hexstrike-ai MCP — 사용 사례, 설치 & 라이브 데모

왜 쓰나요

핵심 기능

150+ integrated security tools across network, web, binary, cloud, OSINT, and forensics
12+ autonomous AI agents for intelligent decision-making and workflow management
Real-time dashboard with live monitoring and vulnerability reporting
Smart result caching with LRU eviction for performance
Headless Chrome integration for dynamic web application testing

라이브 데모

실제 사용 모습

hexstrike-ai.replay ▶ 준비됨

0/0

설치

클라이언트 선택

~/Library/Application Support/Claude/claude_desktop_config.json · Windows: %APPDATA%\Claude\claude_desktop_config.json

{
  "mcpServers": {
    "hexstrike-ai": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/0x4m4/hexstrike-ai"
      ]
    }
  }
}

Claude Desktop → Settings → Developer → Edit Config 열기. 저장 후 앱 재시작.

~/.cursor/mcp.json · .cursor/mcp.json

{
  "mcpServers": {
    "hexstrike-ai": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/0x4m4/hexstrike-ai"
      ]
    }
  }
}

Cursor는 Claude Desktop과 동일한 mcpServers 스키마 사용. 프로젝트 설정이 전역보다 우선.

VS Code → Cline → MCP Servers → Edit

{
  "mcpServers": {
    "hexstrike-ai": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/0x4m4/hexstrike-ai"
      ]
    }
  }
}

Cline 사이드바의 MCP Servers 아이콘 클릭 후 "Edit Configuration" 선택.

~/.codeium/windsurf/mcp_config.json

{
  "mcpServers": {
    "hexstrike-ai": {
      "command": "TODO",
      "args": [
        "See README: https://github.com/0x4m4/hexstrike-ai"
      ]
    }
  }
}

Claude Desktop과 같은 형식. Windsurf 재시작 후 적용.

~/.continue/config.json

{
  "mcpServers": [
    {
      "name": "hexstrike-ai",
      "command": "TODO",
      "args": [
        "See README: https://github.com/0x4m4/hexstrike-ai"
      ]
    }
  ]
}

Continue는 맵이 아닌 서버 오브젝트 배열 사용.

~/.config/zed/settings.json

{
  "context_servers": {
    "hexstrike-ai": {
      "command": {
        "path": "TODO",
        "args": [
          "See README: https://github.com/0x4m4/hexstrike-ai"
        ]
      }
    }
  }
}

context_servers에 추가. 저장 시 Zed가 핫 리로드.

claude mcp add hexstrike-ai -- TODO 'See README: https://github.com/0x4m4/hexstrike-ai'

한 줄 명령. claude mcp list로 확인, claude mcp remove로 제거.

사용 사례

실전 활용법: hexstrike-ai

How to solve a multi-stage CTF challenge with HexStrike AI

👤 CTF participants working on security challenges ⏱ ~60 min intermediate

언제 쓸까: You have a CTF target and need to enumerate, scan, and exploit in a structured way.

사전 조건

HexStrike AI installed in a sandboxed environment — Clone and pip install in a VM or container
Target is a CTF challenge you are authorized to test — Only use on CTF platforms or labs you have permission to test

흐름

Reconnaissance

Run an Nmap scan on the CTF target at 10.10.10.1. Identify open ports and services.✓ 복사됨

→ Port scan results with service versions
Web enumeration

The target has a web server on port 80. Run Gobuster for directory enumeration and Nikto for vulnerability scanning.✓ 복사됨

→ Discovered directories and potential vulnerabilities
Exploitation assistance

Found a login page at /admin. Run Hydra with the top-1000 passwords list against it.✓ 복사됨

→ Login attempt results

결과: Systematic enumeration and exploitation path for the CTF challenge.

함정

Running aggressive scans that crash the CTF target — Use moderate scan speeds and timing options (Nmap -T3 instead of -T5)

함께 쓰기: filesystem

Perform an authorized web application security assessment

👤 Security professionals with written authorization to test a web application ⏱ ~120 min advanced

언제 쓸까: You have a signed agreement to test a client's web application.

