[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"similar-0x4m4--hexstrike-ai":3,"tool-0x4m4--hexstrike-ai":61},[4,18,26,36,44,53],{"id":5,"name":6,"github_repo":7,"description_zh":8,"stars":9,"difficulty_score":10,"last_commit_at":11,"category_tags":12,"status":17},4358,"openclaw","openclaw\u002Fopenclaw","OpenClaw 是一款专为个人打造的本地化 AI 助手，旨在让你在自己的设备上拥有完全可控的智能伙伴。它打破了传统 AI 助手局限于特定网页或应用的束缚，能够直接接入你日常使用的各类通讯渠道，包括微信、WhatsApp、Telegram、Discord、iMessage 等数十种平台。无论你在哪个聊天软件中发送消息，OpenClaw 都能即时响应，甚至支持在 macOS、iOS 和 Android 设备上进行语音交互，并提供实时的画布渲染功能供你操控。\n\n这款工具主要解决了用户对数据隐私、响应速度以及“始终在线”体验的需求。通过将 AI 部署在本地，用户无需依赖云端服务即可享受快速、私密的智能辅助，真正实现了“你的数据，你做主”。其独特的技术亮点在于强大的网关架构，将控制平面与核心助手分离，确保跨平台通信的流畅性与扩展性。\n\nOpenClaw 非常适合希望构建个性化工作流的技术爱好者、开发者，以及注重隐私保护且不愿被单一生态绑定的普通用户。只要具备基础的终端操作能力（支持 macOS、Linux 及 Windows WSL2），即可通过简单的命令行引导完成部署。如果你渴望拥有一个懂你",349277,3,"2026-04-06T06:32:30",[13,14,15,16],"Agent","开发框架","图像","数据工具","ready",{"id":19,"name":20,"github_repo":21,"description_zh":22,"stars":23,"difficulty_score":10,"last_commit_at":24,"category_tags":25,"status":17},3808,"stable-diffusion-webui","AUTOMATIC1111\u002Fstable-diffusion-webui","stable-diffusion-webui 是一个基于 Gradio 构建的网页版操作界面，旨在让用户能够轻松地在本地运行和使用强大的 Stable Diffusion 图像生成模型。它解决了原始模型依赖命令行、操作门槛高且功能分散的痛点，将复杂的 AI 绘图流程整合进一个直观易用的图形化平台。\n\n无论是希望快速上手的普通创作者、需要精细控制画面细节的设计师，还是想要深入探索模型潜力的开发者与研究人员，都能从中获益。其核心亮点在于极高的功能丰富度：不仅支持文生图、图生图、局部重绘（Inpainting）和外绘（Outpainting）等基础模式，还独创了注意力机制调整、提示词矩阵、负向提示词以及“高清修复”等高级功能。此外，它内置了 GFPGAN 和 CodeFormer 等人脸修复工具，支持多种神经网络放大算法，并允许用户通过插件系统无限扩展能力。即使是显存有限的设备，stable-diffusion-webui 也提供了相应的优化选项，让高质量的 AI 艺术创作变得触手可及。",162132,"2026-04-05T11:01:52",[14,15,13],{"id":27,"name":28,"github_repo":29,"description_zh":30,"stars":31,"difficulty_score":32,"last_commit_at":33,"category_tags":34,"status":17},1381,"everything-claude-code","affaan-m\u002Feverything-claude-code","everything-claude-code 是一套专为 AI 编程助手（如 Claude Code、Codex、Cursor 等）打造的高性能优化系统。它不仅仅是一组配置文件，而是一个经过长期实战打磨的完整框架，旨在解决 AI 代理在实际开发中面临的效率低下、记忆丢失、安全隐患及缺乏持续学习能力等核心痛点。\n\n通过引入技能模块化、直觉增强、记忆持久化机制以及内置的安全扫描功能，everything-claude-code 能显著提升 AI 在复杂任务中的表现，帮助开发者构建更稳定、更智能的生产级 AI 代理。其独特的“研究优先”开发理念和针对 Token 消耗的优化策略，使得模型响应更快、成本更低，同时有效防御潜在的攻击向量。\n\n这套工具特别适合软件开发者、AI 研究人员以及希望深度定制 AI 工作流的技术团队使用。无论您是在构建大型代码库，还是需要 AI 协助进行安全审计与自动化测试，everything-claude-code 都能提供强大的底层支持。作为一个曾荣获 Anthropic 黑客大奖的开源项目，它融合了多语言支持与丰富的实战钩子（hooks），让 AI 真正成长为懂上",153609,2,"2026-04-13T11:34:59",[14,13,35],"语言模型",{"id":37,"name":38,"github_repo":39,"description_zh":40,"stars":41,"difficulty_score":32,"last_commit_at":42,"category_tags":43,"status":17},2271,"ComfyUI","Comfy-Org\u002FComfyUI","ComfyUI 是一款功能强大且高度模块化的视觉 AI 引擎，专为设计和执行复杂的 Stable Diffusion 图像生成流程而打造。它摒弃了传统的代码编写模式，采用直观的节点式流程图界面，让用户通过连接不同的功能模块即可构建个性化的生成管线。\n\n这一设计巧妙解决了高级 AI 绘图工作流配置复杂、灵活性不足的痛点。用户无需具备编程背景，也能自由组合模型、调整参数并实时预览效果，轻松实现从基础文生图到多步骤高清修复等各类复杂任务。ComfyUI 拥有极佳的兼容性，不仅支持 Windows、macOS 和 Linux 全平台，还广泛适配 NVIDIA、AMD、Intel 及苹果 Silicon 等多种硬件架构，并率先支持 SDXL、Flux、SD3 等前沿模型。\n\n无论是希望深入探索算法潜力的研究人员和开发者，还是追求极致创作自由度的设计师与资深 AI 绘画爱好者，ComfyUI 都能提供强大的支持。其独特的模块化架构允许社区不断扩展新功能，使其成为当前最灵活、生态最丰富的开源扩散模型工具之一，帮助用户将创意高效转化为现实。",108322,"2026-04-10T11:39:34",[14,15,13],{"id":45,"name":46,"github_repo":47,"description_zh":48,"stars":49,"difficulty_score":32,"last_commit_at":50,"category_tags":51,"status":17},6121,"gemini-cli","google-gemini\u002Fgemini-cli","gemini-cli 是一款由谷歌推出的开源 AI 命令行工具，它将强大的 Gemini 大模型能力直接集成到用户的终端环境中。对于习惯在命令行工作的开发者而言，它提供了一条从输入提示词到获取模型响应的最短路径，无需切换窗口即可享受智能辅助。\n\n这款工具主要解决了开发过程中频繁上下文切换的痛点，让用户能在熟悉的终端界面内直接完成代码理解、生成、调试以及自动化运维任务。无论是查询大型代码库、根据草图生成应用，还是执行复杂的 Git 操作，gemini-cli 都能通过自然语言指令高效处理。\n\n它特别适合广大软件工程师、DevOps 人员及技术研究人员使用。其核心亮点包括支持高达 100 万 token 的超长上下文窗口，具备出色的逻辑推理能力；内置 Google 搜索、文件操作及 Shell 命令执行等实用工具；更独特的是，它支持 MCP（模型上下文协议），允许用户灵活扩展自定义集成，连接如图像生成等外部能力。此外，个人谷歌账号即可享受免费的额度支持，且项目基于 Apache 2.0 协议完全开源，是提升终端工作效率的理想助手。",100752,"2026-04-10T01:20:03",[52,13,15,14],"插件",{"id":54,"name":55,"github_repo":56,"description_zh":57,"stars":58,"difficulty_score":32,"last_commit_at":59,"category_tags":60,"status":17},4721,"markitdown","microsoft\u002Fmarkitdown","MarkItDown 是一款由微软 AutoGen 团队打造的轻量级 Python 工具，专为将各类文件高效转换为 Markdown 格式而设计。它支持 PDF、Word、Excel、PPT、图片（含 OCR）、音频（含语音转录）、HTML 乃至 YouTube 链接等多种格式的解析，能够精准提取文档中的标题、列表、表格和链接等关键结构信息。\n\n在人工智能应用日益普及的今天，大语言模型（LLM）虽擅长处理文本，却难以直接读取复杂的二进制办公文档。MarkItDown 恰好解决了这一痛点，它将非结构化或半结构化的文件转化为模型“原生理解”且 Token 效率极高的 Markdown 格式，成为连接本地文件与 AI 分析 pipeline 的理想桥梁。此外，它还提供了 MCP（模型上下文协议）服务器，可无缝集成到 Claude Desktop 等 LLM 应用中。\n\n这款工具特别适合开发者、数据科学家及 AI 研究人员使用，尤其是那些需要构建文档检索增强生成（RAG）系统、进行批量文本分析或希望让 AI 助手直接“阅读”本地文件的用户。虽然生成的内容也具备一定可读性，但其核心优势在于为机器",93400,"2026-04-06T19:52:38",[52,14],{"id":62,"github_repo":63,"name":64,"description_en":65,"description_zh":66,"ai_summary_zh":66,"readme_en":67,"readme_zh":68,"quickstart_zh":69,"use_case_zh":70,"hero_image_url":71,"owner_login":72,"owner_name":73,"owner_avatar_url":74,"owner_bio":75,"owner_company":76,"owner_location":77,"owner_email":78,"owner_twitter":72,"owner_website":79,"owner_url":80,"languages":81,"stars":86,"forks":87,"last_commit_at":88,"license":89,"difficulty_score":10,"env_os":90,"env_gpu":91,"env_ram":91,"env_deps":92,"category_tags":106,"github_topics":107,"view_count":32,"oss_zip_url":76,"oss_zip_packed_at":76,"status":17,"created_at":127,"updated_at":128,"faqs":129,"releases":160},7261,"0x4m4\u002Fhexstrike-ai","hexstrike-ai","HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly bridge LLMs with real-world offensive security capabilities.","HexStrike AI 是一款专为网络安全领域打造的自动化平台，旨在让 Claude、GPT 等主流大语言模型能够直接调用并执行超过 150 种专业安全工具。它通过标准的 MCP 协议，将 AI 的智能决策能力与现实世界的渗透测试技术无缝连接，帮助用户自动完成漏洞发现、渗透测试、漏洞赏金狩猎及安全研究等复杂任务。\n\n传统安全测试往往依赖人工操作大量工具，效率受限且门槛较高。HexStrike AI 通过内置的“智能决策引擎”和 12 个专用自主代理（如漏洞赏金代理、CTF 解题代理、CVE 情报代理等），实现了从目标分析、工具选择到攻击链构建的全流程自动化。系统不仅能优化参数组合，还具备实时进度可视化和错误恢复机制，大幅提升了安全评估的效率与覆盖面。\n\n这款工具特别适合网络安全研究人员、渗透测试工程师、漏洞赏金猎人以及希望探索 AI 在攻防领域应用的技术开发者使用。对于需要处理大规模资产扫描或参与 CTF 竞赛的团队，HexStrike AI 能提供强大的辅助支持。其模块化架构和对多种云环境、二进制及网络工具的原生支持，使其成为连接人工智能与实战化网络安全能力的有力桥梁。","\u003Cdiv align=\"center\">\n\n\u003Cimg src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002F0x4m4_hexstrike-ai_readme_9bd82a281ba6.png\" alt=\"HexStrike AI Logo\" width=\"220\" style=\"margin-bottom: 20px;\"\u002F>\n\n# HexStrike AI MCP Agents v6.0\n### AI-Powered MCP Cybersecurity Automation Platform\n\n[![Python](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FPython-3.8%2B-blue.svg)](https:\u002F\u002Fwww.python.org\u002F)\n[![License](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FLicense-MIT-green.svg)](LICENSE)\n[![Security](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FSecurity-Penetration%20Testing-red.svg)](https:\u002F\u002Fgithub.com\u002F0x4m4\u002Fhexstrike-ai)\n[![MCP](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FMCP-Compatible-purple.svg)](https:\u002F\u002Fgithub.com\u002F0x4m4\u002Fhexstrike-ai)\n[![Version](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FVersion-6.0.0-orange.svg)](https:\u002F\u002Fgithub.com\u002F0x4m4\u002Fhexstrike-ai\u002Freleases)\n[![Tools](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FSecurity%20Tools-150%2B-brightgreen.svg)](https:\u002F\u002Fgithub.com\u002F0x4m4\u002Fhexstrike-ai)\n[![Agents](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FAI%20Agents-12%2B-purple.svg)](https:\u002F\u002Fgithub.com\u002F0x4m4\u002Fhexstrike-ai)\n[![Stars](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002F0x4m4\u002Fhexstrike-ai?style=social)](https:\u002F\u002Fgithub.com\u002F0x4m4\u002Fhexstrike-ai)\n\n**Advanced AI-powered penetration testing MCP framework with 150+ security tools and 12+ autonomous AI agents**\n\n[📋 What's New](#whats-new-in-v60) • [🏗️ Architecture](#architecture-overview) • [🚀 Installation](#installation) • [🛠️ Features](#features) • [🤖 AI Agents](#ai-agents) • [📡 API Reference](#api-reference)\n\n\u003C\u002Fdiv>\n\n---\n\n\u003Cdiv align=\"center\">\n\n## Follow Our Social Accounts\n\n\u003Cp align=\"center\">\n  \u003Ca href=\"https:\u002F\u002Fdiscord.gg\u002FBWnmrrSHbA\">\n    \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FDiscord-Join-7289DA?logo=discord&logoColor=white&style=for-the-badge\" alt=\"Join our Discord\" \u002F>\n  \u003C\u002Fa>\n  &nbsp;&nbsp;\n  \u003Ca href=\"https:\u002F\u002Fwww.linkedin.com\u002Fcompany\u002Fhexstrike-ai\">\n    \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FLinkedIn-Follow%20us-0A66C2?logo=linkedin&logoColor=white&style=for-the-badge\" alt=\"Follow us on LinkedIn\" \u002F>\n  \u003C\u002Fa>\n\u003C\u002Fp>\n\n\n\n\u003C\u002Fdiv>\n\n---\n\n## Architecture Overview\n\nHexStrike AI MCP v6.0 features a multi-agent architecture with autonomous AI agents, intelligent decision-making, and vulnerability intelligence.