Add files via upload

README.md

@@ -53,7 +53,15 @@ CyberStrikeAI ships with 100+ curated tools covering the whole kill chain:
    cd CyberStrikeAI-main
    go mod download
    ```
-2. **Configure OpenAI-compatible access**  
+2. **Set up the Python tooling stack (required for the YAML tools directory)**  
+   A large portion of `tools/*.yaml` recipes wrap Python utilities (`api-fuzzer`, `http-framework-test`, `install-python-package`, etc.). Create the project-local virtual environment once and install the shared dependencies:
+   ```bash
+   python3 -m venv venv
+   source venv/bin/activate
+   pip install -r requirements.txt
+   ```
+   The helper tools automatically detect this `venv` (or any already active `$VIRTUAL_ENV`), so the default `env_name` works out of the box unless you intentionally supply another target.
+3. **Configure OpenAI-compatible access**  
    Either open the in-app `Settings` panel after launch or edit `config.yaml`:
    ```yaml
    openai:
@@ -66,7 +74,7 @@ CyberStrikeAI ships with 100+ curated tools covering the whole kill chain:
    security:
      tools_dir: "tools"
    ```
-3. **Install the tooling you need (optional)**
+4. **Install the tooling you need (optional)**
    ```bash
    # macOS
    brew install nmap sqlmap nuclei httpx gobuster feroxbuster subfinder amass
@@ -74,7 +82,7 @@ CyberStrikeAI ships with 100+ curated tools covering the whole kill chain:
    sudo apt-get install nmap sqlmap nuclei httpx gobuster feroxbuster
    ```
    AI automatically falls back to alternatives when a tool is missing.
-4. **Launch**
+5. **Launch**
    ```bash
    chmod +x run.sh && ./run.sh
    # or
@@ -82,7 +90,7 @@ CyberStrikeAI ships with 100+ curated tools covering the whole kill chain:
    # or
    go build -o cyberstrike-ai cmd/server/main.go
    ```
-5. **Open the console** at http://localhost:8080, log in with the generated password, and start chatting.
+6. **Open the console** at http://localhost:8080, log in with the generated password, and start chatting.
 
 ### Core Workflows
 - **Conversation testing** – Natural-language prompts trigger toolchains with streaming SSE output.
@@ -121,6 +129,44 @@ CyberStrikeAI ships with 100+ curated tools covering the whole kill chain:
 - **MCP stdio mode** – `go run cmd/mcp-stdio/main.go` exposes the agent to Cursor/CLI.
 - **External MCP federation** – register third-party MCP servers (HTTP or stdio) from the UI, toggle them per engagement, and monitor their health and call volume in real time.
 
+#### MCP stdio quick start
+1. **Build the binary** (run from the project root):
+   ```bash
+   go build -o cyberstrike-ai-mcp cmd/mcp-stdio/main.go
+   ```
+2. **Wire it up in Cursor**  
+   Open `Settings → Tools & MCP → Add Custom MCP`, pick **Command**, then point to the compiled binary and your config:
+   ```json
+   {
+     "mcpServers": {
+       "cyberstrike-ai": {
+         "command": "/absolute/path/to/cyberstrike-ai-mcp",
+         "args": [
+           "--config",
+           "/absolute/path/to/config.yaml"
+         ]
+       }
+     }
+   }
+   ```
+   Replace the paths with your local locations; Cursor will launch the stdio server automatically.
+
+#### MCP HTTP quick start
+1. Ensure `config.yaml` has `mcp.enabled: true` and adjust `mcp.host` / `mcp.port` if you need a non-default binding (localhost:8081 works well for local Cursor usage).
+2. Start the main service (`./run.sh` or `go run cmd/server/main.go`); the MCP endpoint lives at `http://<host>:<port>/mcp`.
+3. In Cursor, choose **Add Custom MCP → HTTP** and set `Base URL` to `http://127.0.0.1:8081/mcp`.
+4. Prefer committing the setup via `.cursor/mcp.json` so teammates can reuse it:
+   ```json
+   {
+     "mcpServers": {
+       "cyberstrike-ai-http": {
+         "transport": "http",
+         "url": "http://127.0.0.1:8081/mcp"
+       }
+     }
+   }
+   ```
+
 ### Automation Hooks
 - **REST APIs** – everything the UI uses (auth, conversations, tool runs, monitor) is available over JSON.
 - **Task control** – pause/resume/stop long scans, re-run steps with new params, or stream transcripts.

