AI 기반 모의해킹 도구 'HexStrike AI' 소개

AI의 발전은 IT쪽에 확실히 직접적으로 영향을 미치는 듯하다

그래서 개발쪽 뿐만 아니라 모의해킹도 역시 아주 강력한 AI도구가 2025년에 등장했다

https://www.hexstrike.com/

HexStrike AI - Revolutionary AI-Powered Offensive Security Framework

헥스 스트라이크는 필요에 따라 상황에 맞춰서 150개가 넘는 모의해킹 도구를 호출/사용해서 진단을 반자동화 할 수 있다

이렇게 많은 도구를 사용할 수 있는것은

AI agent가 사용할 도구의 프로토콜이 MCP로 표준화가 된 덕분에 바로 호출해서 사용할 수 있게되었다.

 

모의해킹 업무를 할 때 흔히 사용하는 Nmap, Gobuster, Sqlmap, GDB, Ghidra, IDA 등등을 포함해서

웬만한 모의해커들도 들어보지도 못한 그런 도구들이 엄청나게 많다 

 

아래는 사용하는 도구들 목록인데 정말 엄청나다...

150+ Professional Security Tools:

🔍 Network Reconnaissance & Scanning (25+ Tools)

• Nmap - Advanced port scanning with custom NSE scripts and service detection
• Rustscan - Ultra-fast port scanner with intelligent rate limiting
• Masscan - High-speed Internet-scale port scanning with banner grabbing
• AutoRecon - Comprehensive automated reconnaissance with 35+ parameters
• Amass - Advanced subdomain enumeration and OSINT gathering
• Subfinder - Fast passive subdomain discovery with multiple sources
• Fierce - DNS reconnaissance and zone transfer testing
• DNSEnum - DNS information gathering and subdomain brute forcing
• TheHarvester - Email and subdomain harvesting from multiple sources
• ARP-Scan - Network discovery using ARP requests
• NBTScan - NetBIOS name scanning and enumeration
• RPCClient - RPC enumeration and null session testing
• Enum4linux - SMB enumeration with user, group, and share discovery
• Enum4linux-ng - Advanced SMB enumeration with enhanced logging
• SMBMap - SMB share enumeration and exploitation
• Responder - LLMNR, NBT-NS and MDNS poisoner for credential harvesting
• NetExec - Network service exploitation framework (formerly CrackMapExec)

🌐 Web Application Security Testing (40+ Tools)

• Gobuster - Directory, file, and DNS enumeration with intelligent wordlists
• Dirsearch - Advanced directory and file discovery with enhanced logging
• Feroxbuster - Recursive content discovery with intelligent filtering
• FFuf - Fast web fuzzer with advanced filtering and parameter discovery
• Dirb - Comprehensive web content scanner with recursive scanning
• HTTPx - Fast HTTP probing and technology detection
• Katana - Next-generation crawling and spidering with JavaScript support
• Hakrawler - Fast web endpoint discovery and crawling
• Gau - Get All URLs from multiple sources (Wayback, Common Crawl, etc.)
• Waybackurls - Historical URL discovery from Wayback Machine
• Nuclei - Fast vulnerability scanner with 4000+ templates
• Nikto - Web server vulnerability scanner with comprehensive checks
• SQLMap - Advanced automatic SQL injection testing with tamper scripts
• WPScan - WordPress security scanner with vulnerability database
• Arjun - HTTP parameter discovery with intelligent fuzzing
• ParamSpider - Parameter mining from web archives
• X8 - Hidden parameter discovery with advanced techniques
• Jaeles - Advanced vulnerability scanning with custom signatures
• Dalfox - Advanced XSS vulnerability scanning with DOM analysis
• Wafw00f - Web application firewall fingerprinting
• TestSSL - SSL/TLS configuration testing and vulnerability assessment
• SSLScan - SSL/TLS cipher suite enumeration
• SSLyze - Fast and comprehensive SSL/TLS configuration analyzer
• Anew - Append new lines to files for efficient data processing
• QSReplace - Query string parameter replacement for systematic testing
• Uro - URL filtering and deduplication for efficient testing
• Whatweb - Web technology identification with fingerprinting
• JWT-Tool - JSON Web Token testing with algorithm confusion
• GraphQL-Voyager - GraphQL schema exploration and introspection testing
• Burp Suite Extensions - Custom extensions for advanced web testing
• ZAP Proxy - OWASP ZAP integration for automated security scanning
• Wfuzz - Web application fuzzer with advanced payload generation
• Commix - Command injection exploitation tool with automated detection
• NoSQLMap - NoSQL injection testing for MongoDB, CouchDB, etc.
• Tplmap - Server-side template injection exploitation tool