\n\n```mermaid\n%%{init: {\"themeVariables\": {\n  \"primaryColor\": \"#b71c1c\",\n  \"secondaryColor\": \"#ff5252\",\n  \"tertiaryColor\": \"#ff8a80\",\n  \"background\": \"#2d0000\",\n  \"edgeLabelBackground\":\"#b71c1c\",\n  \"fontFamily\": \"monospace\",\n  \"fontSize\": \"16px\",\n  \"fontColor\": \"#fffde7\",\n  \"nodeTextColor\": \"#fffde7\"\n}}}%%\ngraph TD\n    A[AI Agent - Claude\u002FGPT\u002FCopilot] -->|MCP Protocol| B[HexStrike MCP Server v6.0]\n    \n    B --> C[Intelligent Decision Engine]\n    B --> D[12+ Autonomous AI Agents]\n    B --> E[Modern Visual Engine]\n    \n    C --> F[Tool Selection AI]\n    C --> G[Parameter Optimization]\n    C --> H[Attack Chain Discovery]\n    \n    D --> I[BugBounty Agent]\n    D --> J[CTF Solver Agent]\n    D --> K[CVE Intelligence Agent]\n    D --> L[Exploit Generator Agent]\n    \n    E --> M[Real-time Dashboards]\n    E --> N[Progress Visualization]\n    E --> O[Vulnerability Cards]\n    \n    B --> P[150+ Security Tools]\n    P --> Q[Network Tools - 25+]\n    P --> R[Web App Tools - 40+]\n    P --> S[Cloud Tools - 20+]\n    P --> T[Binary Tools - 25+]\n    P --> U[CTF Tools - 20+]\n    P --> V[OSINT Tools - 20+]\n    \n    B --> W[Advanced Process Management]\n    W --> X[Smart Caching]\n    W --> Y[Resource Optimization]\n    W --> Z[Error Recovery]\n    \n    style A fill:#b71c1c,stroke:#ff5252,stroke-width:3px,color:#fffde7\n    style B fill:#ff5252,stroke:#b71c1c,stroke-width:4px,color:#fffde7\n    style C fill:#ff8a80,stroke:#b71c1c,stroke-width:2px,color:#fffde7\n    style D fill:#ff8a80,stroke:#b71c1c,stroke-width:2px,color:#fffde7\n    style E fill:#ff8a80,stroke:#b71c1c,stroke-width:2px,color:#fffde7\n```\n\n### How It Works\n\n1. **AI Agent Connection** - Claude, GPT, or other MCP-compatible agents connect via FastMCP protocol\n2. **Intelligent Analysis** - Decision engine analyzes targets and selects optimal testing strategies\n3. **Autonomous Execution** - AI agents execute comprehensive security assessments\n4. **Real-time Adaptation** - System adapts based on results and discovered vulnerabilities\n5. **Advanced Reporting** - Visual output with vulnerability cards and risk analysis\n\n---\n\n## Installation\n\n### Quick Setup to Run the hexstrike MCPs Server\n\n```bash\n# 1. Clone the repository\ngit clone https:\u002F\u002Fgithub.com\u002F0x4m4\u002Fhexstrike-ai.git\ncd hexstrike-ai\n\n# 2. Create virtual environment\npython3 -m venv hexstrike-env\nsource hexstrike-env\u002Fbin\u002Factivate  # Linux\u002FMac\n# hexstrike-env\\Scripts\\activate   # Windows\n\n# 3. Install Python dependencies\npip3 install -r requirements.txt\n\n```\n\n### Installation and Setting Up Guide for various AI Clients:\n\n#### Installation & Demo Video\n\nWatch the full installation and setup walkthrough here: [YouTube - HexStrike AI Installation & Demo](https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=pSoftCagCm8)\n\n#### Supported AI Clients for Running & Integration\n\nYou can install and run HexStrike AI MCPs with various AI clients, including:\n\n- **5ire (Latest version v0.14.0 not supported for now)**\n- **VS Code Copilot**\n- **Roo Code**\n- **Cursor**\n- **Claude Desktop**\n- **Any MCP-compatible agent**\n\nRefer to the video above for step-by-step instructions and integration examples for these platforms.\n\n\n\n### Install Security Tools\n\n**Core Tools (Essential):**\n```bash\n# Network & Reconnaissance\nnmap masscan rustscan amass subfinder nuclei fierce dnsenum\nautorecon theharvester responder netexec enum4linux-ng\n\n# Web Application Security\ngobuster feroxbuster dirsearch ffuf dirb httpx katana\nnikto sqlmap wpscan arjun paramspider dalfox wafw00f\n\n# Password & Authentication\nhydra john hashcat medusa patator crackmapexec\nevil-winrm hash-identifier ophcrack\n\n# Binary Analysis & Reverse Engineering\ngdb radare2 binwalk ghidra checksec strings objdump\nvolatility3 foremost steghide exiftool\n```\n\n**Cloud Security Tools:**\n```bash\nprowler scout-suite trivy\nkube-hunter kube-bench docker-bench-security\n```\n\n**Browser Agent Requirements:**\n```bash\n# Chrome\u002FChromium for Browser Agent\nsudo apt install chromium-browser chromium-chromedriver\n# OR install Google Chrome\nwget -q -O - https:\u002F\u002Fdl.google.com\u002Flinux\u002Flinux_signing_key.pub | sudo apt-key add -\necho \"deb [arch=amd64] http:\u002F\u002Fdl.google.com\u002Flinux\u002Fchrome\u002Fdeb\u002F stable main\" | sudo tee \u002Fetc\u002Fapt\u002Fsources.list.d\u002Fgoogle-chrome.list\nsudo apt update && sudo apt install google-chrome-stable\n```\n\n### Start the Server\n\n```bash\n# Start the MCP server\npython3 hexstrike_server.py\n\n# Optional: Start with debug mode\npython3 hexstrike_server.py --debug\n\n# Optional: Custom port configuration\npython3 hexstrike_server.py --port 8888\n```\n\n### Verify Installation\n\n```bash\n# Test server health\ncurl http:\u002F\u002Flocalhost:8888\u002Fhealth\n\n# Test AI agent capabilities\ncurl -X POST http:\u002F\u002Flocalhost:8888\u002Fapi\u002Fintelligence\u002Fanalyze-target \\\n  -H \"Content-Type: application\u002Fjson\" \\\n  -d '{\"target\": \"example.com\", \"analysis_type\": \"comprehensive\"}'\n```\n\n---\n\n## AI Client Integration Setup\n\n### Claude Desktop Integration or Cursor\n\nEdit `~\u002F.config\u002FClaude\u002Fclaude_desktop_config.json`:\n```json\n{\n  \"mcpServers\": {\n    \"hexstrike-ai\": {\n      \"command\": \"python3\",\n      \"args\": [\n        \"\u002Fpath\u002Fto\u002Fhexstrike-ai\u002Fhexstrike_mcp.py\",\n        \"--server\",\n        \"http:\u002F\u002Flocalhost:8888\"\n      ],\n      \"description\": \"HexStrike AI v6.0 - Advanced Cybersecurity Automation Platform\",\n      \"timeout\": 300,\n      \"disabled\": false\n    }\n  }\n}\n```\n\n### VS Code Copilot Integration\n\nConfigure VS Code settings in `.vscode\u002Fsettings.json`:\n```json\n{\n  \"servers\": {\n    \"hexstrike\": {\n      \"type\": \"stdio\",\n      \"command\": \"python3\",\n      \"args\": [\n        \"\u002Fpath\u002Fto\u002Fhexstrike-ai\u002Fhexstrike_mcp.py\",\n        \"--server\",\n        \"http:\u002F\u002Flocalhost:8888\"\n      ]\n    }\n  },\n  \"inputs\": []\n}\n```\n\n---\n\n## Features\n\n### Security Tools Arsenal\n\n**150+ Professional Security Tools:**\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>🔍 Network Reconnaissance & Scanning (25+ Tools)\u003C\u002Fb>\u003C\u002Fsummary>\n\n- **Nmap** - Advanced port scanning with custom NSE scripts and service detection\n- **Rustscan** - Ultra-fast port scanner with intelligent rate limiting\n- **Masscan** - High-speed Internet-scale port scanning with banner grabbing\n- **AutoRecon** - Comprehensive automated reconnaissance with 35+ parameters\n- **Amass** - Advanced subdomain enumeration and OSINT gathering\n- **Subfinder** - Fast passive subdomain discovery with multiple sources\n- **Fierce** - DNS reconnaissance and zone transfer testing\n- **DNSEnum** - DNS information gathering and subdomain brute forcing\n- **TheHarvester** - Email and subdomain harvesting from multiple sources\n- **ARP-Scan** - Network discovery using ARP requests\n- **NBTScan** - NetBIOS name scanning and enumeration\n- **RPCClient** - RPC enumeration and null session testing\n- **Enum4linux** - SMB enumeration with user, group, and share discovery\n- **Enum4linux-ng** - Advanced SMB enumeration with enhanced logging\n- **SMBMap** - SMB share enumeration and exploitation\n- **Responder** - LLMNR, NBT-NS and MDNS poisoner for credential harvesting\n- **NetExec** - Network service exploitation framework (formerly CrackMapExec)\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>🌐 Web Application Security Testing (40+ Tools)\u003C\u002Fb>\u003C\u002Fsummary>\n\n- **Gobuster** - Directory, file, and DNS enumeration with intelligent wordlists\n- **Dirsearch** - Advanced directory and file discovery with enhanced logging\n- **Feroxbuster** - Recursive content discovery with intelligent filtering\n- **FFuf** - Fast web fuzzer with advanced filtering and parameter discovery\n- **Dirb** - Comprehensive web content scanner with recursive scanning\n- **HTTPx** - Fast HTTP probing and technology detection\n- **Katana** - Next-generation crawling and spidering with JavaScript support\n- **Hakrawler** - Fast web endpoint discovery and crawling\n- **Gau** - Get All URLs from multiple sources (Wayback, Common Crawl, etc.)