HexStrike — Cybersecurity & CTF Skill

Overview

Execute security tools directly via exec. No middleware, no MCP server — direct CLI access to 150+ security tools with methodology-driven workflows.

First Step: Check Available Tools

Before starting any engagement, run the tool checker to see what's installed:

bash scripts/tool-check.sh           # All categories
bash scripts/tool-check.sh network   # Just network tools
bash scripts/tool-check.sh web       # Just web tools

Adapt the workflow to available tools. If a preferred tool is missing, suggest installation or use alternatives.

CTF Workflow

When given a CTF challenge:

1. Identify category from description/files (web, crypto, pwn, forensics, rev, misc, OSINT)
2. Read references/ctf-playbook.md for the matching category section
3. Triage — run quick identification commands before heavy tools
4. Iterate — CTF is exploratory; try the obvious first, escalate to specialized tools
5. Document findings as you go — note promising leads

Category Identification Hints

Recon / Pentest Workflow

For reconnaissance or penetration testing engagements:

1. Read references/recon-methodology.md for the full phased approach
2. Phase 1: Passive recon (subdomains, DNS, WHOIS, certificate transparency)
3. Phase 2: Active recon (port scanning, service enumeration)
4. Phase 3: Vulnerability scanning (nuclei, nikto, nmap scripts)
5. Phase 4: Web app testing (directory brute-force, injection testing)
6. Phase 5: Credential attacks (only when authorized)

Tool Reference

For quick syntax lookup on any of the 80+ tools, read references/tool-reference.md.

Execution Guidelines

Output Handling

• Pipe long outputs to files: nmap ... -oA /tmp/nmap_results
• Use | head -50 or | tail -20 for initial review
• Save important results: > /tmp/__results.txt

Safety

• Never run offensive tools against targets without explicit authorization
• Default to non-invasive scans first (passive recon, version detection)
• Escalate to active testing only when confirmed authorized
• Use --batch flags where available to avoid interactive prompts (e.g., sqlmap)
• Set reasonable timeouts and rate limits to avoid disruption

Tool Installation

If critical tools are missing, suggest install commands:

• Debian/Ubuntu: sudo apt install
• pip tools: pip3 install
• Go tools: go install @latest
• Kali Linux: Most tools pre-installed; sudo apt install kali-tools-* for categories

Long-Running Scans

Use exec with background: true and yieldMs for scans that take minutes:

exec: nmap -sV -sC -p- <TARGET> -oA /tmp/full_scan
background: true, yieldMs: 30000

Check progress with process(action=poll).