Is Nyxstrike safe to use?

Nyxstrike has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.

How do I install Nyxstrike?

Nyxstrike can be installed by cloning its GitHub repository and following the setup instructions in the README.

What AI clients work with Nyxstrike?

Nyxstrike is compatible with Claude Desktop, Cursor, Claude Code, and most MCP clients that support stdio transport. It uses stdio and sse and http transport.

Is Nyxstrike actively maintained?

Nyxstrike is actively maintained — last commit was 0 days ago. It has 69 GitHub stars.

Nyxstrike

Name: Nyxstrike
Author: CommonHuman-Lab

by CommonHuman-Lab

AI Powered penetration testing Platform for offensive security research

69 0 tools GitHub

No known CVEs

No license

Actively maintained

Last commit 0d ago

Untested

Transport: stdio, sse, http

0 tools

Grade F

Data

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Untested on Claude Desktopstdio, sse, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "nyxstrike": {
      "command": "<see-readme>",
      "args": []
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/nyxstrike)](https://mcppedia.org/s/nyxstrike)

Read me

What Nyxstrike does

⭐ If NyxStrike improves your workflow, consider starring the repo — it helps others discover it.

Test This Server

This server supports HTTP transport. Be the first to test it — help the community know if it works.

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

38/100across 5 weighted dimensions

How we score →

0255075100

−62

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Nyxstrike safe to use?: Nyxstrike has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install Nyxstrike?: Nyxstrike can be installed by cloning its GitHub repository and following the setup instructions in the README.
What AI clients work with Nyxstrike?: Nyxstrike is compatible with Claude Desktop, Cursor, Claude Code, and most MCP clients that support stdio transport. It uses stdio and sse and http transport.
Is Nyxstrike actively maintained?: Nyxstrike is actively maintained — last commit was 0 days ago. It has 69 GitHub stars.

Similar servers

Others in data

View all →

Supabase MCP Server96

Manage Supabase projects — databases, auth, storage, and edge functions

2.6k 4

PostgreSQL MCP Server96

Query and manage PostgreSQL databases directly from AI assistants

84.5k 1

Toolsdk Mcp Registry95

MCPSDK.dev(ToolSDK.ai)'s Awesome MCP Servers and Packages Registry and Database with Structured JSON configurations. Supports OAuth2.1, DCR...

169 1

Mac_messages_mcp95

An MCP server that securely interfaces with your iMessage database via the Model Context Protocol (MCP), allowing LLMs to query and analyze iMessage conversations. It includes robust phone number validation, attachment processing, contact management, group chat handling, and full support for sending and receiving messages.

272 4

MCP Security Weekly

Get CVE alerts and security updates for Nyxstrike and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Data

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Untested on Claude Desktopstdio, sse, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "nyxstrike": {
      "command": "<see-readme>",
      "args": []
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/nyxstrike)](https://mcppedia.org/s/nyxstrike)

Read me

What Nyxstrike does

⭐ If NyxStrike improves your workflow, consider starring the repo — it helps others discover it.

Test This Server

This server supports HTTP transport. Be the first to test it — help the community know if it works.

README

NyxStrike

Previously: Hexstrike AI Community Edition

AI-powered offensive security orchestration engine

⚡ From target → recon → exploit chain in minutes

⭐ If NyxStrike improves your workflow, consider starring the repo — it helps others discover it.

What is NyxStrike?

NyxStrike connects LLM agents to real offensive security tools and executes full attack chains — from recon to exploitation.

🚀 Quick Start (Installation)

Get a full offensive security environment running in minutes.

git clone https://github.com/CommonHuman-Lab/nyxstrike.git
cd nyxstrike

./nyxstrike.sh -a               # Setup + start server
./nyxstrike.sh -a -ai           # + local AI model (~8.4 GB RAM)
./nyxstrike.sh -a -ai-small     # + smaller AI model (~2.5 GB RAM)

Full flag reference: Wiki — Installation & Flags

Verify Setup

Open http://localhost:8888 to access the dashboard.

Some tools (e.g. nmap, masscan) require elevated privileges for specific scan modes. Use a dedicated test VM and least-privilege setup where possible.

🔌 AI Agent Integrations (MCP)

Connect NyxStrike to any MCP-compatible AI client — OpenCode, Cursor, Claude Desktop, VS Code Copilot, Roo Code, and more.

Universal MCP Command

/path/to/nyxstrike/nyxstrike-env/bin/python3 \
  /path/to/nyxstrike/nyxstrike_mcp.py \
  --server http://127.0.0.1:8888 \
  --profile full

OpenCode

{
  "$schema": "https://opencode.ai/config.json",
  "mcp": {
    "nyxstrike": {
      "type": "local",
      "command": [
        "/path/to/nyxstrike/nyxstrike-env/bin/python3",
        "/path/to/nyxstrike/nyxstrike_mcp.py",
        "--server",
        "http://127.0.0.1:8888",
        "--profile",
        "full"
      ],
      "enabled": true
    }
  }
}

Config snippets for Claude Desktop, Cursor, VS Code Copilot, and security options: Wiki — MCP Setup

🔧 Features

NyxStrike does not just run tools — it orchestrates full attack chains using AI decision-making.

AI agents that chain tools automatically
185+ offensive security tools, all agent-controllable
Full attack workflow: recon → enumeration → exploitation → reporting
Modular tool registry — add or remove tools without touching agent logic
MCP-compatible — plug into any AI client you already use
Real-time session dashboard with live command output and logs

Full feature breakdown · Session & workbench docs

🧰 Tool Arsenal

185+ offensive security tools across 12 categories — all dynamically orchestrated by AI agents in real time.

Network reconnaissance
Web exploitation
Wireless security
OSINT & intelligence gathering
Password attacks
Cloud & API security

Full tool list by category

⚠️ Security Considerations

NyxStrike gives AI agents direct access to offensive security tooling.

Run only in isolated environments or dedicated security testing VMs
AI agents may execute real commands — maintain operator oversight
Monitor activity via dashboard and logs in real time
Use NYXSTRIKE_API_TOKEN for any non-local deployment

Legal

... View full README on GitHub

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

38/100across 5 weighted dimensions

How we score →

0255075100

−62

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Nyxstrike safe to use?: Nyxstrike has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install Nyxstrike?: Nyxstrike can be installed by cloning its GitHub repository and following the setup instructions in the README.
What AI clients work with Nyxstrike?: Nyxstrike is compatible with Claude Desktop, Cursor, Claude Code, and most MCP clients that support stdio transport. It uses stdio and sse and http transport.
Is Nyxstrike actively maintained?: Nyxstrike is actively maintained — last commit was 0 days ago. It has 69 GitHub stars.