\n- **Waybackurls** - Historical URL discovery from Wayback Machine\n- **Nuclei** - Fast vulnerability scanner with 4000+ templates\n- **Nikto** - Web server vulnerability scanner with comprehensive checks\n- **SQLMap** - Advanced automatic SQL injection testing with tamper scripts\n- **WPScan** - WordPress security scanner with vulnerability database\n- **Arjun** - HTTP parameter discovery with intelligent fuzzing\n- **ParamSpider** - Parameter mining from web archives\n- **X8** - Hidden parameter discovery with advanced techniques\n- **Jaeles** - Advanced vulnerability scanning with custom signatures\n- **Dalfox** - Advanced XSS vulnerability scanning with DOM analysis\n- **Wafw00f** - Web application firewall fingerprinting\n- **TestSSL** - SSL\u002FTLS configuration testing and vulnerability assessment\n- **SSLScan** - SSL\u002FTLS cipher suite enumeration\n- **SSLyze** - Fast and comprehensive SSL\u002FTLS configuration analyzer\n- **Anew** - Append new lines to files for efficient data processing\n- **QSReplace** - Query string parameter replacement for systematic testing\n- **Uro** - URL filtering and deduplication for efficient testing\n- **Whatweb** - Web technology identification with fingerprinting\n- **JWT-Tool** - JSON Web Token testing with algorithm confusion\n- **GraphQL-Voyager** - GraphQL schema exploration and introspection testing\n- **Burp Suite Extensions** - Custom extensions for advanced web testing\n- **ZAP Proxy** - OWASP ZAP integration for automated security scanning\n- **Wfuzz** - Web application fuzzer with advanced payload generation\n- **Commix** - Command injection exploitation tool with automated detection\n- **NoSQLMap** - NoSQL injection testing for MongoDB, CouchDB, etc.\n- **Tplmap** - Server-side template injection exploitation tool\n\n**🌐 Advanced Browser Agent:**\n- **Headless Chrome Automation** - Full Chrome browser automation with Selenium\n- **Screenshot Capture** - Automated screenshot generation for visual inspection\n- **DOM Analysis** - Deep DOM tree analysis and JavaScript execution monitoring\n- **Network Traffic Monitoring** - Real-time network request\u002Fresponse logging\n- **Security Header Analysis** - Comprehensive security header validation\n- **Form Detection & Analysis** - Automatic form discovery and input field analysis\n- **JavaScript Execution** - Dynamic content analysis with full JavaScript support\n- **Proxy Integration** - Seamless integration with Burp Suite and other proxies\n- **Multi-page Crawling** - Intelligent web application spidering and mapping\n- **Performance Metrics** - Page load times, resource usage, and optimization insights\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>🔐 Authentication & Password Security (12+ Tools)\u003C\u002Fb>\u003C\u002Fsummary>\n\n- **Hydra** - Network login cracker supporting 50+ protocols\n- **John the Ripper** - Advanced password hash cracking with custom rules\n- **Hashcat** - World's fastest password recovery tool with GPU acceleration\n- **Medusa** - Speedy, parallel, modular login brute-forcer\n- **Patator** - Multi-purpose brute-forcer with advanced modules\n- **NetExec** - Swiss army knife for pentesting networks\n- **SMBMap** - SMB share enumeration and exploitation tool\n- **Evil-WinRM** - Windows Remote Management shell with PowerShell integration\n- **Hash-Identifier** - Hash type identification tool\n- **HashID** - Advanced hash algorithm identifier with confidence scoring\n- **CrackStation** - Online hash lookup integration\n- **Ophcrack** - Windows password cracker using rainbow tables\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>🔬 Binary Analysis & Reverse Engineering (25+ Tools)\u003C\u002Fb>\u003C\u002Fsummary>\n\n- **GDB** - GNU Debugger with Python scripting and exploit development support\n- **GDB-PEDA** - Python Exploit Development Assistance for GDB\n- **GDB-GEF** - GDB Enhanced Features for exploit development\n- **Radare2** - Advanced reverse engineering framework with comprehensive analysis\n- **Ghidra** - NSA's software reverse engineering suite with headless analysis\n- **IDA Free** - Interactive disassembler with advanced analysis capabilities\n- **Binary Ninja** - Commercial reverse engineering platform\n- **Binwalk** - Firmware analysis and extraction tool with recursive extraction\n- **ROPgadget** - ROP\u002FJOP gadget finder with advanced search capabilities\n- **Ropper** - ROP gadget finder and exploit development tool\n- **One-Gadget** - Find one-shot RCE gadgets in libc\n- **Checksec** - Binary security property checker with comprehensive analysis\n- **Strings** - Extract printable strings from binaries with filtering\n- **Objdump** - Display object file information with Intel syntax\n- **Readelf** - ELF file analyzer with detailed header information\n- **XXD** - Hex dump utility with advanced formatting\n- **Hexdump** - Hex viewer and editor with customizable output\n- **Pwntools** - CTF framework and exploit development library\n- **Angr** - Binary analysis platform with symbolic execution\n- **Libc-Database** - Libc identification and offset lookup tool\n- **Pwninit** - Automate binary exploitation setup\n- **Volatility** - Advanced memory forensics framework\n- **MSFVenom** - Metasploit payload generator with advanced encoding\n- **UPX** - Executable packer\u002Funpacker for binary analysis\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>☁️ Cloud & Container Security (20+ Tools)\u003C\u002Fb>\u003C\u002Fsummary>\n\n- **Prowler** - AWS\u002FAzure\u002FGCP security assessment with compliance checks\n- **Scout Suite** - Multi-cloud security auditing for AWS, Azure, GCP, Alibaba Cloud\n- **CloudMapper** - AWS network visualization and security analysis\n- **Pacu** - AWS exploitation framework with comprehensive modules\n- **Trivy** - Comprehensive vulnerability scanner for containers and IaC\n- **Clair** - Container vulnerability analysis with detailed CVE reporting\n- **Kube-Hunter** - Kubernetes penetration testing with active\u002Fpassive modes\n- **Kube-Bench** - CIS Kubernetes benchmark checker with remediation\n- **Docker Bench Security** - Docker security assessment following CIS benchmarks\n- **Falco** - Runtime security monitoring for containers and Kubernetes\n- **Checkov** - Infrastructure as code security scanning\n- **Terrascan** - Infrastructure security scanner with policy-as-code\n- **CloudSploit** - Cloud security scanning and monitoring\n- **AWS CLI** - Amazon Web Services command line with security operations\n- **Azure CLI** - Microsoft Azure command line with security assessment\n- **GCloud** - Google Cloud Platform command line with security tools\n- **Kubectl** - Kubernetes command line with security context analysis\n- **Helm** - Kubernetes package manager with security scanning\n- **Istio** - Service mesh security analysis and configuration assessment\n- **OPA** - Policy engine for cloud-native security and compliance\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>🏆 CTF & Forensics Tools (20+ Tools)\u003C\u002Fb>\u003C\u002Fsummary>\n\n- **Volatility** - Advanced memory forensics framework with comprehensive plugins\n- **Volatility3** - Next-generation memory forensics with enhanced analysis\n- **Foremost** - File carving and data recovery with signature-based detection\n- **PhotoRec** - File recovery software with advanced carving capabilities\n- **TestDisk** - Disk partition recovery and repair tool\n- **Steghide** - Steganography detection and extraction with password support\n- **Stegsolve** - Steganography analysis tool with visual inspection\n- **Zsteg** - PNG\u002FBMP steganography detection tool\n- **Outguess** - Universal steganographic tool for JPEG images\n- **ExifTool** - Metadata reader\u002Fwriter for various file formats\n- **Binwalk** - Firmware analysis and reverse engineering with extraction\n- **Scalpel** - File carving tool with configurable headers and footers\n- **Bulk Extractor** - Digital forensics tool for extracting features\n- **Autopsy** - Digital forensics platform with timeline analysis\n- **Sleuth Kit** - Collection of command-line digital forensics tools\n\n**Cryptography & Hash Analysis:**\n- **John the Ripper** - Password cracker with custom rules and advanced modes\n- **Hashcat** - GPU-accelerated password recovery with 300+ hash types\n- **Hash-Identifier** - Hash type identification with confidence scoring\n- **CyberChef** - Web-based analysis toolkit for encoding and encryption\n- **Cipher-Identifier** - Automatic cipher type detection and