mirror of
https://github.com/Ed1s0nZ/CyberStrikeAI.git
synced 2026-03-31 00:09:29 +02:00
CyberStrikeAI
CyberStrikeAI is an AI-native penetration-testing copilot built in Go. It combines hundreds of security tools, MCP-native orchestration, and an agent that reasons over findings so that a full engagement can be run from a single conversation.
- Web console
- MCP stdio mode
- External MCP servers & attack-chain view
Highlights
- 🤖 AI decision engine with OpenAI-compatible models (GPT, Claude, DeepSeek, etc.)
- 🔌 Native MCP implementation with HTTP/stdio transports and external MCP federation
- 🧰 100+ prebuilt tool recipes + YAML-based extension system
- 📄 Large-result pagination, compression, and searchable archives
- 🔗 Attack-chain graph, risk scoring, and step-by-step replay
- 🔒 Password-protected web UI, audit logs, and SQLite persistence
Tool Overview
CyberStrikeAI ships with 100+ curated tools covering the whole kill chain:
- Network Scanners – nmap, masscan, rustscan, arp-scan, nbtscan
- Web & App Scanners – sqlmap, nikto, dirb, gobuster, feroxbuster, ffuf, httpx
- Vulnerability Scanners – nuclei, wpscan, wafw00f, dalfox, xsser
- Subdomain Enumeration – subfinder, amass, findomain, dnsenum, fierce
- API Security – graphql-scanner, arjun, api-fuzzer, api-schema-analyzer
- Container Security – trivy, clair, docker-bench-security, kube-bench, kube-hunter
- Cloud Security – prowler, scout-suite, cloudmapper, pacu, terrascan, checkov
- Binary Analysis – gdb, radare2, ghidra, objdump, strings, binwalk
- Exploitation – metasploit, msfvenom, pwntools, ropper, ropgadget
- Password Cracking – hashcat, john, hashpump
- Forensics – volatility, volatility3, foremost, steghide, exiftool
- Post-Exploitation – linpeas, winpeas, mimikatz, bloodhound, impacket, responder
- CTF Utilities – stegsolve, zsteg, hash-identifier, fcrackzip, pdfcrack, cyberchef
- System Helpers – exec, create-file, delete-file, list-files, modify-file
Basic Usage
Quick Start
- Clone & install
git clone https://github.com/Ed1s0nZ/CyberStrikeAI.git cd CyberStrikeAI-main go mod download - Configure OpenAI-compatible access
Either open the in-appSettingspanel after launch or editconfig.yaml:openai: api_key: "sk-your-key" base_url: "https://api.openai.com/v1" model: "gpt-4o" auth: password: "" # empty = auto-generate & log once session_duration_hours: 12 security: tools_dir: "tools" - Install the tooling you need (optional)
AI automatically falls back to alternatives when a tool is missing.
# macOS brew install nmap sqlmap nuclei httpx gobuster feroxbuster subfinder amass # Ubuntu/Debian sudo apt-get install nmap sqlmap nuclei httpx gobuster feroxbuster - Launch
chmod +x run.sh && ./run.sh # or go run cmd/server/main.go # or go build -o cyberstrike-ai cmd/server/main.go - Open the console at http://localhost:8080, log in with the generated password, and start chatting.
Core Workflows
- Conversation testing – Natural-language prompts trigger toolchains with streaming SSE output.
- Tool monitor – Inspect running jobs, execution logs, and large-result attachments.
- History & audit – Every conversation and tool invocation is stored in SQLite with replay.
- Settings – Tweak provider keys, MCP enablement, tool toggles, and agent iteration limits.
Built-in Safeguards
- Required-field validation prevents accidental blank API credentials.
- Auto-generated strong passwords when
auth.passwordis empty. - Unified auth middleware for every web/API call (Bearer token flow).
- Timeout and sandbox guards per tool, plus structured logging for triage.
Advanced Usage
Tool Orchestration & Extensions
- YAML recipes in
tools/*.yamldescribe commands, arguments, prompts, and metadata. - Directory hot-reload – pointing
security.tools_dirto a folder is usually enough; inline definitions inconfig.yamlremain supported for quick experiments. - Large-result pagination – outputs beyond 200 KB are stored as artifacts retrievable through the
query_execution_resulttool with paging, filters, and regex search. - Result compression – multi-megabyte logs can be summarized or losslessly compressed before persisting to keep SQLite lean.