🌐 Advanced Browser Agent:

• Headless Chrome Automation - Full Chrome browser automation with Selenium
• Screenshot Capture - Automated screenshot generation for visual inspection
• DOM Analysis - Deep DOM tree analysis and JavaScript execution monitoring
• Network Traffic Monitoring - Real-time network request/response logging
• Security Header Analysis - Comprehensive security header validation
• Form Detection & Analysis - Automatic form discovery and input field analysis
• JavaScript Execution - Dynamic content analysis with full JavaScript support
• Proxy Integration - Seamless integration with Burp Suite and other proxies
• Multi-page Crawling - Intelligent web application spidering and mapping
• Performance Metrics - Page load times, resource usage, and optimization insights

🔐 Authentication & Password Security (12+ Tools)

• Hydra - Network login cracker supporting 50+ protocols
• John the Ripper - Advanced password hash cracking with custom rules
• Hashcat - World's fastest password recovery tool with GPU acceleration
• Medusa - Speedy, parallel, modular login brute-forcer
• Patator - Multi-purpose brute-forcer with advanced modules
• NetExec - Swiss army knife for pentesting networks
• SMBMap - SMB share enumeration and exploitation tool
• Evil-WinRM - Windows Remote Management shell with PowerShell integration
• Hash-Identifier - Hash type identification tool
• HashID - Advanced hash algorithm identifier with confidence scoring
• CrackStation - Online hash lookup integration
• Ophcrack - Windows password cracker using rainbow tables

🔬 Binary Analysis & Reverse Engineering (25+ Tools)

• GDB - GNU Debugger with Python scripting and exploit development support
• GDB-PEDA - Python Exploit Development Assistance for GDB
• GDB-GEF - GDB Enhanced Features for exploit development
• Radare2 - Advanced reverse engineering framework with comprehensive analysis
• Ghidra - NSA's software reverse engineering suite with headless analysis
• IDA Free - Interactive disassembler with advanced analysis capabilities
• Binary Ninja - Commercial reverse engineering platform
• Binwalk - Firmware analysis and extraction tool with recursive extraction
• ROPgadget - ROP/JOP gadget finder with advanced search capabilities
• Ropper - ROP gadget finder and exploit development tool
• One-Gadget - Find one-shot RCE gadgets in libc
• Checksec - Binary security property checker with comprehensive analysis
• Strings - Extract printable strings from binaries with filtering
• Objdump - Display object file information with Intel syntax
• Readelf - ELF file analyzer with detailed header information
• XXD - Hex dump utility with advanced formatting
• Hexdump - Hex viewer and editor with customizable output
• Pwntools - CTF framework and exploit development library
• Angr - Binary analysis platform with symbolic execution
• Libc-Database - Libc identification and offset lookup tool
• Pwninit - Automate binary exploitation setup
• Volatility - Advanced memory forensics framework
• MSFVenom - Metasploit payload generator with advanced encoding
• UPX - Executable packer/unpacker for binary analysis

☁️ Cloud & Container Security (20+ Tools)

• Prowler - AWS/Azure/GCP security assessment with compliance checks
• Scout Suite - Multi-cloud security auditing for AWS, Azure, GCP, Alibaba Cloud
• CloudMapper - AWS network visualization and security analysis
• Pacu - AWS exploitation framework with comprehensive modules
• Trivy - Comprehensive vulnerability scanner for containers and IaC
• Clair - Container vulnerability analysis with detailed CVE reporting
• Kube-Hunter - Kubernetes penetration testing with active/passive modes
• Kube-Bench - CIS Kubernetes benchmark checker with remediation
• Docker Bench Security - Docker security assessment following CIS benchmarks
• Falco - Runtime security monitoring for containers and Kubernetes
• Checkov - Infrastructure as code security scanning
• Terrascan - Infrastructure security scanner with policy-as-code
• CloudSploit - Cloud security scanning and monitoring
• AWS CLI - Amazon Web Services command line with security operations
• Azure CLI - Microsoft Azure command line with security assessment
• GCloud - Google Cloud Platform command line with security tools
• Kubectl - Kubernetes command line with security context analysis
• Helm - Kubernetes package manager with security scanning
• Istio - Service mesh security analysis and configuration assessment
• OPA - Policy engine for cloud-native security and compliance