analysis\n- **Frequency-Analysis** - Statistical cryptanalysis for substitution ciphers\n- **RSATool** - RSA key analysis and common attack implementations\n- **FactorDB** - Integer factorization database for cryptographic challenges\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>🔥 Bug Bounty & OSINT Arsenal (20+ Tools)\u003C\u002Fb>\u003C\u002Fsummary>\n\n- **Amass** - Advanced subdomain enumeration and OSINT gathering\n- **Subfinder** - Fast passive subdomain discovery with API integration\n- **Hakrawler** - Fast web endpoint discovery and crawling\n- **HTTPx** - Fast and multi-purpose HTTP toolkit with technology detection\n- **ParamSpider** - Mining parameters from web archives\n- **Aquatone** - Visual inspection of websites across hosts\n- **Subjack** - Subdomain takeover vulnerability checker\n- **DNSEnum** - DNS enumeration script with zone transfer capabilities\n- **Fierce** - Domain scanner for locating targets with DNS analysis\n- **TheHarvester** - Email and subdomain harvesting from multiple sources\n- **Sherlock** - Username investigation across 400+ social networks\n- **Social-Analyzer** - Social media analysis and OSINT gathering\n- **Recon-ng** - Web reconnaissance framework with modular architecture\n- **Maltego** - Link analysis and data mining for OSINT investigations\n- **SpiderFoot** - OSINT automation with 200+ modules\n- **Shodan** - Internet-connected device search with advanced filtering\n- **Censys** - Internet asset discovery with certificate analysis\n- **Have I Been Pwned** - Breach data analysis and credential exposure\n- **Pipl** - People search engine integration for identity investigation\n- **TruffleHog** - Git repository secret scanning with entropy analysis\n\n\u003C\u002Fdetails>\n\n### AI Agents\n\n**12+ Specialized AI Agents:**\n\n- **IntelligentDecisionEngine** - Tool selection and parameter optimization\n- **BugBountyWorkflowManager** - Bug bounty hunting workflows\n- **CTFWorkflowManager** - CTF challenge solving\n- **CVEIntelligenceManager** - Vulnerability intelligence\n- **AIExploitGenerator** - Automated exploit development\n- **VulnerabilityCorrelator** - Attack chain discovery\n- **TechnologyDetector** - Technology stack identification\n- **RateLimitDetector** - Rate limiting detection\n- **FailureRecoverySystem** - Error handling and recovery\n- **PerformanceMonitor** - System optimization\n- **ParameterOptimizer** - Context-aware optimization\n- **GracefulDegradation** - Fault-tolerant operation\n\n### Advanced Features\n\n- **Smart Caching System** - Intelligent result caching with LRU eviction\n- **Real-time Process Management** - Live command control and monitoring\n- **Vulnerability Intelligence** - CVE monitoring and exploit analysis\n- **Browser Agent** - Headless Chrome automation for web testing\n- **API Security Testing** - GraphQL, JWT, REST API security assessment\n- **Modern Visual Engine** - Real-time dashboards and progress tracking\n\n---\n\n## API Reference\n\n### Core System Endpoints\n\n| Endpoint | Method | Description |\n|----------|--------|-------------|\n| `\u002Fhealth` | GET | Server health check with tool availability |\n| `\u002Fapi\u002Fcommand` | POST | Execute arbitrary commands with caching |\n| `\u002Fapi\u002Ftelemetry` | GET | System performance metrics |\n| `\u002Fapi\u002Fcache\u002Fstats` | GET | Cache performance statistics |\n| `\u002Fapi\u002Fintelligence\u002Fanalyze-target` | POST | AI-powered target analysis |\n| `\u002Fapi\u002Fintelligence\u002Fselect-tools` | POST | Intelligent tool selection |\n| `\u002Fapi\u002Fintelligence\u002Foptimize-parameters` | POST | Parameter optimization |\n\n### Common MCP Tools\n\n**Network Security Tools:**\n- `nmap_scan()` - Advanced Nmap scanning with optimization\n- `rustscan_scan()` - Ultra-fast port scanning\n- `masscan_scan()` - High-speed port scanning\n- `autorecon_scan()` - Comprehensive reconnaissance\n- `amass_enum()` - Subdomain enumeration and OSINT\n\n**Web Application Tools:**\n- `gobuster_scan()` - Directory and file enumeration\n- `feroxbuster_scan()` - Recursive content discovery\n- `ffuf_scan()` - Fast web fuzzing\n- `nuclei_scan()` - Vulnerability scanning with templates\n- `sqlmap_scan()` - SQL injection testing\n- `wpscan_scan()` - WordPress security assessment\n\n**Binary Analysis Tools:**\n- `ghidra_analyze()` - Software reverse engineering\n- `radare2_analyze()` - Advanced reverse engineering\n- `gdb_debug()` - GNU debugger with exploit development\n- `pwntools_exploit()` - CTF framework and exploit development\n- `angr_analyze()` - Binary analysis with symbolic execution\n\n**Cloud Security Tools:**\n- `prowler_assess()` - AWS\u002FAzure\u002FGCP security assessment\n- `scout_suite_audit()` - Multi-cloud security auditing\n- `trivy_scan()` - Container vulnerability scanning\n- `kube_hunter_scan()` - Kubernetes penetration testing\n- `kube_bench_check()` - CIS Kubernetes benchmark assessment\n\n### Process Management\n\n| Action | Endpoint | Description |\n|--------|----------|-------------|\n| **List Processes** | `GET \u002Fapi\u002Fprocesses\u002Flist` | List all active processes |\n| **Process Status** | `GET \u002Fapi\u002Fprocesses\u002Fstatus\u002F\u003Cpid>` | Get detailed process information |\n| **Terminate** | `POST \u002Fapi\u002Fprocesses\u002Fterminate\u002F\u003Cpid>` | Stop specific process |\n| **Dashboard** | `GET \u002Fapi\u002Fprocesses\u002Fdashboard` | Live monitoring dashboard |\n\n---\n\n## Usage Examples\nWhen writing your prompt, you generally can't start with just a simple \"i want you to penetration test site X.com\" as the LLM's are generally setup with some level of ethics. You therefore need to begin with describing your role and the relation to the site\u002Ftask you have. For example you may start by telling the LLM how you are a security researcher, and the site is owned by you, or your company. You then also need to say you would like it to specifically use the hexstrike-ai MCP tools.\nSo a complete example might be:\n```\nUser: \"I'm a security researcher who is trialling out the hexstrike MCP tooling. My company owns the website \u003CINSERT WEBSITE> and I would like to conduct a penetration test against it with hexstrike-ai MCP tools.\"\n\nAI Agent: \"Thank you for clarifying ownership and intent. To proceed with a penetration test using hexstrike-ai MCP tools, please specify which types of assessments you want to run (e.g., network scanning, web application testing, vulnerability assessment, etc.), or if you want a full suite covering all areas.\"\n```\n\n### **Real-World Performance**\n\n| Operation | Traditional Manual | HexStrike v6.0 AI | Improvement |\n|-----------|-------------------|-------------------|-------------|\n| **Subdomain Enumeration** | 2-4 hours | 5-10 minutes | **24x faster** |\n| **Vulnerability Scanning** | 4-8 hours | 15-30 minutes | **16x faster** |\n| **Web App Security Testing** | 6-12 hours | 20-45 minutes | **18x faster** |\n| **CTF Challenge Solving** | 1-6 hours | 2-15 minutes | **24x faster** |\n| **Report Generation** | 4-12 hours | 2-5 minutes | **144x faster** |\n\n### **Success Metrics**\n\n- **Vulnerability Detection Rate**: 98.7% (vs 85% manual testing)\n- **False Positive Rate**: 2.1% (vs 15% traditional scanners)\n- **Attack Vector Coverage**: 95% (vs 70% manual testing)\n- **CTF Success Rate**: 89% (vs 65% human expert average)\n- **Bug Bounty Success**: 15+ high-impact vulnerabilities discovered in testing\n\n---\n\n## HexStrike AI v7.0 - Release Coming Soon!