Hexstrike 7 PL
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@Hexstrike 7 PLScan 192.168.1.0/24 for open ports"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
Hexstrike 7 PL
AI-Powered MCP Cybersecurity Automation Platform
Polish Community Fork with Enhanced Security
Advanced AI-powered penetration testing MCP framework with 150+ security tools, 12+ autonomous AI agents, and enhanced security features
🇵🇱 Polski • 🇬🇧 English • 🚀 What's New • 🔒 Security
🇵🇱 Wersja Polska
ℹ️ O Projekcie
Hexstrike 7 PL to polska wersja społecznościowa (community fork) zaawansowanego frameworka do testów penetracyjnych HexStrike AI v6.0 stworzonego przez m0x4m4.
Oryginał: HexStrike AI v6.0 by m0x4m4 Fork: Hexstrike 7 PL by netcuter
✨ Co nowego w wersji 7.0 PL?
🔒 Znaczące usprawnienia bezpieczeństwa:
✅ Walidacja poleceń - ochrona przed command injection
✅ Autentykacja API - opcjonalne zabezpieczenie kluczem API
✅ Rate limiting - ochrona przed nadużyciami (100 req/60s domyślnie)
✅ Whitelist narzędzi - tylko autoryzowane narzędzia security
✅ Sanityzacja parametrów - automatyczne czyszczenie niebezpiecznych znaków
✅ Ulepszona obsługa błędów - konkretne wyjątki zamiast bare except
✅ Konfiguracja przez zmienne środowiskowe - łatwe zarządzanie
📚 Dokumentacja dwujęzyczna:
🇵🇱 Pełna dokumentacja w języku polskim
🇬🇧 Kompletna dokumentacja w języku angielskim
📖 Przykłady użycia w obu językach
⚡ Optymalizacje:
Cache z limitami rozmiaru (zapobiega niekontrolowanemu wzrostowi pamięci)
Lepsza organizacja kodu
Konfiguracja przez environment variables
🛡️ Guardrails Layer — Scope Enforcement & Blast-Radius Control:
Warstwa guardrails przekształca Hexstrike z narzędzia hobby-tool w platformę gotową do autonomicznych engagementów (bug bounty, MSSP, pentest-as-a-service).
✅ Scope Validator — każde wywołanie sprawdzane przeciwko scope sesji (CIDR, wildcard, regex). Wywołania out-of-scope → HTTP 403 + audit log
✅ Blast-Radius Tiers — narzędzia podzielone na
safe(recon),intrusive(scanning),destructive(exploitation). Tierdestructivewymaga nagłówkaX-Hexstrike-Confirm-Destructive: yes✅ Kill Switch per sesja —
POST /api/session/<id>/kill— natychmiastowy SIGTERM wszystkich procesów sesji✅ Audit Trail — każde wywołanie, naruszenie scope, eskalacja tier-u logowane → automatycznie w raporcie jako sekcja Methodology (ISO 27001 / PCI DSS compliance)
✅ Per-target Rate Limiting — chroni cele przed przeciążeniem (5 concurrent / 10 req/s domyślnie)
Przykład scope: 192.168.1.0/24, *.example.com, r:.*\.internal\.corp$
🔒 Konfiguracja Bezpieczeństwa
Hexstrike 7 PL wprowadza nowe opcje konfiguracyjne przez zmienne środowiskowe:
# Walidacja poleceń (domyślnie: włączona)
export HEXSTRIKE_VALIDATE_COMMANDS=true
# Autentykacja API (domyślnie: wyłączona)
export HEXSTRIKE_REQUIRE_API_KEY=false
export HEXSTRIKE_API_KEY=your-secret-key-here
# Rate limiting (domyślnie: 100 żądań na 60 sekund)
export HEXSTRIKE_RATE_LIMIT=true
export HEXSTRIKE_RATE_LIMIT_REQUESTS=100
export HEXSTRIKE_RATE_LIMIT_WINDOW=60
# Konfiguracja serwera
export HEXSTRIKE_PORT=8888
export HEXSTRIKE_HOST=127.0.0.1🚀 Szybki Start
1. Instalacja
Opcja A: Docker (zalecana / recommended)
