HexStrike — Cybersecurity & CTF Skill

Overview

Execute security tools directly via exec. No middleware, no MCP server — direct CLI access to 150+ security tools with methodology-driven workflows.

First Step: Check Available Tools

Before starting any engagement, run the tool checker to see what's installed:

CODEBLOCK0

Adapt the workflow to available tools. If a preferred tool is missing, suggest installation or use alternatives.

CTF Workflow

When given a CTF challenge:

1. Identify category from description/files (web, crypto, pwn, forensics, rev, misc, OSINT)
Read references/ctf-playbook.md for the matching category section
Triage — run quick identification commands before heavy tools
Iterate — CTF is exploratory; try the obvious first, escalate to specialized tools
Document findings as you go — note promising leads

Category Identification Hints

Indicators	Category
URL, web app, login page, cookies	web
Ciphertext, hash, encoded data, RSA, AES

Recon / Pentest Workflow

For reconnaissance or penetration testing engagements:

1. Read references/recon-methodology.md for the full phased approach
Phase 1: Passive recon (subdomains, DNS, WHOIS, certificate transparency)
Phase 2: Active recon (port scanning, service enumeration)
Phase 3: Vulnerability scanning (nuclei, nikto, nmap scripts)
Phase 4: Web app testing (directory brute-force, injection testing)
Phase 5: Credential attacks (only when authorized)

Tool Reference

For quick syntax lookup on any of the 80+ tools, read references/tool-reference.md.

Execution Guidelines

Output Handling

- Pipe long outputs to files: INLINECODE4
Use | head -50 or | tail -20 for initial review
Save important results: INLINECODE7

Safety

- Never run offensive tools against targets without explicit authorization
Default to non-invasive scans first (passive recon, version detection)
Escalate to active testing only when confirmed authorized
Use --batch flags where available to avoid interactive prompts (e.g., sqlmap)
Set reasonable timeouts and rate limits to avoid disruption

Tool Installation

If critical tools are missing, suggest install commands:

- Debian/Ubuntu: INLINECODE9
pip tools: INLINECODE10
Go tools: INLINECODE11
Kali Linux: Most tools pre-installed; sudo apt install kali-tools-* for categories

Long-Running Scans

Use exec with background: true and yieldMs for scans that take minutes:

exec: nmap -sV -sC -p- <TARGET> -oA /tmp/full_scan
background: true, yieldMs: 30000

Check progress with process(action=poll).

HexStrike — 网络安全与CTF技能

概述

通过exec直接执行安全工具。无需中间件，无需MCP服务器——直接通过CLI访问150+安全工具，配合方法论驱动的工作流程。

第一步：检查可用工具

在开始任何任务前，运行工具检查器查看已安装的工具：

bash
bash scripts/tool-check.sh # 所有类别
bash scripts/tool-check.sh network # 仅网络工具
bash scripts/tool-check.sh web # 仅Web工具

根据可用工具调整工作流程。如果缺少首选工具，建议安装或使用替代方案。

CTF工作流程

当面对CTF挑战时：

1. 识别类别：从描述/文件中判断（web、crypto、pwn、forensics、rev、misc、OSINT）
阅读references/ctf-playbook.md中对应类别章节
初步排查——在运行重型工具前先执行快速识别命令
迭代——CTF是探索性的；先尝试明显的方法，再升级到专业工具
记录发现——随时记录有价值的线索

类别识别提示

指标	类别
URL、Web应用、登录页面、Cookie	web
密文、哈希、编码数据、RSA、AES

侦察/渗透测试工作流程

对于侦察或渗透测试任务：

1. 阅读references/recon-methodology.md了解完整的分阶段方法
阶段1：被动侦察（子域名、DNS、WHOIS、证书透明度）
阶段2：主动侦察（端口扫描、服务枚举）
阶段3：漏洞扫描（nuclei、nikto、nmap脚本）
阶段4：Web应用测试（目录暴力破解、注入测试）
阶段5：凭据攻击（仅限授权情况下）

工具参考

如需快速查询80+工具的语法，请阅读references/tool-reference.md。

执行指南

输出处理

- 将长输出重定向到文件：nmap ... -oA /tmp/nmapresults
使用| head -50或| tail -20进行初步审查
保存重要结果：> /tmp/<工具名><目标>_results.txt

安全

- 未经明确授权，切勿对目标运行攻击性工具
默认先进行非侵入式扫描（被动侦察、版本检测）
仅在确认授权后升级到主动测试
尽可能使用--batch标志以避免交互式提示（例如sqlmap）
设置合理的超时和速率限制以避免干扰

工具安装

如果缺少关键工具，建议安装命令：

- Debian/Ubuntu：sudo apt install <包名>
pip工具：pip3 install <包名>
Go工具：go install <仓库地址>@latest
Kali Linux：大多数工具预装；sudo apt install kali-tools-*用于安装类别工具

长时间运行的扫描

对于耗时数分钟的扫描，使用带background: true和yieldMs参数的exec：

exec: nmap -sV -sC -p- <目标> -oA /tmp/full_scan
background: true, yieldMs: 30000

使用process(action=poll)检查进度。

hexstrike六边形攻击

hexstrike

HexStrike — Cybersecurity & CTF Skill

Overview

First Step: Check Available Tools