README_CN.md

@@ -53,7 +53,15 @@ CyberStrikeAI 是一款 **AI 原生渗透测试协同体**，以 Go 编写，内
    cd CyberStrikeAI-main
    go mod download
    ```
-2. **配置模型与鉴权**  
+2. **初始化 Python 虚拟环境（tools 目录所需）**  
+   `tools/*.yaml` 中大量工具（如 `api-fuzzer`、`http-framework-test`、`install-python-package` 等）依赖 Python 生态。首次进入项目根目录时请创建本地虚拟环境并安装依赖：
+   ```bash
+   python3 -m venv venv
+   source venv/bin/activate
+   pip install -r requirements.txt
+   ```
+   两个 Python 专用工具（`install-python-package` 与 `execute-python-script`）会自动检测该 `venv`（或已经激活的 `$VIRTUAL_ENV`），因此默认 `env_name` 即可满足大多数场景。
+3. **配置模型与鉴权**  
    启动后在 Web 端 `Settings` 填写，或直接编辑 `config.yaml`：
    ```yaml
    openai:
@@ -66,7 +74,7 @@ CyberStrikeAI 是一款 **AI 原生渗透测试协同体**，以 Go 编写，内
    security:
      tools_dir: "tools"
    ```
-3. **按需安装安全工具（可选）**
+4. **按需安装安全工具（可选）**
    ```bash
    # macOS
    brew install nmap sqlmap nuclei httpx gobuster feroxbuster subfinder amass
@@ -74,7 +82,7 @@ CyberStrikeAI 是一款 **AI 原生渗透测试协同体**，以 Go 编写，内
    sudo apt-get install nmap sqlmap nuclei httpx gobuster feroxbuster
    ```
    未安装的工具会自动跳过或改用替代方案。
-4. **启动服务**
+5. **启动服务**
    ```bash
    chmod +x run.sh && ./run.sh
    # 或
@@ -82,7 +90,7 @@ CyberStrikeAI 是一款 **AI 原生渗透测试协同体**，以 Go 编写，内
    # 或
    go build -o cyberstrike-ai cmd/server/main.go
    ```
-5. **浏览器访问** http://localhost:8080 ，使用日志中提示的密码登录并开始对话。
+6. **浏览器访问** http://localhost:8080 ，使用日志中提示的密码登录并开始对话。
 
 ### 常用流程
 - **对话测试**：自然语言触发多步工具编排，SSE 实时输出。
@@ -120,6 +128,44 @@ CyberStrikeAI 是一款 **AI 原生渗透测试协同体**，以 Go 编写，内
 - **MCP stdio 模式**：`go run cmd/mcp-stdio/main.go` 可接入 Cursor/命令行。
 - **外部 MCP 联邦**：在设置中注册第三方 MCP（HTTP/stdio），按需启停并实时查看调用统计与健康度。
 
+#### MCP stdio 快速集成
+1. **编译可执行文件**（在项目根目录执行）：
+   ```bash
+   go build -o cyberstrike-ai-mcp cmd/mcp-stdio/main.go
+   ```
+2. **在 Cursor 中配置**  
+   打开 `Settings → Tools & MCP → Add Custom MCP`，选择 **Command**，指定编译后的程序与配置文件：
+   ```json
+   {
+     "mcpServers": {
+       "cyberstrike-ai": {
+         "command": "/absolute/path/to/cyberstrike-ai-mcp",
+         "args": [
+           "--config",
+           "/absolute/path/to/config.yaml"
+         ]
+       }
+     }
+   }
+   ```
+   将路径替换成你本地的实际地址，Cursor 会自动启动 stdio 版本的 MCP。
+
+#### MCP HTTP 快速集成
+1. 确认 `config.yaml` 中 `mcp.enabled: true`，按照需要调整 `mcp.host` / `mcp.port`（本地建议 `127.0.0.1:8081`）。
+2. 启动主服务（`./run.sh` 或 `go run cmd/server/main.go`），MCP 端点默认暴露在 `http://<host>:<port>/mcp`。
+3. 在 Cursor 内 `Add Custom MCP → HTTP`，将 `Base URL` 设置为 `http://127.0.0.1:8081/mcp`。
+4. 也可以在项目根目录创建 `.cursor/mcp.json` 以便团队共享：
+   ```json
+   {
+     "mcpServers": {
+       "cyberstrike-ai-http": {
+         "transport": "http",
+         "url": "http://127.0.0.1:8081/mcp"
+       }
+     }
+   }
+   ```
+
 ### 自动化与安全
 - **REST API**：认证、会话、任务、监控等接口全部开放，可与 CI/CD 集成。
 - **任务控制**：支持暂停/终止长任务、修改参数后重跑、流式获取日志。

requirements.txt

@@ -0,0 +1,25 @@
+# Python HTTP helpers leveraged by tools like api-fuzzer, dnslog, http-intruder, http-framework-test
+requests>=2.32.3
+httpx>=0.27.0
+charset-normalizer>=3.3.2
+chardet>=5.2.0
+
+# Python exploitation / analysis frameworks referenced by tool recipes
+angr>=9.2.96
+pwntools>=4.12.0
+arjun>=2.2.0
+paramspider>=2.1.0
+uro>=1.0.2
+jwt-tool>=2.2.0
+
+# AD / network post-exploitation suites
+bloodhound>=1.6.1
+impacket>=0.11.0
+responder>=3.1.3
+
+# Recon / automation helpers
+autorecon>=2.5.4
+binwalk>=2.4.2
+dirsearch>=0.4.3
+checkov>=3.2.0
+