HexStrike AI RED-TEAM
AI-Powered MCP Cybersecurity Automation Platform with BOAZ Red Team Integration

Advanced AI-powered penetration testing MCP framework with 127 security tools (53 auto-installed), 12+ autonomous AI agents, and BOAZ red team payload evasion (77+ loaders, 12 encoders)
📋 What's New • 🏗️ Architecture • 🚀 Installation • 🛠️ Features • 🤖 AI Agents • 📡 API Reference
🔥 BOAZ Red Team Integration
HexStrike now includes BOAZ, an advanced payload evasion framework for red team operations:
BOAZ Features
- 77+ Process Injection Loaders - Syscall, stealth, memory guard, threadless, and VEH/VCH techniques
- 12 Encoding Schemes - AES, ChaCha20, UUID, XOR, MAC, RC4, and more
- EDR/AV Evasion - API unhooking, ETW patching, LLVM obfuscation (Akira/Pluto)
- Anti-Analysis - Anti-emulation checks, sleep obfuscation, entropy reduction
- Binary Analysis - Entropy analysis and optimization for heuristic evasion
BOAZ Capabilities in Action
EDR/AV Bypass Demonstration
BOAZ-generated payload successfully bypassing ESET Smart Security Premium
Payload with stealth injection techniques evading real-time protection and maintaining low detection profile
MSFVenom Payload Obfuscation
Complete workflow: MSFVenom generation → BOAZ evasion → Enterprise-grade stealth payload
Demonstrates BOAZ transforming standard MSFVenom payloads into sophisticated evasive binaries with:
- Loader #16 (Standard stealth injection)
- UUID Encoding (Low entropy, legitimate-looking format)
- ETW Bypass (Event Tracing for Windows patching)
- Anti-Emulation (Sandbox detection)
- Entropy: 6.06/8 (Excellent for bypassing heuristic analysis)
Architecture Overview
HexStrike AI MCP v6.0 features a multi-agent architecture with autonomous AI agents, intelligent decision-making, and vulnerability intelligence.
%%{init: {"themeVariables": {
"primaryColor": "#b71c1c",
"secondaryColor": "#ff5252",
"tertiaryColor": "#ff8a80",
"background": "#2d0000",
"edgeLabelBackground":"#b71c1c",
"fontFamily": "monospace",
"fontSize": "16px",
"fontColor": "#fffde7",
"nodeTextColor": "#fffde7"
}}}%%
graph TD
A[AI Agent - Claude/GPT/Copilot] -->|MCP Protocol| B[HexStrike MCP Server v6.0]
B --> C[Intelligent Decision Engine]
B --> D[12+ Autonomous AI Agents]
B --> E[Modern Visual Engine]
B --> BOAZ[BOAZ Payload Engine]
C --> F[Tool Selection AI]
C --> G[Parameter Optimization]
C --> H[Attack Chain Discovery]
D --> I[BugBounty Agent]
D --> J[CTF Solver Agent]
D --> K[CVE Intelligence Agent]
D --> L[Exploit Generator Agent]
E --> M[Real-time Dashboards]
E --> N[Progress Visualization]
E --> O[Vulnerability Cards]
BOAZ --> BOAZ1[77+ Process Injection Loaders]
BOAZ --> BOAZ2[12 Encoding Schemes]
BOAZ --> BOAZ3[EDR/AV Evasion]
BOAZ1 --> BOAZ4[Syscall/Stealth/Threadless]
BOAZ2 --> BOAZ5[AES/ChaCha20/UUID/XOR]
BOAZ3 --> BOAZ6[API Unhooking/ETW Patching]
B --> P[127 Security Tools - 53 Auto-Installed]
P --> Q[Network Tools - 10]
P --> R[Web App Tools - 19]
P --> S[Cloud Tools - 10]
P --> T[Binary Tools - 13]
P --> U[CTF Tools - 10]
P --> V[OSINT Tools - 13]
B --> W[Advanced Process Management]
W --> X[Smart Caching]
W --> Y[Resource Optimization]
W --> Z[Error Recovery]
style A fill:#b71c1c,stroke:#ff5252,stroke-width:3px,color:#fffde7
style B fill:#ff5252,stroke:#b71c1c,stroke-width:4px,color:#fffde7
style C fill:#ff8a80,stroke:#b71c1c,stroke-width:2px,color:#fffde7
style D fill:#ff8a80,stroke:#b71c1c,stroke-width:2px,color:#fffde7
style E fill:#ff8a80,stroke:#b71c1c,stroke-width:2px,color:#fffde7
style BOAZ fill:#d32f2f,stroke:#b71c1c,stroke-width:3px,color:#fffde7
How It Works
- AI Agent Connection - Claude, GPT, or other MCP-compatible agents connect via FastMCP protocol
- Intelligent Analysis - Decision engine analyzes targets and selects optimal testing strategies
- Autonomous Execution - AI agents execute comprehensive security assessments using 150+ tools
- Real-time Adaptation - System adapts based on results and discovered vulnerabilities
- BOAZ Payload Generation - Advanced payload evasion with 77+ loaders, 12 encoders, and EDR/AV bypass
- Advanced Reporting - Visual output with vulnerability cards and risk analysis
Installation
Quick Setup to Run the hexstrike MCPs Server
# 1. Clone the repository
git clone https://github.com/Yenn503/Hexstrike-redteam.git hexstrike-ai
cd hexstrike-ai
# 2. Create virtual environment
python3 -m venv hexstrike-env
source hexstrike-env/bin/activate # Linux/Mac
# hexstrike-env\Scripts\activate # Windows
# 3. Install Python dependencies
pip3 install -r requirements.txt
# 4. **REQUIRED: Install BOAZ system dependencies**
# This step is MANDATORY for BOAZ payload generation to work
# Installs MinGW, NASM, Wine, LLVM obfuscators (Akira/Pluto), and build tools
cd BOAZ_beta
bash requirements.sh
cd ..
