MCPcopy
hub / github.com/Ed1s0nZ/CyberStrikeAI

github.com/Ed1s0nZ/CyberStrikeAI @v1.6.50 sqlite

repository ↗ · DeepWiki ↗ · release v1.6.50 ↗
5,287 symbols 17,462 edges 417 files 2,093 documented · 40%
README

CyberStrikeAI Logo

CyberStrikeAI

中文 | English

Community: Join us on Discord

WeChat group (click to reveal QR code)

CyberStrikeAI WeChat group QR code

Sponsorship (click to expand)

If CyberStrikeAI helps you, you can support the project via WeChat Pay or Alipay:

WeChat Pay and Alipay sponsorship QR codes

CyberStrikeAI is an AI-native security testing platform built in Go. It integrates 100+ security tools, an intelligent orchestration engine, role-based testing with predefined security roles, a skills system with specialized testing skills, comprehensive lifecycle management capabilities, and a built-in lightweight C2 (Command & Control) framework for authorized engagements (listeners, encrypted implants, sessions, tasks, real-time events, REST and MCP). Through native MCP protocol and AI agents, it enables end-to-end automation from conversational commands to vulnerability discovery, attack-chain analysis, knowledge retrieval, and result visualization—delivering an auditable, traceable, and collaborative testing environment for security teams.

Interface & Integration Preview

System Dashboard Overview

Light Mode System Dashboard (Light) Dark Mode System Dashboard (Dark)

The dashboard provides a comprehensive overview of system runtime status, security vulnerabilities, tool usage, and knowledge base, helping users quickly understand the platform's core features and current state.

Core Features Overview

Web Console Web Console Task Management Task Management Vulnerability Management Vulnerability Management
WebShell Management WebShell Management MCP Management MCP management Knowledge Base Knowledge Base
Skills Management Skills Management Agent Management Agent Management Role Management Role Management
System Settings System settings MCP stdio Mode MCP stdio mode Burp Suite Plugin Burp Suite plugin

Highlights

  • 🤖 AI decision engine with OpenAI-compatible models (GPT, Claude, DeepSeek, etc.)
  • 🔌 Native MCP implementation with HTTP/stdio/SSE transports and external MCP federation
  • 🧰 100+ prebuilt tool recipes + YAML-based extension system
  • 📄 Large-result pagination, compression, and searchable archives
  • 🔗 Attack-chain graph, risk scoring, and step-by-step replay
  • 🔒 Password-protected web UI, audit logs, and SQLite persistence
  • 📚 Knowledge base (RAG): Eino MultiQuery query rewrite + multi-path vector retrieval + HTTP rerank (DashScope gte-rerank / Cohere-compatible) + post-processing (dedupe, budget); Eino Compose indexing pipeline
  • 📁 Conversation grouping with pinning, rename, and batch management
  • 📂 Project management: shared facts (blackboard) across sessions, upsert_project_fact + links to chain paths; attack-chain and project fact graph views
  • 🛡️ Vulnerability management with CRUD operations, severity tracking, status workflow, and statistics
  • 📋 Batch task management: create task queues, add multiple tasks, and execute them sequentially
  • 🎭 Role-based testing: predefined security testing roles (Penetration Testing, CTF, Web App Scanning, etc.) with custom prompts and tool restrictions
  • 🔀 Graph orchestration: visual workflow editor (Start / Agent / Tool / Condition / HITL / Output) with {{previous.output}} and {{outputs.variable_name}} for inter-node data passing; bind a graph to a role for automatic execution on chat. See Graph orchestration guide
  • 🧩 Agent orchestration (CloudWeGo Eino): single-agent via /api/eino-agent/stream (Eino ADK ChatModelAgent); multi-agent via /api/multi-agent/stream with deep (coordinator + task sub-agents), plan_execute, or supervisor (orchestration in the request body). ADK summarization compresses long contexts; pre-compaction transcripts land at data/conversation_artifacts/<conversation-id>/summarization/transcript.txt (full user/assistant/tool turns; static system omitted). Markdown under agents/: orchestrator.md, orchestrator-plan-execute.md, orchestrator-supervisor.md, plus sub-agent *.md (see Multi-agent doc)
  • 🖼️ Vision analysis (analyze_image): separate VL model (e.g. qwen-vl-max) via MCP for local screenshots, captchas, and UI; image bytes stay out of agent history (text summaries only). Configure vision in config.yaml; see docs/VISION.md
  • 🎯 Skills (refactored for Eino): packs under skills_dir follow Agent Skills layout (SKILL.md + optional files); multi-agent sessions use the official Eino ADK skill tool for progressive disclosure (load by name), with optional host filesystem / shell via multi_agent.eino_skills; optional eino_middleware adds patchtoolcalls, tool_search, plantask (TaskCreate / TaskList boards under skills_dir/.eino/plantask/), reduction, file checkpoints (checkpoint_dir), ChatModel retries, session output key, and Deep tuning—20+ sample domains (SQLi, XSS, API security, …) ship under skills/
  • 📱 Chatbot: DingTalk and Lark (Feishu) long-lived connections so you can talk to CyberStrikeAI from mobile (see Robot / Chatbot guide for setup and commands)
  • 🧑‍⚖️ Human-in-the-loop (HITL): Chat sidebar to set approval mode and tool allowlists (listed tools skip approval); global list in config.yaml under hitl.tool_whitelist; Apply can merge new tools into the file and update the running server without restart; dedicated HITL page for pending approvals
  • 🐚 WebShell management: Add and manage WebShell connections (e.g. IceSword/AntSword compatible), use a virtual terminal for command execution, a built-in file manager for file operations, and an AI assistant tab that orchestrates tests and keeps per-connection conversation history; supports PHP, ASP, ASPX, JSP and custom shell types with configurable request method and command parameter.
  • 📡 Built-in C2: AI-oriented lightweight command-and-control—listeners (TCP reverse, HTTP/HTTPS beacon, WebSocket), encrypted beacon channel, session and task queues with persistence, payload helpers (one-liner / build / download), SSE live events, REST under /api/c2/*, plus unified MCP tools (c2_listener, c2_session, c2_task, c2_task_manage, c2_payload, c2_event, c2_profile, c2_file); optional HITL approval for sensitive operations and OPSEC-style controls (e.g. command deny rules). Authorized testing only.