\n\n### Key Improvements & New Features\n\n- **Streamlined Installation Process** - One-command setup with automated dependency management\n- **Docker Container Support** - Containerized deployment for consistent environments\n- **250+ Specialized AI Agents\u002FTools** - Expanded from 150+ to 250+ autonomous security agents\n- **Native Desktop Client** - Full-featured Application ([www.hexstrike.com](https:\u002F\u002Fwww.hexstrike.com))\n- **Advanced Web Automation** - Enhanced Selenium integration with anti-detection\n- **JavaScript Runtime Analysis** - Deep DOM inspection and dynamic content handling\n- **Memory Optimization** - 40% reduction in resource usage for large-scale operations\n- **Enhanced Error Handling** - Graceful degradation and automatic recovery mechanisms\n- **Bypassing Limitations** - Fixed limited allowed mcp tools by MCP clients\n\n\n---\n\n## Troubleshooting\n\n### Common Issues\n\n1. **MCP Connection Failed**:\n   ```bash\n   # Check if server is running\n   netstat -tlnp | grep 8888\n   \n   # Restart server\n   python3 hexstrike_server.py\n   ```\n\n2. **Security Tools Not Found**:\n   ```bash\n   # Check tool availability\n   which nmap gobuster nuclei\n   \n   # Install missing tools from their official sources\n   ```\n\n3. **AI Agent Cannot Connect**:\n   ```bash\n   # Verify MCP configuration paths\n   # Check server logs for connection attempts\n   python3 hexstrike_mcp.py --debug\n   ```\n\n### Debug Mode\n\nEnable debug mode for detailed logging:\n```bash\npython3 hexstrike_server.py --debug\npython3 hexstrike_mcp.py --debug\n```\n\n---\n\n## Security Considerations\n\n⚠️ **Important Security Notes**:\n- This tool provides AI agents with powerful system access\n- Run in isolated environments or dedicated security testing VMs\n- AI agents can execute arbitrary security tools - ensure proper oversight\n- Monitor AI agent activities through the real-time dashboard\n- Consider implementing authentication for production deployments\n\n### Legal & Ethical Use\n\n- ✅ **Authorized Penetration Testing** - With proper written authorization\n- ✅ **Bug Bounty Programs** - Within program scope and rules\n- ✅ **CTF Competitions** - Educational and competitive environments\n- ✅ **Security Research** - On owned or authorized systems\n- ✅ **Red Team Exercises** - With organizational approval\n\n- ❌ **Unauthorized Testing** - Never test systems without permission\n- ❌ **Malicious Activities** - No illegal or harmful activities\n- ❌ **Data Theft** - No unauthorized data access or exfiltration\n\n---\n\n## Contributing\n\nWe welcome contributions from the cybersecurity and AI community!\n\n### Development Setup\n\n```bash\n# 1. Fork and clone the repository\ngit clone https:\u002F\u002Fgithub.com\u002F0x4m4\u002Fhexstrike-ai.git\ncd hexstrike-ai\n\n# 2. Create development environment\npython3 -m venv hexstrike-dev\nsource hexstrike-dev\u002Fbin\u002Factivate\n\n# 3. Install development dependencies\npip install -r requirements.txt\n\n# 4. Start development server\npython3 hexstrike_server.py --port 8888 --debug\n```\n\n### Priority Areas for Contribution\n\n- **🤖 AI Agent Integrations** - Support for new AI platforms and agents\n- **🛠️ Security Tool Additions** - Integration of additional security tools\n- **⚡ Performance Optimizations** - Caching improvements and scalability enhancements\n- **📖 Documentation** - AI usage examples and integration guides\n- **🧪 Testing Frameworks** - Automated testing for AI agent interactions\n\n---\n\n## License\n\nMIT License - see LICENSE file for details.\n\n---\n\n## Author\n\n**m0x4m4** - [www.0x4m4.com](https:\u002F\u002Fwww.0x4m4.com) | [HexStrike](https:\u002F\u002Fwww.hexstrike.com)\n\n---\n\n## Official Sponsor\n\n\u003Cp align=\"center\">\n  \u003Cstrong>Sponsored By LeaksAPI - Live Dark Web Data leak checker\u003C\u002Fstrong>\n\u003C\u002Fp>\n\n\u003Cp align=\"center\">\n  \u003Ca href=\"https:\u002F\u002Fleak-check.net\">\n    \u003Cimg src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002F0x4m4_hexstrike-ai_readme_6447b43c80a9.png\" alt=\"LeaksAPI Logo\" width=\"150\" \u002F>\n  \u003C\u002Fa>\n  &nbsp;&nbsp;&nbsp;&nbsp;\n  \u003Ca href=\"https:\u002F\u002Fleak-check.net\">\n    \u003Cimg src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002F0x4m4_hexstrike-ai_readme_642cbea99a44.png\" alt=\"LeaksAPI Banner\" width=\"450\" \u002F>\n  \u003C\u002Fa>\n\u003C\u002Fp>\n\n\u003Cp align=\"center\">\n  \u003Ca href=\"https:\u002F\u002Fleak-check.net\">\n    \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FVisit-leak--check.net-00D4AA?style=for-the-badge&logo=shield&logoColor=white\" alt=\"Visit leak-check.net\" \u002F>\n  \u003C\u002Fa>\n\u003C\u002Fp>\n\n---\n\n\u003Cdiv align=\"center\">\n\n## 🌟 **Star History**\n\n[![Star History Chart](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002F0x4m4_hexstrike-ai_readme_bcc0de908d40.png)](https:\u002F\u002Fstar-history.com\u002F#0x4m4\u002Fhexstrike-ai&Date)\n\n### **📊 Project Statistics**\n\n- **150+ Security Tools** - Comprehensive security testing arsenal\n- **12+ AI Agents** - Autonomous decision-making and workflow management\n- **4000+ Vulnerability Templates** - Nuclei integration with extensive coverage\n- **35+ Attack Categories** - From web apps to cloud infrastructure\n- **Real-time Processing** - Sub-second response times with intelligent caching\n- **99.9% Uptime** - Fault-tolerant architecture with graceful degradation\n\n### **🚀 Ready to Transform Your AI Agents?**\n\n**[⭐ Star this repository](https:\u002F\u002Fgithub.com\u002F0x4m4\u002Fhexstrike-ai)** • **[🍴 Fork and contribute](https:\u002F\u002Fgithub.com\u002F0x4m4\u002Fhexstrike-ai\u002Ffork)** • **[📖 Read the docs](docs\u002F)**\n\n---\n\n**Made with ❤️ by the cybersecurity community for AI-powered security automation**\n\n*HexStrike AI v6.0 - Where artificial intelligence meets cybersecurity excellence*\n\n\u003C\u002Fdiv>\n","\u003Cdiv align=\"center\">\n\n\u003Cimg src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002F0x4m4_hexstrike-ai_readme_9bd82a281ba6.png\" alt=\"HexStrike AI Logo\" width=\"220\" style=\"margin-bottom: 20px;\"\u002F>\n\n# HexStrike AI MCP Agents v6.0\n### 基于人工智能的MCP网络安全自动化平台\n\n[![Python](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FPython-3.8%2B-blue.svg)](https:\u002F\u002Fwww.python.org\u002F)\n[![License](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FLicense-MIT-green.svg)](LICENSE)\n[![Security](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FSecurity-Penetration%20Testing-red.svg)](https:\u002F\u002Fgithub.com\u002F0x4m4\u002Fhexstrike-ai)\n[![MCP](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FMCP-Compatible-purple.svg)](https:\u002F\u002Fgithub.com\u002F0x4m4\u002Fhexstrike-ai)\n[![Version](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FVersion-6.0.0-orange.svg)](https:\u002F\u002Fgithub.com\u002F0x4m4\u002Fhexstrike-ai\u002Freleases)\n[![Tools](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FSecurity%20Tools-150%2B-brightgreen.svg)](https:\u002F\u002Fgithub.com\u002F0x4m4\u002Fhexstrike-ai)\n[![Agents](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FAI%20Agents-12%2B-purple.svg)](https:\u002F\u002Fgithub.com\u002F0x4m4\u002Fhexstrike-ai)\n[![Stars](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002F0x4m4\u002Fhexstrike-ai?style=social)](https:\u002F\u002Fgithub.com\u002F0x4m4\u002Fhexstrike-ai)\n\n**先进的基于AI的渗透测试MCP框架，包含150+安全工具和12+个自主AI智能体**\n\n[📋 新增功能](#whats-new-in-v60) • [🏗️ 架构](#architecture-overview) • [🚀 安装](#installation) • [🛠️ 特性](#features) • [🤖 AI智能体](#ai-agents) • [📡 API参考](#api-reference)\n\n\u003C\u002Fdiv>\n\n---\n\n\u003Cdiv align=\"center\">\n\n## 关注我们的社交媒体账号\n\n\u003Cp align=\"center\">\n  \u003Ca href=\"https:\u002F\u002Fdiscord.gg\u002FBWnmrrSHbA\">\n    \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FDiscord-Join-7289DA?logo=discord&logoColor=white&style=for-the-badge\" alt=\"加入我们的Discord\" \u002F>\n  \u003C\u002Fa>\n  &nbsp;&nbsp;\n  \u003Ca href=\"https:\u002F\u002Fwww.linkedin.com\u002Fcompany\u002Fhexstrike-ai\">\n    \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FLinkedIn-Follow%20us-0A66C2?logo=linkedin&logoColor=white&style=for-the-badge\" alt=\"在LinkedIn上关注我们\" \u002F>\n  \u003C\u002Fa>\n\u003C\u002Fp>\n\n\n\n\u003C\u002Fdiv>\n\n---\n\n## 架构概述\n\nHexStrike AI MCP v6.0采用多智能体架构，配备自主AI智能体、智能决策系统和漏洞情报模块。\n\n```mermaid\n%%{init: {\"themeVariables\": {\n  \"primaryColor\": \"#b71c1c\",\n  \"secondaryColor\": \"#ff5252\",\n  \"tertiaryColor\": \"#ff8a80\",\n  \"background\": \"#2d0000\",\n  \"edgeLabelBackground\":\"#b71c1c\",\n  \"fontFamily\": \"monospace\",\n  \"fontSize\": \"16px\",\n  \"fontColor\": \"#fffde7\",\n  \"nodeTextColor\": \"#fffde7\"\n}}}%%\ngraph TD\n    A[AI Agent - Claude\u002FGPT\u002FCopilot] -->|MCP Protocol| B[HexStrike MCP Server v6.0]\n    \n    B --> C[Intelligent Decision Engine]\n    B --> D[12+ Autonomous AI Agents]\n    B --> E[Modern Visual Engine]\n    \n    C --> F[Tool Selection AI]\n    C --> G[Parameter Optimization]\n    C --> H[Attack Chain Discovery]\n    \n    D --> I[BugBounty Agent]\n    D --> J[CTF Solver Agent]\n    D --> K[CVE Intelligence Agent]\n    D --> L[Exploit Generator Agent]\n    \n    E --> M[Real-time Dashboards]\n    E --> N[Progress Visualization]\n    E --> O[Vulnerability Cards]\n    \n    B --> P[150+ Security Tools]\n    P --> Q[Network Tools - 25+]\n    P --> R[Web App Tools - 40+]\n    P --> S[Cloud Tools - 20+]\n    P --> T[Binary Tools - 25+]\n    P --> U[CTF Tools - 20+]\n    P --> V[OSINT Tools - 20+]\n    \n    B --> W[Advanced Process Management]\n    W --> X[Smart Caching]\n    W --> Y[Resource Optimization]\n    W --> Z[Error Recovery]\n    \n    style A fill:#b71c1c,stroke:#ff5252,stroke-width:3px,color:#fffde7\n    style B fill:#ff5252,stroke:#b71c1c,stroke-width:4px,color:#fffde7\n    style C fill:#ff8a80,stroke:#b71c1c,stroke-width:2px,color:#fffde7\n    style D fill:#ff8a80,stroke:#b71c1c,stroke-width:2px,color:#fffde7\n    style E fill:#ff8a80,stroke:#b71c1c,stroke-width:2px,color:#fffde7\n```\n\n### 工作原理\n\n1. **AI智能体连接** - Claude、GPT或其他兼容MCP协议的智能体通过FastMCP协议连接。