor AI agent activities through the telemetry endpoints
Troubleshooting
Connection Issues:
- Verify HexStrike Flask API is running on port 8888
- Check firewall settings for port 8889
- Test connectivity:
curl http://SERVER_IP:8889/health
No Tools Available:
- Ensure security tools are installed on the server machine
- Check
/health
endpoint for tool availability status
Client Connection Failed:
- Verify MCP client configuration
- Check server logs for connection attempts
- Test with debug mode:
--debug
Related Projects
- HexStrike AI: https://github.com/0x4m4/hexstrike-ai - The main security tools framework
- FastMCP: MCP server framework used by this project
License
MIT License - see LICENSE file for details.
Contributing
Contributions welcome! Please:
- Fork the repository
- Create a feature branch
- Submit a pull request
Support
For support and questions:
- Create an issue on GitHub
- Review the troubleshooting section
- Check the setup documentation
This server cannot be installed
remote-capable server
The server can be hosted and run remotely because it primarily relies on remote services or has no dependency on the local environment.
AI-powered cybersecurity automation platform with 150+ security tools and 12+ autonomous AI agents for penetration testing, vulnerability assessment, and bug bounty hunting. Enables comprehensive security testing through intelligent tool selection and automated workflows.