HexStrike AI
HexStrike AI is an AI-powered penetration testing orchestrator that acts as a Model Context Protocol (MCP) server, bridging large language models (Gemini, OpenAI, Cursor, Llama) to 150+ real-world security tools — Nmap, Metasploit, Burp Suite, Aircrack-ng, Hydra, SQLMap, and more.
Unlike a scanner or a chatbot with tools, HexStrike maintains context across an entire engagement, autonomously chains findings into attack paths, recovers from tool failures, and produces structured reports — all driven by natural language prompts.
What's in This Guide
| Section | What You'll Learn |
|---|---|
| Getting Started | What HexStrike is, installation on Kali Linux, and how it compares to other AI security tools |
| LLM Integrations | How to connect HexStrike to Gemini CLI, OpenAI Codex, Cursor MCP, and local Ollama models |
| Recon & OSINT | Passive intelligence with Shodan, email-to-exposure mapping via Cursor |
| Attack Techniques | Network, web, wireless, SSH, SMB, Active Directory, ADCS ESC8, and cloud attacks |
| Password Recovery | AI-orchestrated recovery for ZIP, PDF, Office, WiFi, and SSH credentials |
| Full PT Walkthroughs | End-to-end lab penetration tests: single target, full subnet, black-box AD, web+cloud |
Quick Start
# Option 1: Kali package (recommended — Kali 2025.4+)
sudo apt update && sudo apt install hexstrike-ai
hexstrike_server # starts MCP server on port 8888
# Option 2: From source
git clone https://github.com/0x4m4/hexstrike-ai
cd hexstrike-ai && pip install -r requirements.txt
hexstrike_server
# Connect Gemini CLI
gemini --mcp hexstrike
Authorized labs only. All commands should run against targets you own or have explicit written permission to test.
See the full Installation Guide for all LLM clients.
About the Author
Written by Andrey Pautov — security researcher, penetration tester, and AI offensive security practitioner.
Focused on offensive security, AI security, real-world attack simulations, CTI, and detection engineering. All techniques are demonstrated in authorized lab environments.
| Medium | medium.com/@1200km |
| linkedin.com/in/andrey-pautov | |
| GitHub | github.com/anpa1200 |
| Contact | 1200km@gmail.com |
If this research is useful to you — support this project to keep the lab running.