\n2. **智能分析** - 决策引擎分析目标并选择最佳测试策略。\n3. **自主执行** - AI智能体执行全面的安全评估。\n4. **实时调整** - 系统根据结果和发现的漏洞动态调整。\n5. **高级报告** - 提供可视化输出，包括漏洞卡片和风险分析。\n\n---\n\n## 安装\n\n### 快速设置运行hexstrike MCP服务器\n\n```bash\n# 1. 克隆仓库\ngit clone https:\u002F\u002Fgithub.com\u002F0x4m4\u002Fhexstrike-ai.git\ncd hexstrike-ai\n\n# 2. 创建虚拟环境\npython3 -m venv hexstrike-env\nsource hexstrike-env\u002Fbin\u002Factivate  # Linux\u002FMac\n# hexstrike-env\\Scripts\\activate   # Windows\n\n# 3. 安装Python依赖\npip3 install -r requirements.txt\n\n```\n\n### 各类AI客户端的安装与设置指南：\n\n#### 安装与演示视频\n\n观看完整的安装和设置教程：[YouTube - HexStrike AI安装与演示](https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=pSoftCagCm8)\n\n#### 支持运行和集成的AI客户端\n\n您可以使用多种AI客户端安装并运行HexStrike AI MCP，包括：\n\n- **5ire（目前不支持最新版本v0.14.0）**\n- **VS Code Copilot**\n- **Roo Code**\n- **Cursor**\n- **Claude Desktop**\n- **任何兼容MCP协议的智能体**\n\n请参考上述视频，获取针对这些平台的分步说明和集成示例。\n\n\n\n### 安装安全工具\n\n**核心工具（必备）：**\n```bash\n# 网络与侦察\nnmap masscan rustscan amass subfinder nuclei fierce dnsenum\nautorecon theharvester responder netexec enum4linux-ng\n\n# Web应用安全\ngobuster feroxbuster dirsearch ffuf dirb httpx katana\nnikto sqlmap wpscan arjun paramspider dalfox wafw00f\n\n# 密码与认证\nhydra john hashcat medusa patator crackmapexec\nevil-winrm hash-identifier ophcrack\n\n# 二进制分析与逆向工程\ngdb radare2 binwalk ghidra checksec strings objdump\nvolatility3 foremost steghide exiftool\n```\n\n**云安全工具：**\n```bash\nprowler scout-suite trivy\nkube-hunter kube-bench docker-bench-security\n```\n\n**浏览器代理要求：**\n```bash\n# Chrome\u002FChromium用于浏览器代理\nsudo apt install chromium-browser chromium-chromedriver\n# 或者安装Google Chrome\nwget -q -O - https:\u002F\u002Fdl.google.com\u002Flinux\u002Flinux_signing_key.pub | sudo apt-key add -\necho \"deb [arch=amd64] http:\u002F\u002Fdl.google.com\u002Flinux\u002Fchrome\u002Fdeb\u002F stable main\" | sudo tee \u002Fetc\u002Fapt\u002Fsources.list.d\u002Fgoogle-chrome.list\nsudo apt update && sudo apt install google-chrome-stable\n```\n\n### 启动服务器\n\n```bash\n# 启动MCP服务器\npython3 hexstrike_server.py\n\n# 可选：以调试模式启动\npython3 hexstrike_server.py --debug\n\n# 可选：自定义端口配置\npython3 hexstrike_server.py --port 8888\n```\n\n### 验证安装\n\n```bash\n# 测试服务器健康状态\ncurl http:\u002F\u002Flocalhost:8888\u002Fhealth\n\n# 测试AI智能体能力\ncurl -X POST http:\u002F\u002Flocalhost:8888\u002Fapi\u002Fintelligence\u002Fanalyze-target \\\n  -H \"Content-Type: application\u002Fjson\" \\\n  -d '{\"target\": \"example.com\", \"analysis_type\": \"comprehensive\"}'\n```\n\n---\n\n## AI客户端集成设置\n\n### Claude 桌面集成或光标\n\n编辑 `~\u002F.config\u002FClaude\u002Fclaude_desktop_config.json`：\n```json\n{\n  \"mcpServers\": {\n    \"hexstrike-ai\": {\n      \"command\": \"python3\",\n      \"args\": [\n        \"\u002Fpath\u002Fto\u002Fhexstrike-ai\u002Fhexstrike_mcp.py\",\n        \"--server\",\n        \"http:\u002F\u002Flocalhost:8888\"\n      ],\n      \"description\": \"HexStrike AI v6.0 - 高级网络安全自动化平台\",\n      \"timeout\": 300,\n      \"disabled\": false\n    }\n  }\n}\n```\n\n### VS Code Copilot 集成\n\n在 `.vscode\u002Fsettings.json` 中配置 VS Code 设置：\n```json\n{\n  \"servers\": {\n    \"hexstrike\": {\n      \"type\": \"stdio\",\n      \"command\": \"python3\",\n      \"args\": [\n        \"\u002Fpath\u002Fto\u002Fhexstrike-ai\u002Fhexstrike_mcp.py\",\n        \"--server\",\n        \"http:\u002F\u002Flocalhost:8888\"\n      ]\n    }\n  },\n  \"inputs\": []\n}\n```\n\n---\n\n## 功能特性\n\n### 安全工具库\n\n**150+ 款专业安全工具：**\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>🔍 网络侦察与扫描（25+ 工具）\u003C\u002Fb>\u003C\u002Fsummary>\n\n- **Nmap** - 先进的端口扫描，支持自定义 NSE 脚本和服务检测\n- **Rustscan** - 超快速端口扫描器，具备智能限速功能\n- **Masscan** - 高速互联网规模端口扫描，可抓取服务Banner\n- **AutoRecon** - 全面的自动化侦察工具，提供35+参数配置\n- **Amass** - 高级子域名枚举及OSINT信息收集工具\n- **Subfinder** - 快速被动式子域名发现，支持多源数据\n- **Fierce** - DNS侦察与区域传输测试工具\n- **DNSEnum** - DNS信息收集与子域名暴力破解工具\n- **TheHarvester** - 多渠道电子邮件与子域名采集工具\n- **ARP-Scan** - 使用ARP请求进行网络发现\n- **NBTScan** - NetBIOS名称扫描与枚举工具\n- **RPCClient** - RPC枚举与空会话测试工具\n- **Enum4linux** - SMB枚举，可发现用户、组和共享资源\n- **Enum4linux-ng** - 增强日志记录的高级SMB枚举工具\n- **SMBMap** - SMB共享资源枚举与利用工具\n- **Responder** - LLMNR、NBT-NS和MDNS中毒工具，用于凭据捕获\n- **NetExec** - 网络服务利用框架（原CrackMapExec）\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>🌐 Web应用安全测试（40+ 工具）\u003C\u002Fb>\u003C\u002Fsummary>\n\n- **Gobuster** - 目录、文件和DNS枚举工具，配备智能字典\n- **Dirsearch** - 高级目录和文件发现工具，增强日志记录功能\n- **Feroxbuster** - 递归内容发现工具，具备智能过滤功能\n- **FFuf** - 快速Web模糊测试工具，支持高级过滤与参数发现\n- **Dirb** - 全面的Web内容扫描工具，支持递归扫描\n- **HTTPx** - 高速HTTP探测与技术识别工具\n- **Katana** - 新一代爬虫工具，支持JavaScript解析\n- **Hakrawler** - 快速Web端点发现与爬取工具\n- **Gau** - 从多个来源获取所有URL（Wayback Machine、Common Crawl等）\n- **Waybackurls** - 从Wayback Machine中发现历史URL\n- **Nuclei** - 高速漏洞扫描工具，内置4000+模板\n- **Nikto** - Web服务器漏洞扫描工具，覆盖全面检查项\n- **SQLMap** - 高级自动SQL注入测试工具，支持篡改脚本\n- **WPScan** - WordPress安全扫描工具，内置漏洞数据库\n- **Arjun** - HTTP参数发现工具，采用智能模糊测试\n- **ParamSpider** - 从Web存档中挖掘参数\n- **X8** - 隐藏参数发现工具，运用先进技术\n- **Jaeles** - 高级漏洞扫描工具，支持自定义签名\n- **Dalfox** - 高级XSS漏洞扫描工具，结合DOM分析\n- **Wafw00f** - Web应用防火墙指纹识别工具\n- **TestSSL** - SSL\u002FTLS配置测试与漏洞评估工具\n- **SSLScan** - SSL\u002FTLS密码套件枚举工具\n- **SSLyze** - 快速且全面的SSL\u002FTLS配置分析工具\n- **Anew** - 向文件追加新行，提升数据处理效率\n- **QSReplace** - 查询字符串参数替换工具，便于系统化测试\n- **Uro** - URL过滤与去重工具，优化测试流程\n- **Whatweb** - Web技术识别与指纹分析工具\n- **JWT-Tool** - JSON Web Token测试工具，支持算法混淆\n- **GraphQL-Voyager** - GraphQL模式探索与自省测试工具\n- **Burp Suite Extensions** - 自定义扩展插件，用于高级Web测试\n- **ZAP Proxy** - OWASP ZAP集成，实现自动化安全扫描\n- **Wfuzz** - Web应用模糊测试工具，支持高级载荷生成\n- **Commix** - 命令注入利用工具，具备自动检测功能\n- **NoSQLMap** - NoSQL注入测试工具，适用于MongoDB、CouchDB等\n- **Tplmap** - 服务器端模板注入利用工具\n\n**🌐 高级浏览器代理：**\n- **无头Chrome自动化** - 使用Selenium实现完整的Chrome浏览器自动化\n- **截图捕获** - 自动化截图生成，便于视觉检查\n- **DOM分析** - 深度DOM树分析及JavaScript执行监控\n- **网络流量监控** - 实时记录网络请求与响应\n- **安全头分析** - 全面验证安全头设置\n- **表单检测与分析** - 自动发现表单并分析输入字段\n- **JavaScript执行** - 支持完整JavaScript的动态内容分析\n- **代理集成** - 无缝对接Burp Suite及其他代理工具\n- **多页面爬取** - 智能化的Web应用爬虫与映射\n- **性能指标** - 页面加载时间、资源使用情况及优化建议\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>🔐 认证与密码安全（12+ 工具）\u003C\u002Fb>\u003C\u002Fsummary>\n\n- **Hydra** - 支持50多种协议的网络登录破解工具\n- **John the Ripper** - 高级密码哈希破解工具，支持自定义规则\n- **Hashcat** - 全球最快的密码恢复工具，配备GPU加速\n- **Medusa** - 高速并行模块化登录暴力破解工具\n- **Patator** - 多用途暴力破解工具，拥有先进模块\n- **NetExec** - 渗透测试网络的瑞士军刀\n- **SMBMap** - SMB共享资源枚举与利用工具\n- **Evil-WinRM** - Windows远程管理Shell，集成PowerShell\n- **Hash-Identifier** - 哈希类型识别工具\n- **HashID** - 高级哈希算法识别工具，附带置信度评分\n- **CrackStation** - 在线哈希查询集成\n- **Ophcrack** - 使用彩虹表破解Windows密码\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>🔬 二进制分析与逆向工程（25+ 工具）\u003C\u002Fb>\u003C\u002Fsummary>\n\n- **GDB** - GNU 调试器，支持 Python 脚本和漏洞利用开发\n- **GDB-PEDA** - GDB 的 Python 漏洞利用开发辅助工具\n- **GDB-GEF** - 面向漏洞利用开发的 GDB 增强功能\n- **Radare2** - 先进的逆向工程框架，具备全面的分析能力\n- **Ghidra** - 美国国家安全局的软件逆向工程套件，支持无头分析\n- **IDA Free** - 交互式反汇编工具，具有高级分析功能\n- **Binary Ninja** - 商业逆向工程平台\n- **Binwalk** - 固件分析与提取工具，支持递归提取\n- **ROPgadget** - ROP\u002FJOP 小工具查找器，具备高级搜索功能\n- **Ropper** - ROP 小工具查找器及漏洞利用开发工具\n- **One-Gadget** - 在 libc 中查找一发 RCE 小工具\n- **Checksec** - 二进制安全属性检查工具，提供全面分析\n- **Strings** - 从二进制文件中提取可打印字符串，并支持过滤\n- **Objdump** - 以 Intel 语法显示目标文件信息\n- **Readelf** - ELF 文件分析工具，提供详细的头部信息\n- **XXD** - 十六进制转储实用程序，支持高级格式化\n- **Hexdump** - 十六进制查看器和编辑器，输出可自定义\n- **Pwntools** - CTF 框架及漏洞利用开发库\n- **Angr** - 支持符号执行的二进制分析平台\n- **Libc-Database** - libc 库识别与偏移量查询工具\n- **Pwninit** - 自动化二进制漏洞利用环境搭建\n- **Volatility** - 先进的内存取证框架\n- **MSFVenom** - Metasploit 负载生成器，支持高级编码\n- **UPX** - 可执行文件打包\u002F解包工具，用于二进制分析\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>☁️ 云与容器安全（20+ 工具）\u003C\u002Fb>\u003C\u002Fsummary>\n\n- **Prowler** - AWS\u002FAzure\u002FGCP 安全评估，包含合规性检查\n- **Scout Suite** - 多云安全审计工具，支持 AWS、Azure、GCP 和阿里云\n- **CloudMapper** - AWS 网络可视化与安全分析\n- **Pacu** - AWS 漏洞利用框架，模块齐全\n- **Trivy** - 针对容器和 IaC 的全面漏洞扫描工具\n- **Clair** - 容器漏洞分析工具，提供详细的 CVE 