🏆 CTF & Forensics Tools (20+ Tools)

• Volatility - Advanced memory forensics framework with comprehensive plugins
• Volatility3 - Next-generation memory forensics with enhanced analysis
• Foremost - File carving and data recovery with signature-based detection
• PhotoRec - File recovery software with advanced carving capabilities
• TestDisk - Disk partition recovery and repair tool
• Steghide - Steganography detection and extraction with password support
• Stegsolve - Steganography analysis tool with visual inspection
• Zsteg - PNG/BMP steganography detection tool
• Outguess - Universal steganographic tool for JPEG images
• ExifTool - Metadata reader/writer for various file formats
• Binwalk - Firmware analysis and reverse engineering with extraction
• Scalpel - File carving tool with configurable headers and footers
• Bulk Extractor - Digital forensics tool for extracting features
• Autopsy - Digital forensics platform with timeline analysis
• Sleuth Kit - Collection of command-line digital forensics tools

Cryptography & Hash Analysis:

• John the Ripper - Password cracker with custom rules and advanced modes
• Hashcat - GPU-accelerated password recovery with 300+ hash types
• Hash-Identifier - Hash type identification with confidence scoring
• CyberChef - Web-based analysis toolkit for encoding and encryption
• Cipher-Identifier - Automatic cipher type detection and analysis
• Frequency-Analysis - Statistical cryptanalysis for substitution ciphers
• RSATool - RSA key analysis and common attack implementations
• FactorDB - Integer factorization database for cryptographic challenges

🔥 Bug Bounty & OSINT Arsenal (20+ Tools)

• Amass - Advanced subdomain enumeration and OSINT gathering
• Subfinder - Fast passive subdomain discovery with API integration
• Hakrawler - Fast web endpoint discovery and crawling
• HTTPx - Fast and multi-purpose HTTP toolkit with technology detection
• ParamSpider - Mining parameters from web archives
• Aquatone - Visual inspection of websites across hosts
• Subjack - Subdomain takeover vulnerability checker
• DNSEnum - DNS enumeration script with zone transfer capabilities
• Fierce - Domain scanner for locating targets with DNS analysis
• TheHarvester - Email and subdomain harvesting from multiple sources
• Sherlock - Username investigation across 400+ social networks
• Social-Analyzer - Social media analysis and OSINT gathering
• Recon-ng - Web reconnaissance framework with modular architecture
• Maltego - Link analysis and data mining for OSINT investigations
• SpiderFoot - OSINT automation with 200+ modules
• Shodan - Internet-connected device search with advanced filtering
• Censys - Internet asset discovery with certificate analysis
• Have I Been Pwned - Breach data analysis and credential exposure
• Pipl - People search engine integration for identity investigation
• TruffleHog - Git repository secret scanning with entropy analysis

 

 

 

모의해킹 분야에도 AI의 활용은 엄청나게 큰 변화를 줄 것 같다.

실제로 웹 프록시인 Burpsuite와 AI를 통합한 익스텐션도 등장하였고 이미 정말 많은 부분이 자동화 되었다

https://burp-ai-agent.six2dez.com/

Overview | burp-ai-agent

 

그리고 이런 AI를 활용한 침투 테스트 연구 또한 계속해서 활발하게 진행되고 있고...

https://medium.com/@1200km/ai-assisted-web-and-cloud-penetration-testing-with-cursor-mcp-hexstrike-and-burp-suite-mcp-01c02eed5258

AI-Assisted Web and Cloud Penetration Testing with Cursor + MCP HexStrike and Burp Suite MCP.

 

2025년은 대 AI 시대였다.

그에 따른 AI/반도체 주식도 엄청 많이 폭등했다

지금도 정말 많은 부분들이 거의 자동화가 되고 그 성능은 기존에 사용되던

자동화 스캐너들과는 정말 비교도할 수 없을 만큼 성능이 뛰어나다

 

개인적인 생각으로는 AI의 발전이 향후 몇년간은 점점 가속화될 것같다.

오픈소스로 다양한 AI도구들이 공개되고 또 그것들을 다른 사람들이 더 나은 방향으로 발전시키고...

 

어쩌면 지금도 나를 포함한 웬만한 사람보다 더 나은 결과를 도출해낼 것 같다