Git Repositories
6 reposSource repository and Docusaurus documentation site for HexStrike AI — the MCP-based pentesting orchestration framework. Covers install, configuration, AI backend integrations (Gemini, OpenAI, Ollama, Cursor), and attack scenario walkthroughs.
Dockerized host vulnerability assessment tool: nine scanner modules run against a Linux host, findings fed to Claude, output is a prioritized vulnerability report with attack chain analysis — all from a single command. No external cloud services needed.
Multi-cloud security scanner: AWS + GCP exposure findings with attack-chain synthesis in 2–4 minutes per scan. 9 AWS modules + 7 GCP modules, 125-test suite, ECS Fargate / Cloud Run deployment, multi-LLM finding analysis with severity classification.
Infrastructure pivoting tool for CTI analysts and red teamers: takes a seed IOC and expands through passive DNS, reverse IP, ASN/hosting reuse, TLS certificates, subdomain enumeration, internet-wide search, and WHOIS. Output is a structured lead graph.
OpenCTI deployment assets with a custom AI enrichment connector powered by Claude. Docker Compose stack for the full OpenCTI core + connectors. The enrichment connector feeds indicators to Claude for structured analysis, context generation, and reporting.
Intentionally vulnerable AI security training lab — DVWA/WebGoat for modern AI systems. Pre-built scenarios demonstrating OWASP LLM Top 10 vulnerabilities: prompt injection, RAG poisoning, tool-call manipulation, data exfiltration via agents.
HexStrike AI Platform
7 articles — setup, strategy, integrationsComplete setup guide: MCP configuration for Gemini, OpenAI, Cursor, and Ollama/Llama backends. First-run walkthrough and performance notes.
Strategic analysis of HexStrike AI's red team impact and the threat landscape implications when this level of automation becomes attacker-accessible.
Side-by-side comparison of two AI pentesting frameworks — architecture, autonomy level, output quality, and practical operator experience.
Local LLM setup: Ubuntu host + Kali VM + SSH bridging architecture for fully offline HexStrike AI operation. Performance benchmarks vs. cloud APIs.
Connecting Shodan's internet-wide exposure data into HexStrike's AI pipeline for automated attack surface enumeration and prioritization.
Full exploitation walkthrough against Metasploitable using HexStrike with OpenAI Codex — from scan to shell with AI-generated payload selection.
Full-scope Cursor + MCP methodology guide: tool selection, workflow design, scope controls, and the modern AI-augmented PT engagement lifecycle.
AI-Driven Attack Walkthroughs
11 articlesEnd-to-end home lab PT: HexStrike AI drives host discovery, service enumeration, vulnerability identification, and exploitation across a real local network.
AI-orchestrated web app PT: reconnaissance, fingerprinting, injection testing, authentication bypass, and finding synthesis with HexStrike + Gemini.
HexStrike AI drives a complete WiFi security assessment — capture, deauth, handshake collection, and password cracking — from a single natural-language prompt.
AI-driven SSH attack: target selection, credential list curation with Gemini, Hydra orchestration, and result synthesis — all via HexStrike MCP.
SMB exposure assessment and credential attack — Gemini CLI selects protocol parameters, HexStrike executes and interprets the brute-force results.
Full subnet compromise walkthrough: Cursor + HexStrike MCP chains host discovery, pivot identification, lateral movement, and credential extraction across a /24.
AI-driven OSINT from a single email address: Cursor orchestrates Shodan, theHarvester, passive DNS, and certificate data into a complete exposure map.
Complete AI-automated ADCS ESC8 exploitation: Cursor + HexStrike chain certificate discovery, ESC8 vulnerability identification, and domain compromise steps.
Three-tool AI stack: Cursor orchestrates HexStrike for infrastructure and Burp Suite MCP for web layers — coverage across cloud, API, and application attack surface.
Fully autonomous K8s PT from a single prompt: AI discovers cluster entry points, misconfigurations, privilege escalation paths, and lateral movement routes.
AI-orchestrated AD attack chain: Kerberoasting, AS-REP roasting, Pass-the-Hash, and LSASS dump — all driven from natural-language attack objectives.
Password Recovery with AI
4 articlesHexStrike + Gemini CLI orchestrates wordlist generation, hash extraction, and John/Hashcat targeting for ZIP archives in an authorized recovery workflow.
DOC, DOCX, and PPT password recovery: Gemini CLI selects office2john extraction parameters and attack mode, HexStrike drives the cracking pipeline.
PDF owner/user password recovery: pdf2john hash extraction, Gemini-selected attack parameters, and Hashcat/John execution via HexStrike orchestration.
Connecting Burp Suite's MCP server to Gemini CLI for AI-driven web application security testing — automated crawl, active scan, and finding triage.
AI Tool Development & Hacking
4 articlesOverview and walkthrough of Villager — an autonomous AI PT framework that chains recon, exploitation, and reporting without human step-by-step input.
Using Cursor AI to generate, iterate, and deploy HID payloads on an Arduino Leonardo. Full workflow from payload concept to physical keystroke injection device.
Cursor AI as a hacker tool factory: generating and refining Android HID attack payloads, testing in an isolated lab, and iterating with AI feedback loops.
Documented experiment: generating functional malware using only natural-language prompts to AI coding tools. Implications for defender awareness and detection coverage.
AI-Enhanced Traditional Tools
8 articlesAI-augmented Nmap recon: feeding scan output to ChatGPT for service fingerprinting interpretation, CVE context, and prioritized attack surface narrative.
LLM-augmented Burp workflow: using AI to interpret scanner findings, generate attack payloads, prioritize vulnerabilities, and draft pentest report sections.
HackerAI as a pentesting copilot: step-by-step guide using HackerAI to guide Metasploitable exploitation — where it helps, where it falls short.
ChatGPT applied to DFIR workflows: evidence triage, artifact correlation, timeline construction, and report generation acceleration for security investigators.
AuditAI build walkthrough: nine scanner modules, Claude integration, Dockerized deployment, and single-command vulnerability report generation.
StratusAI build and deployment: multi-cloud scanning across 16 attack modules, AI-generated attack chain synthesis, and prioritized remediation output.
AIDebug tool walkthrough: automated static analysis that feeds disassembly output to an LLM and returns natural-language function explanations and capability assessments.
Terminal-based AI APK analyzer: permission extraction, certificate inspection, string analysis, and AI-generated threat assessment for Android binaries.
Threat Landscape & Implications
5 articlesMacro analysis of AI's impact across the full offensive lifecycle: how attack velocity, tradecraft variety, and barrier-to-entry change when AI becomes a standard tool.
Evidence-based review of documented threat actor AI adoption: phishing automation, malware generation, reconnaissance acceleration, and the detection implications.
Prompt injection, RAG poisoning, tool-call manipulation, and data exfiltration via AI agents. Practical attack scenarios against production-grade LLM deployments.
Defender-facing analysis: how AI offensive tempo and tradecraft variety break existing detection assumptions, and what coverage gaps open as a result.
Cursor AI as an infrastructure provisioner: generating, executing, and validating a full Windows AD lab deployment from a single natural-language specification.