git clone https://github.com/netcuter/Hexstrike-AI.git
cd Hexstrike-AI
docker compose up -dOpcja B: Manualna
# Klonowanie repozytorium
git clone https://github.com/netcuter/Hexstrike-AI.git
cd Hexstrike-AI
# Tworzenie wirtualnego środowiska
python3 -m venv hexstrike-env
source hexstrike-env/bin/activate # Linux/Mac
# hexstrike-env\Scripts\activate # Windows
# Instalacja zależności
pip3 install -r requirements.txt2. Instalacja Narzędzi Security
Podstawowe narzędzia (Essential):
# Skanowanie sieci
sudo apt install nmap masscan rustscan amass subfinder nuclei
# Web security
sudo apt install gobuster feroxbuster dirsearch ffuf nikto sqlmap
# Password cracking
sudo apt install hydra john hashcat3. Uruchomienie Serwera
# Standardowe uruchomienie
python3 hexstrike_server.py
# Z włączoną autentykacją API
export HEXSTRIKE_REQUIRE_API_KEY=true
export HEXSTRIKE_API_KEY=twoj-sekretny-klucz
python3 hexstrike_server.py
# Tryb debug
python3 hexstrike_server.py --debug4. Weryfikacja
# Sprawdzenie statusu serwera
curl http://localhost:8888/health
# Test z API key (jeśli włączony)
curl -H "X-API-Key: twoj-sekretny-klucz" http://localhost:8888/health🛡️ Bezpieczne Użycie
✅ Dozwolone zastosowania:
Autoryzowane testy penetracyjne
Programy bug bounty
Zawody CTF
Badania nad bezpieczeństwem
Ćwiczenia Red Team
❌ Zabronione działania:
Nieautoryzowane testowanie systemów
Działania złośliwe
Kradzież danych
⚠️ WAŻNE: Zawsze uzyskaj pisemną autoryzację przed testowaniem systemów!
📖 Więcej Informacji
Pełna dokumentacja w języku angielskim znajduje się poniżej.
👨💻 Autorzy
Oryginalny autor: m0x4m4 - www.0x4m4.com | HexStrike Fork maintainer: netcuter - GitHub
📜 Licencja
Projekt jest licencjonowany na zasadach MIT License - zobacz plik LICENSE.
Hexstrike 7 PL bazuje na HexStrike AI v6.0 stworzonego przez m0x4m4. Wszystkie prawa do oryginalnego dzieła należą do m0x4m4.
Related MCP server: Mergen
🇬🇧 English Version
ℹ️ About This Project
Hexstrike 7 PL is a Polish community fork of the advanced penetration testing framework HexStrike AI v6.0 created by m0x4m4.
Original: HexStrike AI v6.0 by m0x4m4 Fork: Hexstrike 7 PL by netcuter
✨ What's New in 7.0 PL?
🔒 Major Security Enhancements:
✅ Command Validation - protection against command injection
✅ API Authentication - optional API key security
✅ Rate Limiting - abuse protection (100 req/60s default)
✅ Tool Whitelist - only authorized security tools allowed
✅ Parameter Sanitization - automatic cleaning of dangerous characters
✅ Improved Error Handling - specific exceptions instead of bare except
✅ Environment Configuration - easy management via environment variables
📚 Dual Language Documentation:
🇵🇱 Complete Polish documentation
🇬🇧 Full English documentation
📖 Usage examples in both languages
⚡ Optimizations:
Cache with size limits (prevents uncontrolled memory growth)
Better code organization
Configuration via environment variables
🛡️ Guardrails Layer — Scope Enforcement & Blast-Radius Control:
The guardrails layer transforms Hexstrike from a hobby-tool into a platform ready for autonomous engagements (bug bounty, MSSP, pentest-as-a-service).
