HexStrike AI v6.0 Integrates 127 Tools with BOAZ for Autonomous Red Teaming
A new fork of HexStrike AI, version 6.0, merges 127 security tools with the BOAZ evasion engine, enabling AI agents to autonomously conduct advanced penetration testing and enterprise evasion.
A significant advancement in cybersecurity automation has arrived with the release of HexStrike AI v6.0, a fork of the original project that dramatically expands its capabilities. This new version integrates a staggering 127 professional security tools with BOAZ, a sophisticated EDR/AV payload evasion engine designed for real-world red team operations. The framework leverages AI agents such as Claude, GPT, and VS Code Copilot, allowing them to autonomously orchestrate complex penetration testing workflows, discover vulnerabilities, and deploy enterprise evasion payloads. This AI-driven approach promises to replace days of manual effort with mere minutes of analysis, fundamentally changing how offensive security assessments are conducted.
At its core, HexStrike AI operates as a FastMCP server, acting as a bridge between large language models (LLMs) and a comprehensive suite of offensive security tools. The platform's architecture is centered around an Intelligent Decision Engine, which serves as the orchestration brain. This engine analyzes target environments, selects the most effective tools for the task, and executes multi-phase assessments with minimal human intervention. HexStrike AI boasts broad compatibility, supporting six AI client integrations out of the box, including Claude Desktop, Cursor, VS Code Copilot, Roo Code, and any standard-compliant MCP agent, ensuring flexibility for diverse user environments.
The most impactful addition to this fork is the full integration of BOAZ (Bypass, Obfuscate, Adapt, Zero-Trust), an open-source multilayered AV/EDR evasion framework developed by Thomasxm. Integrated via five dedicated MCP tools, BOAZ transforms HexStrike AI from a mere scanning engine into a complete red team payload pipeline. The BOAZ workflow within HexStrike follows a structured process: initial payload generation using tools like MSFVenom, followed by entropy analysis, application of BOAZ's evasion layers, and finally, the creation of an enterprise-grade stealth binary. This pipeline is crucial for evading modern defenses.
BOAZ itself offers an impressive array of capabilities, including over 77 process injection loaders across six categories, 12 different encoding schemes (such as AES, ChaCha20, and XOR), and advanced EDR bypass techniques like API unhooking and ETW patching. It also incorporates anti-analysis controls to detect emulation, sleep obfuscation, and sandbox environments, alongside support for multiple compilers and output formats including EXE, DLL, and CPL, with options for self-deletion and anti-forensic measures.
The HexStrike AI v6.0 arsenal comprises 127 security tools, with 53 automatically installed via a script. The remaining 74 tools require manual installation due to licensing, dependency, or platform-specific needs. These include essential tools for network reconnaissance (nmap, amass), web application security (sqlmap, nuclei), password cracking (hashcat, john), binary analysis (ghidra, radare2), and forensics (volatility3, sleuthkit). Manual installation targets tools with broader enterprise impact, such as wireless auditing (aircrack-ng), cloud auditing (kube-hunter, checkov), and OSINT platforms (Maltego).
Full installation of HexStrike AI v6.0 demands approximately 24 GB of disk space and can take 60-90 minutes, largely due to the compilation of LLVM-based obfuscators. The project is available for cloning from GitHub. The developers explicitly define legitimate use cases, including authorized penetration testing, bug bounty participation, CTF competitions, and approved red team exercises. Unauthorized testing, data exfiltration, and malicious activities are strictly prohibited.
This release echoes concerns previously raised by researchers like Check Point Research, who highlighted the dual-use nature of LLM orchestration frameworks. The same abstraction that empowers defenders can be weaponized by attackers to direct offensive capabilities at an unprecedented scale with minimal human oversight. Security teams must therefore adapt their defensive strategies to account for the evolving threat landscape presented by AI-driven offensive tools.