Deploy and Host HexStrike MCP on Railway

HexStrike MCP is an AI-powered penetration testing platform that exposes 150+ professional security tools through the Model Context Protocol. It enables AI agents like Claude to autonomously execute reconnaissance, vulnerability scanning, exploit development, and security research tasks against authorized targets.

About Hosting HexStrike MCP

Deploys HexStrike AI v6.0 on a full Kali Linux rolling environment with all security tooling pre-installed. The stack runs two internal services: a Flask API server orchestrating 150+ tools and a supergateway SSE bridge that exposes the MCP interface over HTTP. An nginx reverse proxy sits in front, enforcing Bearer token authentication on all requests. The AUTH_TOKEN is auto-generated on deploy. Clients connect directly via a Railway URL — no local setup required.

Common Use Cases

• Connecting AI agents (Claude, Cursor, VS Code Copilot) to a remote, fully-equipped penetration testing environment
• Automated vulnerability scanning and security auditing on authorized targets
• CTF competition solving and security research with AI assistance

Dependencies for HexStrike MCP Hosting

• Official Kali Linux rolling Docker image with kali-linux-headless metapackage
• HexStrike AI v6.0 (hexstrike_server.py + hexstrike_mcp.py)
• supergateway — stdio MCP to SSE bridge
• nginx — reverse proxy with Bearer token authentication
• Go tools: nuclei, subfinder, httpx, katana, naabu, dalfox, ffuf, and more
• Rust tools: feroxbuster, rustscan, x8
• Python tools: pwntools, angr, mitmproxy, autorecon, prowler, checkov, and more
• Java tools: Ghidra

Deployment Dependencies

• HexStrike AI GitHub Repository
• Kali Linux Official Docker Image
• supergateway — MCP SSE Bridge
• Model Context Protocol Documentation
• Railway Volume Mounts Documentation

Implementation Details

Connect any MCP-compatible AI client to your Railway deployment by adding the SSE URL to your config:

{
  "mcpServers": {
    "hexstrike": {
      "url": "https://YOUR_RAILWAY_URL/sse",
      "headers": {
        "Authorization": "Bearer YOUR_AUTH_TOKEN"
      }
    }
  }
}

Find YOUR_AUTH_TOKEN in the Railway Variables tab after deploy.

Why Deploy HexStrike MCP on Railway?

Railway is a singular platform to deploy your infrastructure stack. Railway will host your infrastructure so you don't have to deal with configuration, while allowing you to vertically and horizontally scale it.

By deploying HexStrike MCP on Railway, you are one step closer to supporting a complete full-stack application with minimal burden. Host your servers, databases, AI agents, and more on Railway.