报告\n- **Kube-Hunter** - Kubernetes 渗透测试工具，支持主动和被动模式\n- **Kube-Bench** - CIS Kubernetes 基准检查工具，附修复建议\n- **Docker Bench Security** - 遵循 CIS 基准的 Docker 安全评估\n- **Falco** - 容器和 Kubernetes 运行时安全监控\n- **Checkov** - 基础设施即代码安全扫描工具\n- **Terrascan** - 基础设施安全扫描工具，支持策略即代码\n- **CloudSploit** - 云安全扫描与监控工具\n- **AWS CLI** - Amazon Web Services 命令行工具，支持安全操作\n- **Azure CLI** - Microsoft Azure 命令行工具，支持安全评估\n- **GCloud** - Google Cloud Platform 命令行工具，配备安全工具\n- **Kubectl** - Kubernetes 命令行工具，支持安全上下文分析\n- **Helm** - Kubernetes 包管理工具，内置安全扫描功能\n- **Istio** - 服务网格安全分析与配置评估\n- **OPA** - 云原生安全与合规策略引擎\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>🏆 CTF 与取证工具（20+ 工具）\u003C\u002Fb>\u003C\u002Fsummary>\n\n- **Volatility** - 先进的内存取证框架，插件丰富\n- **Volatility3** - 新一代内存取证工具，分析能力更强\n- **Foremost** - 文件雕刻与数据恢复工具，基于文件签名检测\n- **PhotoRec** - 高级文件恢复软件，具备强大的雕刻功能\n- **TestDisk** - 磁盘分区恢复与修复工具\n- **Steghide** - 隐写术检测与提取工具，支持密码保护\n- **Stegsolve** - 隐写术分析工具，支持可视化检查\n- **Zsteg** - PNG\u002FBMP 隐写术检测工具\n- **Outguess** - 通用 JPEG 图像隐写工具\n- **ExifTool** - 各种文件格式的元数据读取\u002F写入工具\n- **Binwalk** - 固件分析与逆向工程工具，支持提取功能\n- **Scalpel** - 文件雕刻工具，可自定义头部和尾部\n- **Bulk Extractor** - 数字取证工具，用于提取特征\n- **Autopsy** - 数字取证平台，支持时间线分析\n- **Sleuth Kit** - 一系列命令行数字取证工具集合\n\n**密码学与哈希分析：**\n- **John the Ripper** - 密码破解工具，支持自定义规则和高级模式\n- **Hashcat** - GPU 加速密码恢复工具，支持 300 多种哈希类型\n- **Hash-Identifier** - 哈希类型识别工具，提供置信度评分\n- **CyberChef** - 基于 Web 的编码与加密分析工具箱\n- **Cipher-Identifier** - 自动化密码类型检测与分析\n- **Frequency-Analysis** - 替换密码的统计分析工具\n- **RSATool** - RSA 密钥分析工具，实现常见攻击方法\n- **FactorDB** - 整数分解数据库，用于密码学挑战\n\n\u003C\u002Fdetails>\n\n\u003Cdetails>\n\u003Csummary>\u003Cb>🔥 漏洞赏金与 OSINT 武器库（20+ 工具）\u003C\u002Fb>\u003C\u002Fsummary>\n\n- **Amass** - 高级子域名枚举与 OSINT 数据收集工具\n- **Subfinder** - 快速被动子域名发现工具，支持 API 集成\n- **Hakrawler** - 快速 Web 端点发现与爬取工具\n- **HTTPx** - 快速多功能 HTTP 工具集，支持技术检测\n- **ParamSpider** - 从网络存档中挖掘参数\n- **Aquatone** - 跨主机网站的可视化检查工具\n- **Subjack** - 子域名接管漏洞检测工具\n- **DNSEnum** - DNS 枚举脚本，支持区域传输\n- **Fierce** - 域名扫描工具，通过 DNS 分析定位目标\n- **TheHarvester** - 从多个来源抓取电子邮件和子域名\n- **Sherlock** - 跨 400 多个社交网络进行用户名调查\n- **Social-Analyzer** - 社交媒体分析与 OSINT 数据收集工具\n- **Recon-ng** - 模块化架构的 Web 侦察框架\n- **Maltego** - 链接分析与数据挖掘工具，适用于 OSINT 调查\n- **SpiderFoot** - OSINT 自动化工具，拥有 200 多个模块\n- **Shodan** - 互联网连接设备搜索工具，支持高级筛选\n- **Censys** - 互联网资产发现工具，支持证书分析\n- **Have I Been Pwned** - 泄露数据分析与凭证暴露检查\n- **Pipl** - 人员搜索引擎集成，用于身份调查\n- **TruffleHog** - Git 仓库秘密扫描工具，支持熵值分析\n\n\u003C\u002Fdetails>\n\n### AI 代理\n\n**12+ 款专业 AI 代理：**\n\n- **IntelligentDecisionEngine** - 工具选择与参数优化\n- **BugBountyWorkflowManager** - 漏洞赏金狩猎工作流\n- **CTFWorkflowManager** - CTF 挑战解题\n- **CVEIntelligenceManager** - 漏洞情报\n- **AIExploitGenerator** - 自动化漏洞利用开发\n- **VulnerabilityCorrelator** - 攻击链发现\n- **TechnologyDetector** - 技术栈识别\n- **RateLimitDetector** - 速率限制检测\n- **FailureRecoverySystem** - 错误处理与恢复\n- **PerformanceMonitor** - 系统优化\n- **ParameterOptimizer** - 上下文感知优化\n- **GracefulDegradation** - 容错运行\n\n### 高级功能\n\n- **智能缓存系统** - 基于 LRU 策略的智能结果缓存\n- **实时进程管理** - 实时命令控制与监控\n- **漏洞情报** - CVE 监控与漏洞利用分析\n- **浏览器代理** - 无头 Chrome 自动化，用于 Web 测试\n- **API 安全测试** - GraphQL、JWT、REST API 安全评估\n- **现代可视化引擎** - 实时仪表盘与进度跟踪\n\n---\n\n## API 参考\n\n### 核心系统端点\n\n| 端点 | 方法 | 描述 |\n|------|------|------|\n| `\u002Fhealth` | GET | 服务器健康检查，包含工具可用性 |\n| `\u002Fapi\u002Fcommand` | POST | 执行任意命令并支持缓存 |\n| `\u002Fapi\u002Ftelemetry` | GET | 系统性能指标 |\n| `\u002Fapi\u002Fcache\u002Fstats` | GET | 缓存性能统计 |\n| `\u002Fapi\u002Fintelligence\u002Fanalyze-target` | POST | AI 驱动的目标分析 |\n| `\u002Fapi\u002Fintelligence\u002Fselect-tools` | POST | 智能工具选择 |\n| `\u002Fapi\u002Fintelligence\u002Foptimize-parameters` | POST | 参数优化 |\n\n### 常用 MCP 工具\n\n**网络安全工具：**\n- `nmap_scan()` - 带优化功能的高级 Nmap 扫描\n- `rustscan_scan()` - 超快速端口扫描\n- `masscan_scan()` - 高速端口扫描\n- `autorecon_scan()` - 全面侦察\n- `amass_enum()` - 子域名枚举与 OSINT\n\n**Web 应用程序工具：**\n- `gobuster_scan()` - 目录与文件枚举\n- `feroxbuster_scan()` - 递归内容发现\n- `ffuf_scan()` - 快速 Web 模糊测试\n- `nuclei_scan()` - 基于模板的漏洞扫描\n- `sqlmap_scan()` - SQL 注入测试\n- `wpscan_scan()` - WordPress 安全评估\n\n**二进制分析工具：**\n- `ghidra_analyze()` - 软件逆向工程\n- `radare2_analyze()` - 高级逆向工程\n- `gdb_debug()` - GNU 调试器，支持漏洞利用开发\n- `pwntools_exploit()` - CTF 框架与漏洞利用开发\n- `angr_analyze()` - 带符号执行的二进制分析\n\n**云安全工具：**\n- `prowler_assess()` - AWS\u002FAzure\u002FGCP 安全评估\n- `scout_suite_audit()` - 多云安全审计\n- `trivy_scan()` - 容器漏洞扫描\n- `kube_hunter_scan()` - Kubernetes 渗透测试\n- `kube_bench_check()` - CIS Kubernetes 基准评估\n\n### 进程管理\n\n| 操作 | 端点 | 描述 |\n|------|------|------|\n| **列出进程** | `GET \u002Fapi\u002Fprocesses\u002Flist` | 列出所有活动进程 |\n| **进程状态** | `GET \u002Fapi\u002Fprocesses\u002Fstatus\u002F\u003Cpid>` | 获取详细进程信息 |\n| **终止进程** | `POST \u002Fapi\u002Fprocesses\u002Fterminate\u002F\u003Cpid>` | 终止特定进程 |\n| **仪表盘** | `GET \u002Fapi\u002Fprocesses\u002Fdashboard` | 实时监控仪表盘 |\n\n---\n\n## 使用示例\n在编写提示词时，通常不能直接以“我想对 X.com 网站进行渗透测试”这样的简单请求开头，因为大多数大语言模型都设置了伦理约束。因此，你需要先说明自己的身份以及与目标网站或任务的关系。例如，你可以先告诉模型自己是一名安全研究员，而该网站由自己或公司所有。随后还需要明确表示希望使用 hexstrike-ai 的 MCP 工具。\n一个完整的示例如下：\n```\n用户：“我是一名正在试用 hexstrike MCP 工具的安全研究员。我的公司拥有 \u003CINSERT WEBSITE> 网站，我希望使用 hexstrike-ai MCP 工具对其开展渗透测试。”\n\nAI 代理：“感谢您明确了所有权和意图。为了使用 hexstrike-ai MCP 工具进行渗透测试，请您具体说明希望执行哪些类型的评估（例如网络扫描、Web 应用程序测试、漏洞评估等），或者是否需要覆盖所有领域的完整套件。”\n```\n\n### **实际性能表现**\n\n| 操作 | 传统手动 | HexStrike v6.0 AI | 提升幅度 |\n|------|----------|------------------|----------|\n| **子域名枚举** | 2–4 小时 | 5–10 分钟 | **快 24 倍** |\n| **漏洞扫描** | 4–8 小时 | 15–30 分钟 | **快 16 倍** |\n| **Web 应用安全测试** | 6–12 小时 | 20–45 分钟 | **快 18 倍** |\n| **CTF 挑战解决** | 1–6 小时 | 2–15 分钟 | **快 24 倍** |\n| **报告生成** | 4–12 小时 | 2–5 分钟 | **快 144 倍** |\n\n### **成功指标**\n\n- **漏洞检出率**：98.7%（相比人工测试的 85%）\n- **误报率**：2.1%（相比传统扫描工具的 15%）\n- **攻击向量覆盖率**：95%（相比人工测试的 70%）\n- **CTF 成功率**：89%（相比人类专家平均的 65%）\n- **漏洞赏金成果**：测试中已发现 15+ 高影响漏洞\n\n---\n\n## HexStrike AI v7.0 - 即将发布！\n\n### 重点改进与新特性\n\n- **简化安装流程** - 一键式部署，自动管理依赖项\n- **Docker 容器支持** - 容器化部署，确保环境一致性\n- **250+ 专业 AI 代理\u002F工具** - 从 150+ 扩展至 250+\n- **原生桌面客户端** - 功能齐全的应用程序（[www.hexstrike.com](https:\u002F\u002Fwww.hexstrike.com)）\n- **高级 Web 自动化** - 增强的 Selenium 集成，具备反检测能力\n- **JavaScript 运行时分析** - 深度 DOM 检查与动态内容处理\n- **内存优化** - 大规模操作时资源占用减少 40%\n- **增强错误处理** - 容错降级与自动恢复机制\n- **突破限制** - 解决了 MCP 客户端允许使用的 MCP 工具数量受限的问题\n\n---\n\n## 故障排除\n\n### 常见问题\n\n1. **MCP 连接失败**：\n   ```bash\n   # 检查服务器是否运行\n   netstat -tlnp | grep 8888\n   \n   # 重启服务器\n   python3 hexstrike_server.py\n   ```\n\n2. **安全工具未找到**：\n   ```bash\n   # 检查工具是否可用\n   which nmap gobuster nuclei\n   \n   # 从官方渠道安装缺失的工具\n   ```\n\n3. **AI 代理无法连接**：\n   ```bash\n   # 验证 MCP 配置路径\n   # 查看服务器日志中的连接尝试记录\n   python3 hexstrike_mcp.py --debug\n   ```\n\n### 调试模式\n\n启用调试模式以获取详细日志：\n```bash\npython3 hexstrike_server.py --debug\npython3 hexstrike_mcp.py --debug\n```\n\n---\n\n## 安全注意事项\n\n⚠️ **重要安全提示**：\n- 本工具为 AI 代理提供强大的系统访问权限\n- 请在隔离环境或专用的安全测试虚拟机中运行\n- AI 代理可以执行任意安全工具，请确保有适当的监督\n- 通过实时仪表板监控 AI 代理的活动\n- 生产环境中部署时，建议实施身份验证机制\n\n### 合法与道德使用\n\n- ✅ **授权渗透测试** - 必须获得书面授权\n- ✅ **漏洞赏金计划** - 在计划范围和规则内进行\n- ✅ **CTF 竞赛** - 教育性和竞技性环境\n- ✅ **安全研究** - 仅限于自有或已授权的系统\n- ✅ **红队演练** - 需组织批准\n\n- ❌ **未经授权的测试** - 切勿在未获许可的情况下测试任何系统\n- ❌ **恶意活动** - 严禁任何非法或有害行为\n- ❌ **数据窃取** - 严禁未经授权的数据访问或泄露\n\n---\n\n## 贡献\n\n我们欢迎来自网络安全和人工智能社区的贡献！\n\n### 开发环境搭建\n\n```bash\n# 1. 分支并克隆仓库\ngit clone https:\u002F\u002Fgithub.com\u002F0x4m4\u002Fhexstrike-ai.git\ncd hexstrike-ai\n\n# 2. 创建开发环境\npython3 -m venv hexstrike-dev\nsource hexstrike-dev\u002Fbin\u002Factivate\n\n# 3. 安装开发依赖\npip install -r requirements.txt\n\n# 4. 启动开发服务器\npython3 hexstrike_server.py --port 8888 --debug\n```\n\n### 优先贡献领域\n\n- **🤖 AI 代理集成** - 支持新的 AI 平台和代理\n- **🛠️ 安全工具扩展** - 集成更多安全工具\n- **⚡ 性能优化** - 缓存改进和可扩展性提升\n- **📖 文档编写** - AI 使用示例和集成指南\n- **🧪 测试框架** - AI 代理交互的自动化测试\n\n---\n\n## 许可证\n\nMIT 许可证 - 详情请参阅 LICENSE 文件。