HexStrike AI RED-TEAM With 127 Security Tools and BOAZ Red Team Integration
Cybersecurity NewsArchived Jun 05, 2026✓ Full text saved
A fork of the original HexStrike AI project has been released as HexStrike AI v6.0, an advanced Model Context Protocol (MCP)-based cybersecurity automation framework that merges 127 professional security tools with BOAZ, a multi-layered, EDR/AV payload evasion engine built for real-world red team operations The platform enables Claude, GPT, VS Code Copilot, Cursor, and any MCP-compatible […] The post HexStrike AI RED-TEAM With 127 Security Tools and BOAZ Red Team Integration appeared first on Cy
Full text archived locally
✦ AI Summary· Claude Sonnet
HomeCyber Security News
HexStrike AI RED-TEAM With 127 Security Tools and BOAZ Red Team Integration
By Guru Baran
June 5, 2026
A fork of the original HexStrike AI project has been released as HexStrike AI v6.0, an advanced Model Context Protocol (MCP)-based cybersecurity automation framework that merges 127 professional security tools with BOAZ, a multi-layered, EDR/AV payload evasion engine built for real-world red team operations
The platform enables Claude, GPT, VS Code Copilot, Cursor, and any MCP-compatible AI agent to autonomously orchestrate penetration testing workflows, vulnerability discovery, and enterprise evasion payloads, replacing days of manual tooling with minutes of AI-driven analysis.
HexStrike AI operates as a FastMCP server that bridges large language models (LLMs) with a curated arsenal of offensive security tools.
The architecture positions an Intelligent Decision Engine as the orchestration brain, analyzing targets, selecting optimal tooling, and executing multi-phase assessments without requiring constant human direction.
The platform supports six AI client integrations out of the box: Claude Desktop, Cursor, VS Code Copilot, Roo Code, 5ire (partial), and any standards-compliant MCP agent.
BOAZ Red Team Integration
The most operationally significant addition in this fork from Muhammad Osama, Yenn503, and Aoxley is the full integration of BOAZ (Bypass, Obfuscate, Adapt, Zero-Trust) developed by Thomasxm, an open-source multilayered AV/EDR evasion framework.
BOAZ is wired into HexStrike through five dedicated MCP tools and transforms the platform from a scanning engine into a complete red team payload pipeline.
Capability Details
Process Injection Loaders 77+ loaders across 6 categories: Syscall (11), Stealth (17), Memory Guard (6), Threadless (6), VEH/VCH (5), Userland (4)
Encoding Schemes 12 schemes: AES, ChaCha20, DES, RC4, AES2, UUID, XOR, MAC, IPv4, Base45, Base64, Base58
EDR Bypass Techniques API unhooking, ETW (Event Tracing for Windows) patching, LLVM obfuscation via Akira and Pluto compilers
Anti-Analysis Controls Anti-emulation checks, sleep obfuscation, entropy reduction, sandbox detection
Compiler Support MinGW cross-compiler, NASM assembler, Wine (Windows binary testing on Linux)
Output Formats EXE, DLL, CPL; includes self-deletion and anti-forensic options
The BOAZ workflow within HexStrike follows a defined payload pipeline: MSFVenom generation → entropy analysis → BOAZ evasion layer → enterprise-grade stealth binary.
BOAZ workflow within HexStrike
127- Security Tools Arsenal
HexStrike ships with 127 classified security tools, of which 53 are auto-installed via install/install_all.sh and the remaining 74 require manual installation due to licensing constraints, specialized dependencies, or platform-specific requirements.
Category Tools Count
Network & Reconnaissance nmap, masscan, rustscan, amass, subfinder, nuclei, autorecon, theharvester, responder, netexec 10
Web Application Security gobuster, feroxbuster, ffuf, nikto, sqlmap, wpscan, httpx, hakrawler, dalfox, commix, nosqlmap + more 19
Password & Authentication hydra, john, hashcat, evil-winrm, hashid 5
Binary Analysis & RE gdb, radare2, binwalk, ghidra (JDK), checksec, ropgadget, pwntools, angr + more 13
Forensics & CTF foremost, testdisk, steghide, exiftool, volatility3, scalpel, zsteg, sleuthkit + more 16
Manual installation targets tools with broader enterprise impact: wireless (aircrack-ng, kismet), cloud auditing (kube-hunter, scout-suite, checkov, terrascan, falco), web proxy (Burp Suite, ZAProxy), and OSINT platforms (Maltego, Censys-CLI).
Full installation requires approximately 24 GB of disk space and 60–90 minutes of compile time the bulk attributable to building the LLVM-based Akira and Pluto obfuscators from source (~30 minutes each). The fork is available to clone from GitHub.
HexStrike AI explicitly scopes legitimate use to: authorized penetration testing engagements with written permission, bug bounty program participation within defined scope, CTF competitions, and red team exercises with organizational approval.
Unauthorized testing, data exfiltration, and malicious activities are explicitly prohibited in the project documentation.
Check Point Research previously highlighted the dual-use risk of LLM orchestration frameworks like HexStrike, noting that the same abstraction layer that makes the tool powerful for defenders can direct offensive capabilities at scale with minimal human oversight a risk vector that security teams must account for in their defensive posture.
Tags
cyber security
cyber security news
Copy URL
Linkedin
Twitter
ReddIt
Telegram
Guru Baranhttps://cybersecuritynews.com
Gurubaran KS is a cybersecurity analyst, and Journalist with a strong focus on emerging threats and digital defense strategies. He is the Co-Founder and Editor-in-Chief of Cyber Security News, where he leads editorial coverage on global cybersecurity developments.
Trending News
Anthropic’s Claude Oceanus-v1-p Opens to Red Team Testing, but Distribution is Compromised
Five OpenClaw 0-Days let Attackers to Hijack Trusted AI Agent Access
Malicious RVTools Installer Abuses Sectigo Certificate to Bypass SmartScreen Warnings
1-Click GitHub Token Vulnerability Lets Attackers Steal Users’ OAuth Tokens
Hackers Use 34 Malicious Packages to Steal Cloud Keys, Wallets, and SSH Credentials
Latest News
Cyber Security News
binding.gyp Supply Chain Attack Compromises Dozens of npm Packages Across Maintainer Accounts
Cyber Security News
Hackers Use Malicious Ads to Deliver FlutterShell Backdoor on macOS Systems
Cyber Security News
Hackers Use Fake Claude Code Install Page to Deliver Fileless .NET Infostealer
Cyber Security News
IronWorm Supply Chain Attack Uses Malicious npm Packages to Steal Developer Secrets
Cyber Security News
Stock Exchange Executive’s Outlook Account Targeted to Exfiltrate Credentials