# The script will:
# - Install MinGW cross-compiler (x86_64-w64-mingw32-g++)
# - Install NASM assembler
# - Install Wine (for testing Windows binaries)
# - Build Akira LLVM obfuscator (~30 min compile time)
# - Build Pluto LLVM obfuscator (~20 min compile time)
# - Install signature tools (Mangle, pyMetaTwin)
# - Install SysWhispers2 for syscall generation
# **Note:** This may take a while depending on your system. Answer 'y' when prompted.
Installation and Setting Up Guide for various AI Clients:
Installation & Demo Video
Watch the full installation and setup walkthrough here: YouTube - HexStrike AI Installation & Demo
Supported AI Clients for Running & Integration
You can install and run HexStrike AI MCPs with various AI clients, including:
- 5ire (Latest version v0.14.0 not supported for now)
- VS Code Copilot
- Roo Code
- Cursor
- Claude Desktop
- Any MCP-compatible agent
Refer to the video above for step-by-step instructions and integration examples for these platforms.
Install Security Tools
Automated Installation (Recommended):
Run the installation script to automatically install 53 essential security tools:
cd install
sudo ./install_all.sh
This installs:
- System dependencies (MinGW, Wine, NASM, build tools)
- 70+ security tools (53 currently working, see breakdown below)
- Python virtual environment with all dependencies
- BOAZ LLVM obfuscators (Akira + Pluto)
- MCP configuration for Claude Desktop/CLI
What Gets Auto-Installed (53 Tools):
- nmap, masscan, rustscan, amass, subfinder, nuclei
- autorecon, theharvester, responder, netexec, enum4linux-ng
- gobuster, feroxbuster, ffuf, nikto, sqlmap, wpscan
- httpx, hakrawler, arjun, wafw00f, dalfox
- gau, waybackurls, paramspider, anew, sublist3r
- jwt-tool, testssl.sh, commix, nosqlmap
- hydra, john, hashcat, evil-winrm, hashid
- gdb, radare2, binwalk, ghidra (JDK only), checksec
- strings, objdump, volatility3, ropgadget, one-gadget
- pwninit, angr, pwntools
- foremost, testdisk, steghide, exiftool, scalpel
- sleuthkit, stegsolve, zsteg, photorec, volatility3
- sherlock, recon-ng, spiderfoot, trufflehog
- amass, subfinder, theharvester, shodan-cli
- prowler, trivy, aws-cli, azure-cli, gcloud, kubectl
- docker-bench-security
- msfconsole, msfvenom, searchsploit (exploit-db)
Tools Requiring Manual Installation (74 tools):
Some specialized tools require manual installation due to licensing, dependencies, or system requirements:
- Wireless: aircrack-ng suite, kismet, wireshark, tshark
- Cloud: kube-hunter, kube-bench, scout-suite, checkov, terrascan, falco, clair
- Web: dirsearch, dirb, burp suite, zaproxy, jaeles, x8, wfuzz, xsser
- Password: medusa, patator, crackmapexec, ophcrack, hashcat-utils, hashpump
- Binary: ropper, libc-database
- OSINT: maltego, censys-cli, have-i-been-pwned, social-analyzer
- Network: arp-scan, nbtscan, rpcclient, smbmap, enum4linux (classic), fierce, dnsenum, tshark
- API: insomnia, postman, httpie
- Forensics: autopsy, bulk-extractor, outguess
- Additional: qsreplace, uro
Installation Notes:
- Installation script works on any Linux system (portable paths)
- No hardcoded user paths - works for all users
- Some tools may fail on certain distributions (fallbacks included)
- Full installation takes ~60-90 minutes (LLVM compilation)
- Requires ~24GB disk space
- See install/README.md for troubleshooting
Browser Agent Requirements:
# Chrome/Chromium for Browser Agent
sudo apt install chromium-browser chromium-chromedriver
# OR install Google Chrome
wget -q -O - https://dl.google.com/linux/linux_signing_key.pub | sudo apt-key add -
echo "deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main" | sudo tee /etc/apt/sources.list.d/google-chrome.list
sudo apt update && sudo apt install google-chrome-stable
Start the Server
# Start the MCP server
python3 hexstrike_server.py
# Optional: Start with debug mode
python3 hexstrike_server.py --debug
# Optional: Custom port configuration
python3 hexstrike_server.py --port 8888
Verify Installation
# Test server health
curl http://localhost:8888/health
# Test AI agent capabilities
curl -X POST http://localhost:8888/api/intelligence/analyze-target \
-H "Content-Type: application/json" \
-d '{"target": "example.com", "analysis_type": "comprehensive"}'
AI Client Integration Setup
Claude Desktop Integration or Cursor
Edit ~/.config/Claude/claude_desktop_config.json:
{
"mcpServers": {
"hexstrike-ai": {
"command": "python3",
"args": [
"/path/to/hexstrike-ai/hexstrike_mcp.py",
"--server",
"http://localhost:8888"
],
"description": "HexStrike AI v6.0 - Advanced Cybersecurity Automation Platform",
"timeout": 300,
"disabled": false
}
}
}
VS Code Copilot Integration
Configure VS Code settings in .vscode/settings.json:
{
"servers": {
"hexstrike": {
"type": "stdio",
"command": "python3",
"args": [
"/path/to/hexstrike-ai/hexstrike_mcp.py",
"--server",
"http://localhost:8888"
]
}
},
"inputs": []
}
BOAZ Capabilities in Action
EDR/AV Bypass Demonstration
BOAZ-generated payload successfully bypassing ESET Smart Security Premium
*Payload with stealth in