home / mcp / hexstrike ai mcp server
MCP server for Hextstrike AI
Configuration
View docs{
"mcpServers": {
"b-bogus-hexstrike-ai_mcp_server": {
"command": "python3",
"args": [
"hexstrike_mcp_server.py",
"--host",
"0.0.0.0",
"--port",
"8889"
],
"env": {
"MCP_SERVER_URL": "http://YOUR_SERVER_IP:8889"
}
}
}
}HexStrike AI MCP Server provides networked MCP access to HexStrike AI security tools through a Flask-backed backend. It lets AI agents run a large suite of security tools remotely, without requiring local client files, by exposing tools over the MCP protocol via a dedicated server.
You access the HexStrike AI MCP Server from any MCP-compatible client. Start by connecting to the server’s MCP endpoint, then issue high-level security tasks through natural language prompts or predefined workflows. The server coordinates tool selection and execution, returning results and telemetry so you can iterate on security assessments, bug bounty workflows, or CTF challenges.
Prerequisites: Python 3.8+ and a HexStrike Flask API instance running on the same machine.
Install and run steps:
# 1. Clone the MCP server repository
git clone https://github.com/b-bogus/hexstrike-ai_mcp_server.git
cd hexstrike-ai_mcp_server
# 2. Install Python dependencies
pip install -r requirements.txt
# 3. Start the HexStrike Flask API (on the same machine)
# This launches the HexStrike AI backend that the MCP server will proxy to
python3 hexstrike_server.py
# 4. Start the MCP server itself
python3 hexstrike_mcp_server.py --host 0.0.0.0 --port 8889Client configuration is expected to point to the MCP server URL. For example, set MCP_SERVER_URL to http://YOUR_SERVER_IP:8889 so your MCP client routes requests to the server. When deploying, consider network isolation and access controls to prevent unauthorized use of the powerful toolset.
This MCP server provides access to a comprehensive set of security tools. Use it only on systems you own or have explicit permission to test. Run in isolated networks or behind proper firewall rules. Consider authenticating clients in production and regularly monitoring telemetry endpoints to track tool usage.
Connection issues: Ensure the HexStrike Flask API is running on port 8888 and the MCP server is listening on port 8889. Test connectivity with curl http://SERVER_IP:8889/health.
No tools available: Verify that the Flask backend has access to the required security tools and check the /health endpoint for tool availability.
Client connection failed: Double-check MCP client configuration and server logs. Run with --debug to gather more information.
The server exposes numerous tools across categories such as network reconnaissance, web application security, binary analysis, cloud security, and AI-driven workflows. Use these capabilities to support remote AI agents in real-world security tasks.
AI-powered target analysis to identify optimal targets and priorities for security testing.
Intelligent tool selection that chooses the most effective tools based on the analyzed target context.
Bug bounty hunting workflows that orchestrate reconnaissance and data collection.
Automated or assisted solving of CTF challenges using a combination of tools and AI guidance.
Advanced port scanning to discover open services and potential attack surfaces.
Ultra-fast port scanning to quickly enumerate a large address space.
Subdomain enumeration to map the external attack surface.
Passive subdomain discovery for identifying additional entry points.
Directory enumeration to reveal hidden resources on web targets.
Vulnerability scanning with 4000+ templates for rapid risk assessment.
SQL injection testing to identify database exposure vectors.
HTTP probing and technology detection for target profiles.
Advanced reverse engineering analysis using Ghidra.
Binary analysis with the Radare2 framework.
GNU debugger workflow with exploit development support.
Memory forensics analysis using Volatility.
Cloud security assessment for AWS/Azure/GCP environments.
Container vulnerability scanning for image risk assessment.
Kubernetes penetration testing workflow and findings.