A fork of the original HexStrike AI project has been launched as HexStrike AI v6.0, a complicated Mannequin Context Protocol (MCP)-based cybersecurity automation framework that merges 127 skilled safety instruments with BOAZ, a multi-layered, EDR/AV payload evasion engine constructed for real-world pink crew operations
The platform permits Claude, GPT, VS Code Copilot, Cursor, and any MCP-compatible AI agent to autonomously orchestrate penetration testing workflows, vulnerability discovery, and enterprise evasion payloads, changing days of guide tooling with minutes of AI-driven evaluation.
HexStrike AI operates as a FastMCP server that bridges massive language fashions (LLMs) with a curated arsenal of offensive safety instruments.
The structure positions an Clever Resolution Engine because the orchestration mind, analyzing targets, choosing optimum tooling, and executing multi-phase assessments with out requiring fixed human course.
The platform helps six AI consumer integrations out of the field: Claude Desktop, Cursor, VS Code Copilot, Roo Code, 5ire (partial), and any standards-compliant MCP agent.
BOAZ Purple Staff Integration
Essentially the most operationally important addition on this fork from Muhammad Osama, Yenn503, and Aoxley is the complete integration of BOAZ (Bypass, Obfuscate, Adapt, Zero-Belief) developed by Thomasxm, an open-source multilayered AV/EDR evasion framework.
BOAZ is wired into HexStrike by means of 5 devoted MCP instruments and transforms the platform from a scanning engine into a whole pink crew payload pipeline.
| Functionality | Particulars |
|---|---|
| Course of Injection Loaders | 77+ loaders throughout 6 classes: Syscall (11), Stealth (17), Reminiscence Guard (6), Threadless (6), VEH/VCH (5), Userland (4) |
| Encoding Schemes | 12 schemes: AES, ChaCha20, DES, RC4, AES2, UUID, XOR, MAC, IPv4, Base45, Base64, Base58 |
| EDR Bypass Strategies | API unhooking, ETW (Occasion Tracing for Home windows) patching, LLVM obfuscation by way of Akira and Pluto compilers |
| Anti-Evaluation Controls | Anti-emulation checks, sleep obfuscation, entropy discount, sandbox detection |
| Compiler Assist | MinGW cross-compiler, NASM assembler, Wine (Home windows binary testing on Linux) |
| Output Codecs | EXE, DLL, CPL; contains self-deletion and anti-forensic choices |
The BOAZ workflow inside HexStrike follows an outlined payload pipeline: MSFVenom era → entropy evaluation → BOAZ evasion layer → enterprise-grade stealth binary.
HexStrike ships with 127 categorised safety instruments, of which 53 are auto-installed by way of set up/install_all.sh and the remaining 74 require guide set up as a result of licensing constraints, specialised dependencies, or platform-specific necessities.
| Class | Instruments | Depend |
|---|---|---|
| Community & Reconnaissance | nmap, masscan, rustscan, amass, subfinder, nuclei, autorecon, theharvester, responder, netexec | 10 |
| Internet Utility Safety | gobuster, feroxbuster, ffuf, nikto, sqlmap, wpscan, httpx, hakrawler, dalfox, commix, nosqlmap + extra | 19 |
| Password & Authentication | hydra, john, hashcat, evil-winrm, hashid | 5 |
| Binary Evaluation & RE | gdb, radare2, binwalk, ghidra (JDK), checksec, ropgadget, pwntools, angr + extra | 13 |
| Forensics & CTF | foremost, testdisk, steghide, exiftool, volatility3, scalpel, zsteg, sleuthkit + extra | 16 |
Guide set up targets instruments with broader enterprise affect: wi-fi (aircrack-ng, kismet), cloud auditing (kube-hunter, scout-suite, checkov, terrascan, falco), internet proxy (Burp Suite, ZAProxy), and OSINT platforms (Maltego, Censys-CLI).
Full set up requires roughly 24 GB of disk house and 60–90 minutes of compile time the majority attributable to constructing the LLVM-based Akira and Pluto obfuscators from supply (~half-hour every). The fork is available to clone from GitHub.
HexStrike AI explicitly scopes official use to: licensed penetration testing engagements with written permission, bug bounty program participation inside outlined scope, CTF competitions, and pink crew workouts with organizational approval.
Unauthorized testing, knowledge exfiltration, and malicious actions are explicitly prohibited within the challenge documentation.
Check Point Research previously highlighted the dual-use danger of LLM orchestration frameworks like HexStrike, noting that the identical abstraction layer that makes the device highly effective for defenders can direct offensive capabilities at scale with minimal human oversight a danger vector that safety groups should account for of their defensive posture.