사전 조건

Written authorization for the target — Signed penetration testing agreement from the target owner
HexStrike AI configured — Install and configure in an isolated environment

흐름

Vulnerability scanning

Run Nuclei against https://target.example.com with default templates. Focus on critical and high severity findings.✓ 복사됨

→ List of discovered vulnerabilities with severity ratings
SQL injection testing

Test the login endpoint for SQL injection using SQLMap.✓ 복사됨

→ SQLMap results showing injectable parameters or confirming the endpoint is secure

결과: A documented list of vulnerabilities found during authorized testing.

함정

Testing outside the agreed scope — Always reference your authorization document. Only test explicitly listed assets.

함께 쓰기: filesystem

조합

다른 MCP와 조합해 10배 효율

hexstrike-ai + filesystem

Save scan results and generate a penetration testing report

Run a full assessment on the target, save all results, and generate a professional pentest report as a markdown file.✓ 복사됨

도구

이 MCP가 노출하는 것

도구	입력	언제 호출
nmap_scan	target: str, options?: str	Network port scanning and service detection
nuclei_scan	target: str, templates?: str	Automated vulnerability scanning with templates
sqlmap_test	url: str, params?: str	SQL injection detection and exploitation testing
gobuster_dir	url: str, wordlist?: str	Directory and file brute-force enumeration
hydra_attack	target: str, service: str, userlist?: str, passlist?: str	Password brute-force testing on services

비용 및 제한

운영 비용

API 쿼터: N/A — all tools run locally
호출당 토큰: 500–3000 tokens per scan result
금액: Free — all tools are open source. Some tools (Shodan) need their own API keys.
팁: Run targeted scans instead of full-spectrum sweeps to reduce noise and time.

보안

권한, 시크릿, 파급범위

자격 증명 저장: Individual tool API keys (Shodan, etc.) in environment variables

데이터 외부 송신: Network scans connect to target systems. OSINT tools call their respective APIs.

⚠ This tool is designed for authorized security research, CTF competitions, and defensive analysis only. Do not use it against systems you don't own or have written authorization to test.
These are real offensive security tools — unauthorized use is illegal in most jurisdictions.
Always run in an isolated environment (VM, Docker) to prevent accidental exposure.
Some tools (Hydra, Hashcat) perform brute-force attacks — only use on systems you're authorized to test.

문제 해결

자주 발생하는 오류와 해결

Tool not found / command not available

Many tools must be installed separately on your system. Install them via your package manager (apt, brew) or from source.

확인: which nmap && which nuclei && which sqlmap

Scan timeout

Reduce scan scope or increase timeout. Use -T3 for Nmap instead of default timing.

확인: Try a simple ping or single-port scan first

Permission denied on scan

Some scans (SYN scan) require root. Run with sudo or switch to a less privileged scan type.

확인: sudo nmap -sS target

대안

hexstrike-ai 다른 것과 비교

대안	언제 쓰나	단점/장점
mcp-security-hub	You want Dockerized security tools with better isolation and CI/CD integration	Better containerization but may require more setup
mcp-kali-server	You want a lightweight API bridge to a full Kali Linux installation	Full Kali toolkit but less AI agent specialization

hexstrike-ai

왜 쓰나요

핵심 기능

라이브 데모

실제 사용 모습

설치

클라이언트 선택

사용 사례

실전 활용법: hexstrike-ai

How to solve a multi-stage CTF challenge with HexStrike AI

사전 조건

흐름

함정

Perform an authorized web application security assessment

사전 조건

흐름

함정

조합

다른 MCP와 조합해 10배 효율

도구

이 MCP가 노출하는 것

비용 및 제한

운영 비용

보안

권한, 시크릿, 파급범위

문제 해결

자주 발생하는 오류와 해결

대안

hexstrike-ai 다른 것과 비교

더 보기

리소스