hexstrike-ai-community-edition

HexStrike AI - Community Edition is an AI-powered MCP cybersecurity automation platform. It runs a Python-based MCP server that hosts a growing arsenal of security tools and AI agents, enabling automated reconnaissance, targeted profiling, and integration with various AI clients. You can start the server and then connect an MCP client to control and orchestrate tools and workflows. The recommended flow is to run the server locally (or on a secured host) and use the MCP client to issue commands, load specific tool profiles, and kick off automated scans across your targets.

To use the tools, first start the server, then start the MCP client and point it at the server URL (default http://127.0.0.1:8888). The project supports profiles (e.g., recon, dns_enum, full) to load relevant toolsets, and a compact mode (--compact) to minimize resource usage. You can also run with a Bearer token for API security by setting HEXSTRIKE_API_TOKEN. The server exposes health endpoints and an API for analyzing targets, enabling automated testing pipelines and integration with external clients such as Claude/Cursor, VS Code Copilot, OpenCode, and other MCP-compatible agents.

Prerequisites:

• Python 3.8+ and pip
• Git
• Optional: Virtual environment tooling (venv) for isolation

Step-by-step installation:

1. Clone the repository git clone https://github.com/CommonHuman-Lab/hexstrike-ai-community-edition.git cd hexstrike-ai-community-edition

2. Create and activate a virtual environment python3 -m venv hexstrike-env source hexstrike-env/bin/activate # Linux/macOS hexstrike-env\Scripts\activate # Windows

3. Install Python dependencies pip install -r requirements.txt

4. Install extra Python dependencies for tools pip install -r requirements-tools.txt

5. Run the MCP server (in a separate terminal, keep the server running) python hexstrike_server.py

6. Run the MCP client (in the same or another terminal, using the venv Python to ensure dependencies) hexstrike-env/bin/python hexstrike_mcp.py --server http://localhost:8888

Notes:

• If you want compact mode, launch the MCP client with: hexstrike-env/bin/python hexstrike_mcp.py --compact
• To use profiles, start the client with: hexstrike-env/bin/python hexstrike_mcp.py --profile recon dns_enum
• Ensure required tools (e.g., nmap, masscan) have proper privileges if used in scans. You may need root or capability grants depending on your environment.

Security:

• Configure API tokens and network binding by setting environment variables as described in the README: HEXSTRIKE_API_TOKEN and HEXSTRIKE_HOST.

Tips and common issues:

• If the server binds to localhost, ensure clients run on the same host or set HEXSTRIKE_HOST to 0.0.0.0 to expose it (restrict with tokens).
• Some tools require elevated privileges; consider granting capabilities (e.g., setcap cap_net_raw+ep /usr/bin/nmap) or running as root when necessary, weighing security implications.
• Use profiles to optimize performance for your environment; start with full profile for feature completeness or strong minimal setups for constrained resources (--compact).
• When integrating with external AI clients (VS Code Copilot, Claude Desktop, OpenCode, etc.), follow their respective configuration snippets in the README and link them to http://localhost:8888.
• Monitor health at http://localhost:8888/health and test basic intelligence capabilities via the API example in the README to verify server readiness.