AI Powered penetration testing Platform for offensive security research
# Add to your Claude Code skills
git clone https://github.com/CommonHuman-Lab/nyxstrikeGuides for using mcp servers skills like nyxstrike.
Last scanned: 5/30/2026
{
"issues": [],
"status": "PASSED",
"scannedAt": "2026-05-30T16:36:53.913Z",
"npmAuditRan": true,
"pipAuditRan": true
}nyxstrike is an open-source mcp servers skill for AI coding assistants such as Claude Code, Codex CLI, and ChatGPT, built by CommonHuman-Lab. AI Powered penetration testing Platform for offensive security research. It has 123 GitHub stars.
Yes. nyxstrike passed SkillsLLM's automated security scan — a dependency vulnerability audit plus prompt-injection heuristics — with no high-severity issues. You can read the full report in the Security Report section on this page.
Clone the repository with "git clone https://github.com/CommonHuman-Lab/nyxstrike" and add it to your Claude Code skills directory (see the Installation section above).
nyxstrike is primarily written in Python. It is open-source under CommonHuman-Lab on GitHub, so you can review or fork the full source.
Yes. SkillsLLM lists many other MCP Servers skills you can browse and compare side by side. Open the MCP Servers category from the badge at the top of this page, or use the Related Skills and comparison links further down to weigh nyxstrike against similar tools.
No comments yet. Be the first to share your thoughts!
Top skills in this category by stars
Previously: Hexstrike AI Community Edition
⭐ If NyxStrike improves your workflow, consider starring the repo — it helps others discover it.
NyxStrike connects LLM agents to real offensive security tools and executes full attack chains — from recon to exploitation.
Get a full offensive security environment running in minutes.
git clone https://github.com/CommonHuman-Lab/nyxstrike.git
cd nyxstrike
./nyxstrike.sh -a # Setup + start server
./nyxstrike.sh -a -ai # + local AI model (~8.4 GB RAM)
./nyxstrike.sh -a -ai-small # + smaller AI model (~2.5 GB RAM)
# Docker
docker compose up --build -d # Build + start
docker compose down # Stop
Full flag reference: Wiki — Installation & Flags
Open http://localhost:8888 to access the dashboard.
Some tools (e.g.
nmap,masscan) require elevated privileges for specific scan modes. Use a dedicated test VM and least-privilege setup where possible.
Connect NyxStrike to any MCP-compatible AI client — OpenCode, Cursor, Claude Desktop, VS Code Copilot, Roo Code, and more.
/path/to/nyxstrike/nyxstrike-env/bin/python3 \
/path/to/nyxstrike/nyxstrike_mcp.py \
--server http://127.0.0.1:8888 \
--profile full
{
"$schema": "https://opencode.ai/config.json",
"mcp": {
"nyxstrike": {
"type": "local",
"command": [
"/path/to/nyxstrike/nyxstrike-env/bin/python3",
"/path/to/nyxstrike/nyxstrike_mcp.py",
"--server",
"http://127.0.0.1:8888",
"--profile",
"full"
],
"enabled": true
}
}
}
Config snippets for Claude Desktop, Cursor, VS Code Copilot, and security options: Wiki — MCP Setup
NyxStrike does not just run tools — it orchestrates full attack chains using AI decision-making.
185+ offensive security tools across 12 categories — all dynamically orchestrated by AI agents in real time.
NyxStrike gives AI agents direct access to offensive security tooling.
NYXSTRIKE_API_TOKEN for any non-local deployment| Allowed | Not Allowed |
|---|---|
| Authorized penetration testing (with written authorization) | Unauthorized testing of any system |
| Bug bounty programs (within program scope and rules) | Malicious, illegal, or harmful activities |
| CTF competitions and educational environments | Unauthorized data access or exfiltration |
| Security research on owned or authorized systems | |
| Red team exercises (with organizational approval) |
Licensed under the AGPLv3. You are free to use, modify, and distribute this software. If you run it as a service or distribute it, the source must remain open.
For commercial licensing, contact the author.
If NyxStrike is useful to your workflow:
It makes a real difference.
Originally inspired by hexstrike-ai.