HexStrike AI RED-TEAM With 127 Security Tools and BOAZ Red Team Integration

A fork of the original HexStrike AI project has been released as HexStrike AI v6.0, an advanced Model Context Protocol (MCP)-based cybersecurity automation framework that merges 127 professional security tools with BOAZ, a multi-layered, EDR/AV payload evasion engine built for real-world red team operations

The platform enables Claude, GPT, VS Code Copilot, Cursor, and any MCP-compatible AI agent to autonomously orchestrate penetration testing workflows, vulnerability discovery, and enterprise evasion payloads, replacing days of manual tooling with minutes of AI-driven analysis.

HexStrike AI operates as a FastMCP server that bridges large language models (LLMs) with a curated arsenal of offensive security tools.

The architecture positions an Intelligent Decision Engine as the orchestration brain, analyzing targets, selecting optimal tooling, and executing multi-phase assessments without requiring constant human direction.

The platform supports six AI client integrations out of the box: Claude Desktop, Cursor, VS Code Copilot, Roo Code, 5ire (partial), and any standards-compliant MCP agent.

BOAZ Red Team Integration

The most operationally significant addition in this fork from Muhammad Osama, Yenn503, and Aoxley is the full integration of BOAZ (Bypass, Obfuscate, Adapt, Zero-Trust) developed by Thomasxm, an open-source multilayered AV/EDR evasion framework.

BOAZ is wired into HexStrike through five dedicated MCP tools and transforms the platform from a scanning engine into a complete red team payload pipeline.

Capability	Details
Process Injection Loaders	77+ loaders across 6 categories: Syscall (11), Stealth (17), Memory Guard (6), Threadless (6), VEH/VCH (5), Userland (4)
Encoding Schemes	12 schemes: AES, ChaCha20, DES, RC4, AES2, UUID, XOR, MAC, IPv4, Base45, Base64, Base58
EDR Bypass Techniques	API unhooking, ETW (Event Tracing for Windows) patching, LLVM obfuscation via Akira and Pluto compilers
Anti-Analysis Controls	Anti-emulation checks, sleep obfuscation, entropy reduction, sandbox detection
Compiler Support	MinGW cross-compiler, NASM assembler, Wine (Windows binary testing on Linux)
Output Formats	EXE, DLL, CPL; includes self-deletion and anti-forensic options

The BOAZ workflow within HexStrike follows a defined payload pipeline: MSFVenom generation → entropy analysis → BOAZ evasion layer → enterprise-grade stealth binary.

HexStrike ships with 127 classified security tools, of which 53 are auto-installed via install/install_all.sh and the remaining 74 require manual installation due to licensing constraints, specialized dependencies, or platform-specific requirements.

Category	Tools	Count
Network & Reconnaissance	nmap, masscan, rustscan, amass, subfinder, nuclei, autorecon, theharvester, responder, netexec	10
Web Application Security	gobuster, feroxbuster, ffuf, nikto, sqlmap, wpscan, httpx, hakrawler, dalfox, commix, nosqlmap + more	19
Password & Authentication	hydra, john, hashcat, evil-winrm, hashid	5
Binary Analysis & RE	gdb, radare2, binwalk, ghidra (JDK), checksec, ropgadget, pwntools, angr + more	13
Forensics & CTF	foremost, testdisk, steghide, exiftool, volatility3, scalpel, zsteg, sleuthkit + more	16

Manual installation targets tools with broader enterprise impact: wireless (aircrack-ng, kismet), cloud auditing (kube-hunter, scout-suite, checkov, terrascan, falco), web proxy (Burp Suite, ZAProxy), and OSINT platforms (Maltego, Censys-CLI).

Full installation requires approximately 24 GB of disk space and 60–90 minutes of compile time the bulk attributable to building the LLVM-based Akira and Pluto obfuscators from source (~30 minutes each). The fork is available to clone from GitHub.

HexStrike AI explicitly scopes legitimate use to: authorized penetration testing engagements with written permission, bug bounty program participation within defined scope, CTF competitions, and red team exercises with organizational approval.

Unauthorized testing, data exfiltration, and malicious activities are explicitly prohibited in the project documentation.

Check Point Research previously highlighted the dual-use risk of LLM orchestration frameworks like HexStrike, noting that the same abstraction layer that makes the tool powerful for defenders can direct offensive capabilities at scale with minimal human oversight a risk vector that security teams must account for in their defensive posture.