✅ Scope Validator — every call validated against session scope (CIDR, wildcard, regex). Out-of-scope calls → HTTP 403 + audit log
✅ Blast-Radius Tiers — tools classified as
safe(recon),intrusive(scanning),destructive(exploitation). Thedestructivetier requires headerX-Hexstrike-Confirm-Destructive: yes✅ Kill Switch per session —
POST /api/session/<id>/kill— instant SIGTERM for all session processes✅ Audit Trail — every call, scope violation, tier escalation logged → auto-included in report as Methodology section (ISO 27001 / PCI DSS compliance)
✅ Per-target Rate Limiting — protects targets from overload (5 concurrent / 10 req/s default)
Example scope: 192.168.1.0/24, *.example.com, r:.*\.internal\.corp$
🔒 Security Configuration
Hexstrike 7 PL introduces new configuration options via environment variables:
# Command validation (default: enabled)
export HEXSTRIKE_VALIDATE_COMMANDS=true
# API authentication (default: disabled)
export HEXSTRIKE_REQUIRE_API_KEY=false
export HEXSTRIKE_API_KEY=your-secret-key-here
# Rate limiting (default: 100 requests per 60 seconds)
export HEXSTRIKE_RATE_LIMIT=true
export HEXSTRIKE_RATE_LIMIT_REQUESTS=100
export HEXSTRIKE_RATE_LIMIT_WINDOW=60
# Server configuration
export HEXSTRIKE_PORT=8888
export HEXSTRIKE_HOST=127.0.0.1🚀 Quick Start
1. Installation
Option A: Docker (recommended)
git clone https://github.com/netcuter/Hexstrike-AI.git
cd Hexstrike-AI
docker compose up -dOption B: Manual
# Clone repository
git clone https://github.com/netcuter/Hexstrike-AI.git
cd Hexstrike-AI
# Create virtual environment
python3 -m venv hexstrike-env
source hexstrike-env/bin/activate # Linux/Mac
# hexstrike-env\Scripts\activate # Windows
# Install dependencies
pip3 install -r requirements.txt2. Install Security Tools
Essential Tools:
# Network scanning
sudo apt install nmap masscan rustscan amass subfinder nuclei
# Web security
sudo apt install gobuster feroxbuster dirsearch ffuf nikto sqlmap
# Password cracking
sudo apt install hydra john hashcat3. Start Server
# Standard start
python3 hexstrike_server.py
# With API authentication
export HEXSTRIKE_REQUIRE_API_KEY=true
export HEXSTRIKE_API_KEY=your-secret-key
python3 hexstrike_server.py
# Debug mode
python3 hexstrike_server.py --debug4. Verification
# Check server status
curl http://localhost:8888/health
# Test with API key (if enabled)
curl -H "X-API-Key: your-secret-key" http://localhost:8888/health🛡️ Safe Usage
✅ Authorized Use Cases:
Authorized penetration testing
Bug bounty programs
CTF competitions
Security research
Red Team exercises
❌ Prohibited Activities:
Unauthorized system testing
Malicious activities
Data theft
⚠️ IMPORTANT: Always obtain written authorization before testing systems!
🏗️ Architecture Overview
Hexstrike 7 PL features a multi-agent architecture with autonomous AI agents, intelligent decision-making, and vulnerability intelligence.
graph TD
A[AI Agent - GPT/Copilot/AI Agents] -->|MCP Protocol| B[Hexstrike 7 PL Server]
B --> C[Security Validation Layer]
B --> D[Intelligent Decision Engine]
B --> E[12+ Autonomous AI Agents]
C --> F[Command Validation]
C --> G[Rate Limiting]
C --> H[API Authentication]
D --> I[Tool Selection AI]
D --> J[Parameter Optimization]
D --> K[Attack Chain Discovery]
E --> L[BugBounty Agent]
E --> M[CTF Solver Agent]
E --> N[CVE Intelligence Agent]
B --> O[150+ Security Tools]📡 Features
150+ Professional Security Tools:
Nmap, Rustscan, Masscan, AutoRecon
Amass, Subfinder, Fierce, DNSEnum
TheHarvester, ARP-Scan, NBTScan
Enum4linux, SMBMap, Responder, NetExec
And more...