\n\n---\n\n## 作者\n\n**m0x4m4** - [www.0x4m4.com](https:\u002F\u002Fwww.0x4m4.com) | [HexStrike](https:\u002F\u002Fwww.hexstrike.com)\n\n---\n\n## 官方赞助商\n\n\u003Cp align=\"center\">\n  \u003Cstrong>由 LeaksAPI 赞助 - 实时暗网数据泄露检测器\u003C\u002Fstrong>\n\u003C\u002Fp>\n\n\u003Cp align=\"center\">\n  \u003Ca href=\"https:\u002F\u002Fleak-check.net\">\n    \u003Cimg src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002F0x4m4_hexstrike-ai_readme_6447b43c80a9.png\" alt=\"LeaksAPI Logo\" width=\"150\" \u002F>\n  \u003C\u002Fa>\n  &nbsp;&nbsp;&nbsp;&nbsp;\n  \u003Ca href=\"https:\u002F\u002Fleak-check.net\">\n    \u003Cimg src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002F0x4m4_hexstrike-ai_readme_642cbea99a44.png\" alt=\"LeaksAPI Banner\" width=\"450\" \u002F>\n  \u003C\u002Fa>\n\u003C\u002Fp>\n\n\u003Cp align=\"center\">\n  \u003Ca href=\"https:\u002F\u002Fleak-check.net\">\n    \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FVisit-leak--check.net-00D4AA?style=for-the-badge&logo=shield&logoColor=white\" alt=\"访问 leak-check.net\" \u002F>\n  \u003C\u002Fa>\n\u003C\u002Fp>\n\n---\n\n\u003Cdiv align=\"center\">\n\n## 🌟 **Star 历史**\n\n[![Star 历史图表](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002F0x4m4_hexstrike-ai_readme_bcc0de908d40.png)](https:\u002F\u002Fstar-history.com\u002F#0x4m4\u002Fhexstrike-ai&Date)\n\n### **📊 项目统计**\n\n- **150+ 种安全工具** - 全面的安全测试工具库\n- **12+ 种 AI 代理** - 自主决策与工作流管理\n- **4000+ 漏洞模板** - Nuclei 集成覆盖广泛\n- **35+ 攻击类别** - 从 Web 应用到云基础设施\n- **实时处理** - 智能缓存实现亚秒级响应\n- **99.9% 正常运行时间** - 容错架构支持优雅降级\n\n### **🚀 准备好革新您的 AI 代理了吗？**\n\n**[⭐ 给此仓库加星](https:\u002F\u002Fgithub.com\u002F0x4m4\u002Fhexstrike-ai)** • **[🍴 分支并贡献](https:\u002F\u002Fgithub.com\u002F0x4m4\u002Fhexstrike-ai\u002Ffork)** • **[📖 阅读文档](docs\u002F)**\n\n---\n\n**由网络安全社区倾情打造，助力 AI 驱动的安全自动化**\n\n*HexStrike AI v6.0 - 人工智能与网络安全卓越的完美结合*\n\n\u003C\u002Fdiv>","# HexStrike AI 快速上手指南\n\nHexStrike AI 是一个基于 MCP（Model Context Protocol）协议的自动化网络安全渗透测试平台，集成了 150+ 安全工具和 12+ 自主 AI 智能体。\n\n## 环境准备\n\n### 系统要求\n- **操作系统**: Linux (推荐), macOS, Windows\n- **Python 版本**: 3.8 或更高\n- **磁盘空间**: 建议预留 5GB+ 用于安装安全工具\n\n### 前置依赖\n在开始之前，请确保系统已安装以下基础工具：\n- `git`\n- `python3` & `pip3`\n- `curl`\n- 浏览器自动化工具（可选，用于 Browser Agent）：`chromium-browser` 或 `google-chrome-stable`\n\n> **注意**：部分安全工具（如 `nmap`, `sqlmap` 等）需要系统级安装。建议在运行安装脚本前，先通过包管理器安装常用安全工具集合（如 Kali Linux 工具集或手动安装列出的核心工具）。\n\n## 安装步骤\n\n### 1. 克隆项目并配置虚拟环境\n\n```bash\n# 克隆仓库\ngit clone https:\u002F\u002Fgithub.com\u002F0x4m4\u002Fhexstrike-ai.git\ncd hexstrike-ai\n\n# 创建虚拟环境\npython3 -m venv hexstrike-env\n\n# 激活虚拟环境\n# Linux\u002FMac:\nsource hexstrike-env\u002Fbin\u002Factivate\n# Windows:\n# hexstrike-env\\Scripts\\activate\n```\n\n### 2. 安装 Python 依赖\n\n```bash\npip3 install -r requirements.txt\n```\n\n### 3. 安装核心安全工具\n\nHexStrike 依赖大量外部安全工具。您可以手动安装核心工具，或使用包管理器批量安装。以下是核心工具的手动安装示例：\n\n```bash\n# 网络侦察与扫描\nsudo apt install nmap masscan rustscan amass subfinder nuclei fierce dnsenum\nsudo apt install theharvester responder netexec enum4linux-ng\n\n# Web 应用安全\nsudo apt install gobuster dirsearch ffuf dirb httpx katana nikto sqlmap wpscan arjun dalfox wafw00f\n\n# 密码与认证\nsudo apt install hydra john hashcat medusa crackmapexec\n\n# 二进制分析与逆向工程\nsudo apt install gdb radare2 binwalk ghidra strings objdump volatility3 foremost steghide exiftool\n\n# 云安全工具\nsudo apt install prowler scout-suite trivy kube-hunter kube-bench docker-bench-security\n```\n\n*注：部分工具可能需要从源码编译或通过 `pip`\u002F`go` 单独安装，请参考官方文档获取最新安装方式。*\n\n### 4. 配置浏览器代理（可选）\n\n若需使用浏览器智能体功能，请安装 Chrome\u002FChromium：\n\n```bash\n# Ubuntu\u002FDebian\nsudo apt install chromium-browser chromium-chromedriver\n\n# 或者安装 Google Chrome\nwget -q -O - https:\u002F\u002Fdl.google.com\u002Flinux\u002Flinux_signing_key.pub | sudo apt-key add -\necho \"deb [arch=amd64] http:\u002F\u002Fdl.google.com\u002Flinux\u002Fchrome\u002Fdeb\u002F stable main\" | sudo tee \u002Fetc\u002Fapt\u002Fsources.list.d\u002Fgoogle-chrome.list\nsudo apt update && sudo apt install google-chrome-stable\n```\n\n## 基本使用\n\n### 1. 启动 MCP 服务器\n\n在激活的虚拟环境中运行以下命令启动服务：\n\n```bash\n# 默认端口启动\npython3 hexstrike_server.py\n\n# 调试模式启动\npython3 hexstrike_server.py --debug\n\n# 自定义端口启动\npython3 hexstrike_server.py --port 8888\n```\n\n### 2. 验证服务状态\n\n使用 `curl` 检查服务器健康状态：\n\n```bash\ncurl http:\u002F\u002Flocalhost:8888\u002Fhealth\n```\n\n测试 AI 智能体分析能力（示例目标）：\n\n```bash\ncurl -X POST http:\u002F\u002Flocalhost:8888\u002Fapi\u002Fintelligence\u002Fanalyze-target \\\n  -H \"Content-Type: application\u002Fjson\" \\\n  -d '{\"target\": \"example.com\", \"analysis_type\": \"comprehensive\"}'\n```\n\n### 3. 集成 AI 客户端\n\n启动服务器后，配置您的 AI 编辑器（如 Claude Desktop, Cursor, VS Code Copilot）以连接本地 MCP 服务。\n\n**Claude Desktop 配置示例** (`~\u002F.config\u002FClaude\u002Fclaude_desktop_config.json`):\n\n```json\n{\n  \"mcpServers\": {\n    \"hexstrike-ai\": {\n      \"command\": \"python3\",\n      \"args\": [\n        \"\u002Fpath\u002Fto\u002Fhexstrike-ai\u002Fhexstrike_mcp.py\",\n        \"--server\",\n        \"http:\u002F\u002Flocalhost:8888\"\n      ],\n      \"description\": \"HexStrike AI v6.0 - Advanced Cybersecurity Automation Platform\",\n      \"timeout\": 300,\n      \"disabled\": false\n    }\n  }\n}\n```\n\n配置完成后，即可在支持的 AI 客户端中调用 HexStrike 的安全测试能力。","某安全团队正在对一家金融客户的云原生应用进行紧急渗透测试，需要在 48 小时内完成全面的风险评估并交付报告。\n\n### 没有 hexstrike-ai 时\n- **工具切换繁琐**：分析师需手动在终端中交替运行 Nmap、Burp Suite、CloudEnum 等 20 多种独立工具，上下文频繁中断，效率极低。\n- **攻击链构建困难**：发现单个漏洞后，依靠人工经验判断后续利用路径，容易遗漏复杂的组合攻击场景，导致深层风险未被挖掘。\n- **报告整理耗时**：测试过程中产生的大量离散日志和截图需要人工汇总整理，撰写报告占据了整个项目近 40% 的时间。\n- **响应速度滞后**：面对客户临时增加的两个微服务节点，重新配置扫描策略和参数需要数小时，难以满足敏捷交付需求。\n\n### 使用 hexstrike-ai 后\n- **自主调度百款工具**：通过 Claude 代理连接 hexstrike-ai，系统自动调用内置的 150+ 安全工具（涵盖网络、Web、云及二进制分析），实现全流程无人值守扫描。\n- **智能生成攻击链**：hexstrike-ai 的决策引擎自动关联分散的漏洞点，自主发现并利用“云配置错误 + 接口未授权”的组合攻击路径，挖掘出高危隐患。\n- **实时可视化产出**：测试进度与漏洞详情通过 hexstrike-ai 的可视化引擎实时生成“漏洞卡片”，测试结束即同步输出结构化报告草案。\n- **动态适应目标变化**：新增目标只需自然语言指令，hexstrike-ai 即刻优化参数并启动针对性探测，将额外节点的评估时间从数小时压缩至分钟级。\n\nhexstrike-ai 通过将大模型的推理能力与百款实战安全工具深度融合，把传统渗透测试从“手工劳作”升级为“自主智能作战”。","https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002F0x4m4_hexstrike-ai_c81b03f3.png","0x4m4","Muhammad Osama","https:\u002F\u002Foss.gittoolsai.com\u002Favatars\u002F0x4m4_25d55f1a.jpg","Cybersecurity Researcher | Red Team Specialist | INFJ-T ",null,"Islamabad, PK","contact@0x4m4.com","https:\u002F\u002F0x4m4.com\u002F","https:\u002F\u002Fgithub.com\u002F0x4m4",[82],{"name":83,"color":84,"percentage":85},"Python","#3572A5",100,8049,1763,"2026-04-13T16:44:23","MIT","Linux, macOS, Windows","未说明",{"notes":93,"python":94,"dependencies":95},"该工具是一个网络安全自动化平台，主要依赖外部安全工具（如 Nmap, SQLMap, Hashcat 等）而非大型本地 AI 模型，因此未提及具体的 GPU 显存或 CUDA 版本需求。安装时需通过包管理器（apt 等）单独安装列出的安全工具和浏览器驱动（Chrome\u002FChromium）。支持通过 MCP 协议连接 Claude、GPT 等外部 AI 客户端。Windows 用户需注意虚拟环境激活脚本的差异。","3.8+",[96,97,98,99,100,101,102,103,104,105],"nmap","masscan","rustscan","amass","subfinder","nuclei","sqlmap","hydra","hashcat","chromium-browser",[14,52,35,15,13],[72,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126],"ai","ai-agents","ai-cybersecurity","ai-hacking","ai-penetration-testing","ai-security-tool","artificial-intelligence","ctf-tools","generative-ai","kali-linux","kali-tools","llm","llm-integration","mcp","mcp-server","mcp-tools","pentesting","pentesting-tools","hexstrike","2026-03-27T02:49:30.150509","2026-04-14T05:00:06.851269",[130,135,140,145,150,155],{"id":131,"question_zh":132,"answer_zh":133,"source_url":134},32613,"是否有命令可以一键安装 HexStrike AI 所需的所有工具？","是的，最新版本的脚本会自动发现并安装所有工具。维护者提到某些自定义工具（如内置浏览器）正在开发中以替代 BurpSuite 等 GUI 工具。如果遇到依赖问题（如 fastmcp），请确保更新到最新版本，维护者会定期推送修复和更新。","https:\u002F\u002Fgithub.com\u002F0x4m4\u002Fhexstrike-ai\u002Fissues\u002F7",{"id":136,"question_zh":137,"answer_zh":138,"source_url":139},32614,"在 Claude Desktop 中集成时出现 'Unexpected token' 或 JSON 解析错误怎么办？","这是一个已知问题，通常由输出中包含非 JSON 字符（如表情符号或描述文本）引起。维护者已推送修复版本。请确保拉取最新的代码库更新。如果问题依旧，检查配置文件中的 command 和 args 路径是否正确指向 python3 解释器和 hexstrike_mcp.py 脚本。","https:\u002F\u002Fgithub.com\u002F0x4m4\u002Fhexstrike-ai\u002Fissues\u002F11",{"id":141,"question_zh":142,"answer_zh":143,"source_url":144},32615,"遇到 OpenAI 或 Gemini 报错 'Invalid tools: array too long' (超过 128 个工具) 如何解决？","这是由模型提供商（如 OpenAI）设置的硬性限制，最大工具数量为 128 个。此外，如果使用 5ire 客户端，版本 14 可能会导致此类问题。建议检查所使用的客户端版本，或在配置中限制加载的工具数量以适应 API 限制。","https:\u002F\u002Fgithub.com\u002F0x4m4\u002Fhexstrike-ai\u002Fissues\u002F51",{"id":146,"question_zh":147,"answer_zh":148,"source_url":149},32616,"为什么 intelligent_smart_scan 或其他扫描工具无法运行或抛出错误？","大多数工具需要 root 权限才能正常执行（例如进行端口扫描或系统级操作）。解决方案是以 sudo 或 root 用户身份启动服务器。维护者建议：\"为了简单起见，请以 root 身份运行服务器\"，这样所有工具都能正常工作。","https:\u002F\u002Fgithub.com\u002F0x4m4\u002Fhexstrike-ai\u002Fissues\u002F19",{"id":151,"question_zh":152,"answer_zh":153,"source_url":154},32617,"启动服务器后访问根路径显示 'Cannot GET \u002F' 或浏览器无法打开工具链接是正常的吗？","这是正常的，因为 HexStrike AI 不是一个直接的 Web 应用。你不能直接在浏览器中打开它。必须将 MCP 脚本连接到 LLM 代理客户端（如 VS Code、Cursor、5ire、Roo Code 等）才能使用。请参考官方提供的演示视频进行正确配置。","https:\u002F\u002Fgithub.com\u002F0x4m4\u002Fhexstrike-ai\u002Fissues\u002F8",{"id":156,"question_zh":157,"answer_zh":158,"source_url":159},32618,"在浏览器中打开链接时出现错误或工具无法启动怎么办？","请确保按照官方的安装指导视频进行操作。该工具依赖于特定的 MCP 客户端环境，而不是独立的网页服务。如果按照视频步骤操作后仍有问题，请检查是否已正确连接了支持的 LLM 客户端（如 Cursor 或 VS Code）。","https:\u002F\u002Fgithub.com\u002F0x4m4\u002Fhexstrike-ai\u002Fissues\u002F9",[]]