Plugins

CyberStrikeAI includes optional integrations under plugins/.

  • Burp Suite extension: plugins/burp-suite/cyberstrikeai-burp-extension/
    Build output: plugins/burp-suite/cyberstrikeai-burp-extension/dist/cyberstrikeai-burp-extension.jar
    Docs: plugins/burp-suite/cyberstrikeai-burp-extension/README.md

Tool Overview

CyberStrikeAI ships with 100+ curated tools covering the whole kill chain:

  • Network Scanners – nmap, masscan, rustscan, arp-scan, nbtscan
  • Web & App Scanners – sqlmap, nikto, dirb, gobuster, feroxbuster, ffuf, httpx
  • Vulnerability Scanners – nuclei, wpscan, wafw00f, dalfox, xsser
  • Subdomain Enumeration – subfinder, amass, findomain, dnsenum, fierce
  • Network Space Search Engines – fofa_search, zoomeye_search
  • API Security – graphql-scanner, arjun, api-fuzzer, api-schema-analyzer
  • Container Security – trivy, clair, docker-bench-security, kube-bench, kube-hunter
  • Cloud Security – prowler, scout-suite, cloudmapper, pacu, terrascan, checkov
  • Binary Analysis – gdb, radare2, ghidra, objdump, strings, binwalk
  • Exploitation – metasploit, msfvenom, pwntools, ropper, ropgadget
  • Password Cracking – hashcat, john, hashpump
  • Forensics – volatility, volatility3, foremost, steghide, exiftool
  • Post-Exploitation – linpeas, winpeas, mimikatz, bloodhound, impacket, responder
  • CTF Utilities – stegsolve, zsteg, hash-identifier, fcrackzip, pdfcrack, cyberchef
  • System Helpers – exec, create-file, delete-file, list-files, modify-file

Basic Usage

Quick Start (One-Command Deployment)

Prerequisites: - Go 1.21+ (Install) - Python 3.10+ (Install)

One-Command Deployment:

git clone https://github.com/Ed1s0nZ/CyberStrikeAI.git
cd CyberStrikeAI
chmod +x run.sh && ./run.sh

The run.sh script will automatically: - ✅ Check and validate Go & Python environments - ✅ Create Python virtual environment - ✅ Install Python dependencies - ✅ Download Go dependencies - ✅ Build the project - ✅ Start the server

Networking defaults: run.sh starts the server with --https and the repo config.yaml (local self-signed TLS; better for many concurrent streams). Use ./run.sh --http for plain HTTP. In production, set server.tls_cert_path / server.tls_key_path in config.yaml (see comments there). For manual runs, add --https or CYBERSTRIKE_HTTPS=1; if -config is wrong, the binary prints a short usage hint on stderr.

First-Time Configuration: 1. Configure OpenAI-compatible API (required before first use) - After launch, open https://127.0.0.1:8080/ (or https://localhost:8080/; replace 8080 with server.port in config.yaml) and accept the self-signed certificate warning once. If you used ./run.sh --http, use http:// instead. - Go to Settings → Fill in your API credentials: yaml openai: api_key: "sk-your-key" base_url: "https://api.openai.com/v1" # or https://api.deepseek.com/v1 model: "gpt-4o" # or deepseek-chat, claude-3-opus, etc. - Or edit config.yaml directly before launching 2. Login - Use the auto-generated password shown in the console (or set auth.password in config.yaml) 3. Install security tools (optional) - Install tools from tools/ as needed; missing tools are skipped or substituted at runtime. Common examples:

macOS (Homebrew): bash brew install nmap masscan sqlmap nikto gobuster ffuf hydra hashcat nuclei subfinder

Linux (Kali / Debian / Ubuntu): bash sudo apt update sudo apt install -y nmap masscan sqlmap nikto gobuster hydra hashcat john binwalk # On some distros, install ffuf/nuclei/subfinder via go install or upstream docs

See the tools/ directory for the full list; refer to each tool's official docs for install details.