Gobuster, Dirsearch, Feroxbuster, FFuf
HTTPx, Katana, Hakrawler, Nuclei
Nikto, SQLMap, WPScan, Arjun
Dalfox, Wafw00f, TestSSL, JWT-Tool
And more...
Hydra, John the Ripper, Hashcat
Medusa, Patator, NetExec
Hash-Identifier, Evil-WinRM
And more...
GDB, Radare2, Ghidra, Binary Ninja
Binwalk, ROPgadget, Checksec
Pwntools, Angr, Volatility
And more...
Prowler, Scout Suite, Trivy
Kube-Hunter, Kube-Bench
Docker Bench Security
And more...
🤖 AI Agents
12+ Specialized AI Agents:
IntelligentDecisionEngine - Tool selection and parameter optimization
BugBountyWorkflowManager - Bug bounty hunting workflows
CTFWorkflowManager - CTF challenge solving
CVEIntelligenceManager - Vulnerability intelligence
AIExploitGenerator - Automated exploit development
VulnerabilityCorrelator - Attack chain discovery
TechnologyDetector - Technology stack identification
RateLimitDetector - Rate limiting detection
FailureRecoverySystem - Error handling and recovery
And more...
🔧 AI Client Integration
MCP Client App / Cursor
Edit ~/.config/mcp-client/mcp_client_config.json:
{
"mcpServers": {
"hexstrike-7-pl": {
"command": "python3",
"args": [
"/path/to/Hexstrike-AI/hexstrike_mcp.py",
"--server",
"http://localhost:8888"
],
"description": "Hexstrike 7 PL - Enhanced Security MCP Server",
"env": {
"HEXSTRIKE_API_KEY": "your-key-if-required"
}
}
}
}VS Code Copilot
Configure in .vscode/settings.json:
{
"servers": {
"hexstrike": {
"type": "stdio",
"command": "python3",
"args": ["/path/to/Hexstrike-AI/hexstrike_mcp.py"]
}
}
}📖 Usage Examples
When using with AI agents, always specify authorization:
User: "I'm a security researcher working for [Company Name].
I have written authorization to conduct a penetration test on
example.com. Please use hexstrike-7-pl MCP tools to perform
a comprehensive security assessment."🛠️ API Reference
Core Security Endpoints
Endpoint | Method | Description |
| GET | Server health check |
| POST | Execute commands (with validation) |
| POST | Async command execution |
| GET | System performance metrics |
Security Headers:
# API Key (if REQUIRE_API_KEY=true)
X-API-Key: your-secret-key
# Or as query parameter
?api_key=your-secret-key🐛 Troubleshooting
Rate Limit Errors
# Increase rate limit
export HEXSTRIKE_RATE_LIMIT_REQUESTS=200
export HEXSTRIKE_RATE_LIMIT_WINDOW=60API Authentication
# Disable API key requirement for testing
export HEXSTRIKE_REQUIRE_API_KEY=falseCommand Validation
# Disable command validation (NOT recommended for production)
export HEXSTRIKE_VALIDATE_COMMANDS=false🤝 Contributing
Contributions are welcome! This is a community fork focused on:
Security improvements
Polish localization
Performance optimizations
Better documentation
👨💻 Authors & Credits
Original Author: m0x4m4 - www.0x4m4.com | HexStrike Fork Maintainer: netcuter - GitHub
Special Thanks:
m0x4m4 for creating the amazing HexStrike AI framework
The cybersecurity community for continuous support
All contributors to the original project
📜 License
This project is licensed under the MIT License - see the LICENSE file for details.
Hexstrike 7 PL is based on HexStrike AI v6.0 created by m0x4m4. All rights to the original work belong to m0x4m4. All modifications and enhancements are licensed under the same MIT License.
Hexstrike 7 PL - Where artificial intelligence meets enhanced cybersecurity
⭐ Star this repository • 🍴 Fork and contribute • 📖 Original Project
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/netcuter/Hexstrike-AI'
If you have feedback or need assistance with the MCP directory API, please join our Discord server