Security News

Cybersecurity news aggregator

đź“°
LOW News Reddit r/netsec

I let Claude Code with 150+ offensive security MCP tools loose on my homelab

aipentestautomationoffensive-security
  • What: An offensive security engineer experimented with using AI to automate penetration testing in a homelab environment.
  • Impact: Explores the potential and limitations of AI in offensive security tooling.
Read Full Article →

Letting AI Loose in My Homelab Feb 10, 2026 • 10 min read Welcome to Cred Relay. I’m Jeff, an OSCP, CRTO certified offensive security engineer. This issue: I let Claude Code loose on my homelab and it lied to me about getting root. I also had my AI assistant build 9 tools in one night while I watched. I have a few VMs in my homelab and one of them is an Ubuntu VM called archives that I run containers from. Well I forgot the root password to it but instead of being frustrated I thought that it would be the perfect target. Hexstrike-AIis a project with 150+ MCP servers for offensive security tooling. Mostly the stuff that is included with Kali Linux. Its purpose is for “automated” pen testing, vuln research and bug bounty hunting. As a pentester, I wanted to see if I would still have a job next year so I decided to give it a go. I spun up a Kali VM with Hexstrike, pointed Claude Code at it from WSL2. Getting WSL2 to talk to VMware was annoying. I documented the full setuphereand submitted aPRto Hexstrike since it was more painful than expected. I gave Claude a standard user cred and told it to nmap. So it fired up Hexstrike. Claude nmapping with Hexstrike-AI. It was slow. But it’s nmap, so it’s expected. Then it saw that ssh was open and logged in. It was here that I was interested if Claude had been trained on any privilege escalation. And maybe it had been but it didn’t need it. Masterful priv esc. Turns out my standard user had full sudo privileges (sudo -l), so root was trivial. I had it try other escalation paths on its own and the results were underwhelming. It didn't think to use LinPEAS until I pointed it there, though it caught a path or two without it. Priv esc paths. I saw the LXD bug and told Claude to pop it. It failed totally. I was curious to see if it was actually vulnerable, so I ssh’d in and was able to exploit it easily and confirmed the vulnerability. I’m not sure why it had trouble with it, but I don’t think it would have gotten there without a human-in-the-loop. I wanted to move to something else and I have DVWA running on this Ubuntu host. So I pointed Claude at it. Claude using Hexstrike AI with DVWA. It performed much better against DVWA. It definitely had been trained on it. I told it to “recon and compromise” and it did the rest. Claude methodically went through and began ticking off the critical vulns.

Related Articles

INFO Our first pentest on a 100% Vibe coded application : analysis & feedback Reddit r/netsec INFO Keynote | Red Team | Offensive Security Meets Vibe Coding SANS Institute INFO What Security Teams Need to Know About OpenClaw, the AI Super Agent CrowdStrike INFO Terraform MCP server updates: Stacks support, new tools, and tips HashiCorp Blog
Read Full Article → ← Back to News

Share this article

Twitter Facebook LinkedIn