Creating a custom tool (typical flow)
- Copy an existing YAML file from
tools/(for exampletools/sample.yaml). - Update
name,command,args, andshort_description. - Describe positional or flag parameters in
parameters[]so the agent knows how to build CLI arguments. - Provide a longer
description/notesblock if the agent needs extra context or post-processing tips. - Restart the server or reload configuration; the new tool becomes available immediately and can be enabled/disabled from the Settings panel.
Attack-Chain Intelligence
- AI parses each conversation to assemble targets, tools, vulnerabilities, and relationships.
- The web UI renders the chain as an interactive graph with severity scoring and step replay.
- Export the chain or raw findings to external reporting pipelines.
MCP Everywhere
- Web mode – ships with HTTP MCP server automatically consumed by the UI.
- MCP stdio mode –
go run cmd/mcp-stdio/main.goexposes the agent to Cursor/CLI. - External MCP federation – register third-party MCP servers (HTTP or stdio) from the UI, toggle them per engagement, and monitor their health and call volume in real time.
Automation Hooks
- REST APIs – everything the UI uses (auth, conversations, tool runs, monitor) is available over JSON.
- Task control – pause/resume/stop long scans, re-run steps with new params, or stream transcripts.
- Audit & security – rotate passwords via
/api/auth/change-password, enforce short-lived sessions, and restrict MCP ports at the network layer when exposing the service.
Configuration Reference
auth:
password: "change-me"
session_duration_hours: 12
server:
host: "0.0.0.0"
port: 8080
log:
level: "info"
output: "stdout"
mcp:
enabled: true
host: "0.0.0.0"
port: 8081
openai:
api_key: "sk-xxx"
base_url: "https://api.deepseek.com/v1"
model: "deepseek-chat"
database:
path: "data/conversations.db"
security:
tools_dir: "tools"
Tool Definition Example (tools/nmap.yaml)
name: "nmap"
command: "nmap"
args: ["-sT", "-sV", "-sC"]
enabled: true
short_description: "Network mapping & service fingerprinting"
parameters:
- name: "target"
type: "string"
description: "IP or domain"
required: true
position: 0
- name: "ports"
type: "string"
flag: "-p"
description: "Range, e.g. 1-1000"
Project Layout
CyberStrikeAI/
├── cmd/ # Server, MCP stdio entrypoints, tooling
├── internal/ # Agent, MCP core, handlers, security executor
├── web/ # Static SPA + templates
├── tools/ # YAML tool recipes (100+ examples provided)
├── img/ # Docs screenshots & diagrams
├── config.yaml # Runtime configuration
├── run.sh # Convenience launcher
└── README*.md
Basic Usage Examples
Scan open ports on 192.168.1.1
Perform a comprehensive port scan on 192.168.1.1 focusing on 80,443,22
Check if https://example.com/page?id=1 is vulnerable to SQL injection
Scan https://example.com for hidden directories and outdated software
Enumerate subdomains for example.com, then run nuclei against the results
Advanced Playbooks
Load the recon-engagement template, run amass/subfinder, then brute-force dirs on every live host.
Use external Burp-based MCP server for authenticated traffic replay, then pass findings back for graphing.
Compress the 5 MB nuclei report, summarize critical CVEs, and attach the artifact to the conversation.
Build an attack chain for the latest engagement and export the node list with severity >= high.
Changelog (Recent)
- 2025-11-20 – Added automatic compression/summarization for oversized tool logs and MCP transcripts.
- 2025-11-17 – Introduced AI-built attack-chain visualization with interactive graph and risk scoring.
- 2025-11-15 – Delivered large-result pagination, advanced filtering, and external MCP federation.
- 2025-11-14 – Optimized tool lookups (O(1)), execution record cleanup, and DB pagination.
- 2025-11-13 – Added web authentication, settings UI, and MCP stdio mode integration.
Need help or want to contribute? Open an issue or PR—community tooling additions are welcome!