HexStrike AI RED-TEAM Integrates BOAZ With 127 Security

HexStrike AI v6.0 has been released, emerging as a fork of the original HexStrike AI project. This advanced Model Context Protocol (MCP)-based cybersecurity automation framework merges 127 professional security tools with BOAZ, a multi-layered EDR/AV payload evasion engine built for real-world red team operations.

The platform enables Claude, GPT, VS Code Copilot, Cursor, and any MCP-compatible AI agent to autonomously orchestrate penetration testing workflows, vulnerability discovery, and enterprise evasion payloads, replacing days of manual tooling with minutes of AI-driven analysis.

HexStrike AI operates as a FastMCP server that bridges large language models (LLMs) with a curated arsenal of offensive security tools.

The architecture positions an Intelligent Decision Engine as the orchestration brain, analyzing targets, selecting optimal tooling, and executing multi-phase assessments without requiring constant human direction.

The platform supports six AI client integrations out of the box: Claude Desktop, Cursor, VS Code Copilot, Roo Code, 5ire (partial), and any standards-compliant MCP agent.

BOAZ Red Team Integration

The most operationally significant addition in this fork from Muhammad Osama, Yenn503, and Aoxley is the full integration of BOAZ (Bypass, Obfuscate, Adapt, Zero-Trust) developed by Thomasxm, an open-source multilayered AV/EDR evasion framework.

BOAZ is wired into HexStrike through five dedicated MCP tools and transforms the platform from a scanning engine into a complete red team payload pipeline.

The BOAZ workflow within HexStrike follows a defined payload pipeline: MSFVenom generation → entropy analysis → BOAZ evasion layer → enterprise-grade stealth binary.

127- Security Tools Arsenal

HexStrike ships with 127 classified security tools, of which 53 are auto-installed via install/install_all.sh and the remaining 74 require manual installation due to licensing constraints, specialized dependencies, or platform-specific requirements.

Manual installation targets tools with broader enterprise impact: wireless (aircrack-ng, kismet), cloud auditing (kube-hunter, scout-suite, checkov, terrascan, falco), web proxy (Burp Suite, ZAProxy), and OSINT platforms (Maltego, Censys-CLI).

Full installation requires approximately 24 GB of disk space and 60–90 minutes of compile time the bulk attributable to building the LLVM-based Akira and Pluto obfuscators from source (~30 minutes each). The fork is available to clone from GitHub.

HexStrike AI explicitly scopes legitimate use to: authorized penetration testing engagements with written permission, bug bounty program participation within defined scope, CTF competitions, and red team exercises with organizational approval.

Unauthorized testing, data exfiltration, and malicious activities are explicitly prohibited in the project documentation.

Check Point Research previously highlighted the dual-use risk of LLM orchestration frameworks like HexStrike, noting that the same abstraction layer that makes the tool powerful for defenders can direct offensive capabilities at scale with minimal human oversight a risk vector that security teams must account for in their defensive posture.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.