Skillget

nyxstrike

mcp
Guvenlik Denetimi
Gecti
Health Gecti
  • License — License: NOASSERTION
  • Description — Repository has a description
  • Active repo — Last push 0 days ago
  • Community trust — 64 GitHub stars
Code Gecti
  • Code scan — Scanned 12 files during light audit, no dangerous patterns found
Permissions Gecti
  • Permissions — No dangerous permissions requested
Purpose
This is an AI-powered offensive security orchestration engine that connects Large Language Models (LLMs) to real penetration testing tools. It allows AI agents to automatically execute full attack chains, from initial reconnaissance to exploitation, against designated targets.

Security Assessment
Overall Risk: High. By design, this server executes shell commands and makes extensive network requests to scan, enumerate, and exploit external systems. The bundled tools (like nmap and masscan) require elevated privileges to run certain operations. While the automated code scan did not find any dangerous patterns, hardcoded secrets, or dangerous permission requests, the fundamental nature of the tool is inherently risky. It is designed to actively interact with and compromise systems.

Quality Assessment
The project is actively maintained, with its last code push occurring today. It features a clear, detailed README with comprehensive setup instructions. However, the license is listed as NOASSERTION (despite the README claiming AGPLv3), which may pose compliance or usage concerns for enterprise environments. The tool has moderate community traction, highlighted by 64 GitHub stars.

Verdict
Use with extreme caution: while the code itself is clean and actively maintained, this tool provides AI agents with real offensive hacking capabilities and should only be run in strictly controlled, isolated testing environments against authorized targets.
SUMMARY

AI Powered penetration testing Platform for offensive security research

README.md
NyxStrike

NyxStrike

Previously: Hexstrike AI Community Edition

AI-powered offensive security orchestration engine

⚡ From target → recon → exploit chain in minutes

⭐ If NyxStrike improves your workflow, consider starring the repo — it helps others discover it.

Python
License
Security
MCP

What is NyxStrike?

NyxStrike connects LLM agents to real offensive security tools and executes full attack chains — from recon to exploitation.

🚀 Quick Start (Installation)

Get a full offensive security environment running in minutes.

git clone https://github.com/CommonHuman-Lab/nyxstrike.git
cd nyxstrike

./nyxstrike.sh -a               # Setup + start server
./nyxstrike.sh -a -ai           # + local AI model (~8.4 GB RAM)
./nyxstrike.sh -a -ai-small     # + smaller AI model (~2.5 GB RAM)

Full flag reference: Wiki — Installation & Flags

Verify Setup

Open http://localhost:8888 to access the dashboard.

Some tools (e.g. nmap, masscan) require elevated privileges for specific scan modes. Use a dedicated test VM and least-privilege setup where possible.

🔌 AI Agent Integrations (MCP)

Connect NyxStrike to any MCP-compatible AI client — OpenCode, Cursor, Claude Desktop, VS Code Copilot, Roo Code, and more.

Universal MCP Command

/path/to/nyxstrike/nyxstrike-env/bin/python3 \
  /path/to/nyxstrike/nyxstrike_mcp.py \
  --server http://127.0.0.1:8888 \
  --profile full

OpenCode

{
  "$schema": "https://opencode.ai/config.json",
  "mcp": {
    "nyxstrike": {
      "type": "local",
      "command": [
        "/path/to/nyxstrike/nyxstrike-env/bin/python3",
        "/path/to/nyxstrike/nyxstrike_mcp.py",
        "--server",
        "http://127.0.0.1:8888",
        "--profile",
        "full"
      ],
      "enabled": true
    }
  }
}

Config snippets for Claude Desktop, Cursor, VS Code Copilot, and security options: Wiki — MCP Setup

🔧 Features

NyxStrike does not just run tools — it orchestrates full attack chains using AI decision-making.

  • AI agents that chain tools automatically
  • 185+ offensive security tools, all agent-controllable
  • Full attack workflow: recon → enumeration → exploitation → reporting
  • Modular tool registry — add or remove tools without touching agent logic
  • MCP-compatible — plug into any AI client you already use
  • Real-time session dashboard with live command output and logs

Full feature breakdown · Session & workbench docs

🧰 Tool Arsenal

185+ offensive security tools across 12 categories — all dynamically orchestrated by AI agents in real time.

  • Network reconnaissance
  • Web exploitation
  • Wireless security
  • OSINT & intelligence gathering
  • Password attacks
  • Cloud & API security

Full tool list by category

⚠️ Security Considerations

NyxStrike gives AI agents direct access to offensive security tooling.

  • Run only in isolated environments or dedicated security testing VMs
  • AI agents may execute real commands — maintain operator oversight
  • Monitor activity via dashboard and logs in real time
  • Use NYXSTRIKE_API_TOKEN for any non-local deployment

Legal & Ethical Use

Allowed Not Allowed
Authorized penetration testing (with written authorization) Unauthorized testing of any system
Bug bounty programs (within program scope and rules) Malicious, illegal, or harmful activities
CTF competitions and educational environments Unauthorized data access or exfiltration
Security research on owned or authorized systems
Red team exercises (with organizational approval)

📜 License

Licensed under the AGPLv3.
You are free to use, modify, and distribute this software. If you run it as a service or distribute it, the source must remain open.

For commercial licensing, contact the author.

⭐ Support the project

If NyxStrike is useful to your workflow:

  • Star the repository
  • Share it with others
  • Contribute improvements

It makes a real difference.

Credits

Originally inspired by hexstrike-ai.

Yorumlar (0)

Sonuc bulunamadi