Alternative Launch Methods:

# Direct Go run (set up env yourself); add --https to match run.sh defaults
go run cmd/server/main.go --https

# Manual build
go build -o cyberstrike-ai cmd/server/main.go
./cyberstrike-ai --https

If server logs show client sent an HTTP request to an HTTPS server, a client is still using http:// on a TLS-only port—switch the URL to https://.

Note: The Python virtual environment (venv/) is automatically created and managed by run.sh. Tools that require Python (like api-fuzzer, http-framework-test, etc.) will automatically use this environment.

Version Update (No Breaking Changes)

CyberStrikeAI one-click upgrade (recommended): 1. (First time) enable the script: chmod +x upgrade.sh 2. Upgrade with: ./upgrade.sh (optional flags: --tag vX.Y.Z, --no-venv, --yes). Local tools/, roles/, and skills/ are always preserved. 3. The script will back up your config.yaml and data/, upgrade the code from GitHub Release, update config.yaml's version, then restart the server.

Recommended one-liner: chmod +x upgrade.sh && ./upgrade.sh --yes

If something goes wrong, you can restore from .upgrade-backup/ (or manually copy /data and config.yaml back) and run

Extension points exported contracts — how you extend this code

RetrieverUpdater (Interface)
RetrieverUpdater 检索器更新接口 [6 implementers]
internal/handler/config.go
Listener (Interface)
Listener 监听器抽象:每种传输方式(TCP/HTTP/HTTPS/WS/DNS)都实现此接口; Manager 不感知具体实现细节,通过 ListenerRegistry 工厂创建。 [3 implementers]
internal/c2/listener.go
DocumentReranker (Interface)
DocumentReranker 精排(HTTP dashscope / Cohere 兼容 API),由 [WireRetrieverPipeline] 注入。 [2 implementers]
internal/knowledge/retrieval_postprocess.go
ExternalMCPClient (Interface)
ExternalMCPClient 外部 MCP 客户端接口(由 client_sdk.go 基于官方 SDK 实现) [2 implementers]
internal/mcp/types.go
MessageHandler (Interface)
MessageHandler 供飞书/钉钉长连接调用的消息处理接口(由 handler.RobotHandler 实现) [1 implementers]
internal/robot/conn.go
TokenCounter (Interface)
TokenCounter 估算文本 token 数(tiktoken;模型未知时回退 cl100k_base)。 [1 implementers]
internal/agent/token_counter.go
ToolOutputCallback (FuncType)
ToolOutputCallback 用于在工具执行过程中把 stdout/stderr 增量推给上层(SSE)。 通过 context 传递,避免修改 MCP ToolHandler 签名导致的“写死工具”问题。
internal/security/executor.go
ExecutionRecorder (FuncType)
ExecutionRecorder 可选,在 MCP 工具成功返回且带有 execution id 时回调(用于汇总 mcpExecutionIds)。 toolCallID 来自 Eino compose.GetToolCallID,用于
internal/einomcp/mcp_tools.go

Core symbols most depended-on inside this repo

String
called by 865
internal/mcp/types.go
Error
called by 758
internal/handler/webshell.go
escapeHtml
called by 588
web/static/js/c2.js
Error
called by 357
internal/c2/types.go
Fatal
called by 337
internal/logger/logger.go
c2t
called by 295
web/static/js/c2.js
Exec
called by 272
internal/handler/webshell.go
apiFetch
called by 271
web/static/js/auth.js

Shape

Function 3,327
Method 1,393
Struct 503
Interface 21
FuncType 15
TypeAlias 15
Class 12
Enum 1

Languages

Go62%
TypeScript36%
Java2%
Python1%

Modules by API surface

web/static/js/chat.js301 symbols
web/static/js/monitor.js197 symbols
web/static/js/webshell.js171 symbols
web/static/js/projects.js150 symbols
internal/config/config.go111 symbols
internal/handler/config.go94 symbols
web/static/js/vulnerability.js93 symbols
web/static/js/dashboard.js90 symbols
web/static/js/hitl.js89 symbols
web/static/js/tasks.js83 symbols
web/static/js/settings.js78 symbols
internal/handler/agent.go78 symbols

Dependencies from manifests, versioned

github.com/bahlo/generic-list-gov0.2.0 · 1×
github.com/bmatcuk/doublestar/v4v4.10.0 · 1×
github.com/bytedance/gopkgv0.1.3 · 1×
github.com/bytedance/sonicv1.15.0 · 1×
github.com/bytedance/sonic/loaderv0.5.0 · 1×
github.com/cloudwego/base64xv0.1.6 · 1×
github.com/cloudwego/eino-ext/adk/backend/localv0.0.0-2026041608105 · 1×
github.com/cloudwego/eino-ext/components/document/loader/filev0.0.0-2026042701045 · 1×
github.com/cloudwego/eino-ext/components/document/transformer/splitter/markdownv0.0.0-2026042701045 · 1×

Datastores touched

(mysql)Database · 1 repos

For agents

$ claude mcp add CyberStrikeAI \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact