CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership Jun 05, 2026

HexStrike AI RED-TEAM With 127 Security Tools and BOAZ Red Team Integration

Cybersecurity News Archived Jun 05, 2026 ✓ Full text saved

A fork of the original HexStrike AI project has been released as HexStrike AI v6.0, an advanced Model Context Protocol (MCP)-based cybersecurity automation framework that merges 127 professional security tools with BOAZ, a multi-layered, EDR/AV payload evasion engine built for real-world red team operations The platform enables Claude, GPT, VS Code Copilot, Cursor, and any MCP-compatible […] The post HexStrike AI RED-TEAM With 127 Security Tools and BOAZ Red Team Integration appeared first on Cy

Full text archived locally
✦ AI Summary · Claude Sonnet


    HomeCyber Security News HexStrike AI RED-TEAM With 127 Security Tools and BOAZ Red Team Integration By Guru Baran June 5, 2026 A fork of the original HexStrike AI project has been released as HexStrike AI v6.0, an advanced Model Context Protocol (MCP)-based cybersecurity automation framework that merges 127 professional security tools with BOAZ, a multi-layered, EDR/AV payload evasion engine built for real-world red team operations The platform enables Claude, GPT, VS Code Copilot, Cursor, and any MCP-compatible AI agent to autonomously orchestrate penetration testing workflows, vulnerability discovery, and enterprise evasion payloads, replacing days of manual tooling with minutes of AI-driven analysis. HexStrike AI operates as a FastMCP server that bridges large language models (LLMs) with a curated arsenal of offensive security tools. The architecture positions an Intelligent Decision Engine as the orchestration brain, analyzing targets, selecting optimal tooling, and executing multi-phase assessments without requiring constant human direction. The platform supports six AI client integrations out of the box: Claude Desktop, Cursor, VS Code Copilot, Roo Code, 5ire (partial), and any standards-compliant MCP agent. BOAZ Red Team Integration The most operationally significant addition in this fork from Muhammad Osama, Yenn503, and Aoxley is the full integration of BOAZ (Bypass, Obfuscate, Adapt, Zero-Trust) developed by Thomasxm, an open-source multilayered AV/EDR evasion framework. BOAZ is wired into HexStrike through five dedicated MCP tools and transforms the platform from a scanning engine into a complete red team payload pipeline. Capability Details Process Injection Loaders 77+ loaders across 6 categories: Syscall (11), Stealth (17), Memory Guard (6), Threadless (6), VEH/VCH (5), Userland (4) Encoding Schemes 12 schemes: AES, ChaCha20, DES, RC4, AES2, UUID, XOR, MAC, IPv4, Base45, Base64, Base58 EDR Bypass Techniques API unhooking, ETW (Event Tracing for Windows) patching, LLVM obfuscation via Akira and Pluto compilers Anti-Analysis Controls Anti-emulation checks, sleep obfuscation, entropy reduction, sandbox detection Compiler Support MinGW cross-compiler, NASM assembler, Wine (Windows binary testing on Linux) Output Formats EXE, DLL, CPL; includes self-deletion and anti-forensic options The BOAZ workflow within HexStrike follows a defined payload pipeline: MSFVenom generation → entropy analysis → BOAZ evasion layer → enterprise-grade stealth binary. BOAZ workflow within HexStrike 127- Security Tools Arsenal HexStrike ships with 127 classified security tools, of which 53 are auto-installed via install/install_all.sh and the remaining 74 require manual installation due to licensing constraints, specialized dependencies, or platform-specific requirements. Category Tools Count Network & Reconnaissance nmap, masscan, rustscan, amass, subfinder, nuclei, autorecon, theharvester, responder, netexec 10 Web Application Security gobuster, feroxbuster, ffuf, nikto, sqlmap, wpscan, httpx, hakrawler, dalfox, commix, nosqlmap + more 19 Password & Authentication hydra, john, hashcat, evil-winrm, hashid 5 Binary Analysis & RE gdb, radare2, binwalk, ghidra (JDK), checksec, ropgadget, pwntools, angr + more 13 Forensics & CTF foremost, testdisk, steghide, exiftool, volatility3, scalpel, zsteg, sleuthkit + more 16 Manual installation targets tools with broader enterprise impact: wireless (aircrack-ng, kismet), cloud auditing (kube-hunter, scout-suite, checkov, terrascan, falco), web proxy (Burp Suite, ZAProxy), and OSINT platforms (Maltego, Censys-CLI). Full installation requires approximately 24 GB of disk space and 60–90 minutes of compile time the bulk attributable to building the LLVM-based Akira and Pluto obfuscators from source (~30 minutes each). The fork is available to clone from GitHub. HexStrike AI explicitly scopes legitimate use to: authorized penetration testing engagements with written permission, bug bounty program participation within defined scope, CTF competitions, and red team exercises with organizational approval. Unauthorized testing, data exfiltration, and malicious activities are explicitly prohibited in the project documentation. Check Point Research previously highlighted the dual-use risk of LLM orchestration frameworks like HexStrike, noting that the same abstraction layer that makes the tool powerful for defenders can direct offensive capabilities at scale with minimal human oversight a risk vector that security teams must account for in their defensive posture. Tags cyber security cyber security news Copy URL Linkedin Twitter ReddIt Telegram Guru Baranhttps://cybersecuritynews.com Gurubaran KS is a cybersecurity analyst, and Journalist with a strong focus on emerging threats and digital defense strategies. He is the Co-Founder and Editor-in-Chief of Cyber Security News, where he leads editorial coverage on global cybersecurity developments. Trending News Anthropic’s Claude Oceanus-v1-p Opens to Red Team Testing, but Distribution is Compromised Five OpenClaw 0-Days let Attackers to Hijack Trusted AI Agent Access Malicious RVTools Installer Abuses Sectigo Certificate to Bypass SmartScreen Warnings 1-Click GitHub Token Vulnerability Lets Attackers Steal Users’ OAuth Tokens Hackers Use 34 Malicious Packages to Steal Cloud Keys, Wallets, and SSH Credentials Latest News Cyber Security News binding.gyp Supply Chain Attack Compromises Dozens of npm Packages Across Maintainer Accounts Cyber Security News Hackers Use Malicious Ads to Deliver FlutterShell Backdoor on macOS Systems Cyber Security News Hackers Use Fake Claude Code Install Page to Deliver Fileless .NET Infostealer Cyber Security News IronWorm Supply Chain Attack Uses Malicious npm Packages to Steal Developer Secrets Cyber Security News Stock Exchange Executive’s Outlook Account Targeted to Exfiltrate Credentials
    💬 Team Notes
    Article Info
    Source
    Cybersecurity News
    Category
    ◇ Industry News & Leadership
    Published
    Jun 05, 2026
    Archived
    Jun 05, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