CyberStrikeus/CyberStrike v1.1.8

on GitHub

Highlights

Web UI — Browser-Based Offensive Security Dashboard

CyberStrike now ships with a full-featured web UI — a browser-based interface for managing pentests, viewing vulnerabilities, controlling MCP servers and Bolt remote tools, and interacting with AI agents. No desktop app required.

Launch it:

cyberstrike web

This starts CyberStrike with the web UI enabled. Open the URL in any browser — Chrome, Firefox, Safari, even from your phone.

What you get in the Web UI:

• Side Panel with dedicated tabs:

  • Endpoints — discovered API endpoints and attack surface
  • Vulnerabilities — findings with severity, evidence, and HackerOne-format reports
  • MCP Servers — live status (connected / failed / needs auth / disabled), add/remove servers
  • Bolt Servers — remote tool server status, pairing, connect/disconnect
  • Todo — track your testing progress

• Agent color-coded messages with metadata footers showing which model and agent produced each response

• Cross-directory session relay — access sessions started in any project directory

• Zero-config install — bundled in the npm package, auto-installs to ~/.cyberstrike/web/

Secure Remote Access with Cloudflare Tunnel

The real power of the Web UI comes when you combine it with Cloudflare Tunnel. Run CyberStrike on a remote VPS or cloud instance, expose it through a Cloudflare tunnel, and connect from anywhere — your laptop, tablet, or phone.

Why Cloudflare Tunnel?

• No open ports — your server stays completely firewalled, no inbound connections needed
• Free tier — Cloudflare tunnels are free for personal use
• TLS everywhere — all traffic is encrypted end-to-end
• DDoS protection — Cloudflare's network shields your server automatically

How to set it up:

# 1. On your remote server — install and start CyberStrike
npm i -g @cyberstrike-io/cyberstrike@latest
export CYBERSTRIKE_SERVER_PASSWORD="your-secure-password"
cyberstrike web

# 2. On the same server — create a Cloudflare tunnel
cloudflared tunnel --url http://localhost:PORT

# 3. From anywhere — open the tunnel URL in your browser

Authentication & Security:

• HTTP Basic Auth — every request requires username + password
• Password is mandatory for remote access — CyberStrike detects proxy headers and enforces auth automatically
• CORS properly configured — auth headers included on all responses
• SSE event streams authenticated — real-time updates carry auth headers

Or use app.cyberstrike.io:

We host a public instance of the Web UI. Point it at your CyberStrike server URL, enter your password, and you're connected. Your data never touches our infrastructure.

MCP & Bolt Live Management

MCP Servers:

• Live status indicators: connected (green), failed (red), needs auth (red), disabled (gray)
• Add, remove, connect, disconnect MCP servers from the Web UI
• OAuth flow support
• Global persistence — saved to ~/.config/cyberstrike/cyberstrike.json

Bolt Remote Tool Servers:

• Same live status indicators as MCP
• Ed25519 key pairing from the Web UI
• Connect/disconnect without touching the terminal
• Global persistence — same as MCP

Remote Access Fixes

• Fixed CORS headers missing on 401 responses when accessed via Cloudflare tunnel or reverse proxy
• Fixed SSE event stream missing Basic auth headers in browser mode
• Fixed version-check fetch missing auth headers for remote connections

Infrastructure

• npm package now shows full README with badges, architecture diagrams, agent tables, Bolt topology, and MCP ecosystem
• Package homepage updated to cyberstrike.io
• OG social preview image updated to CyberStrike branding
• Beta auto-increment support in publish workflow
• Changelog baseline now uses npm registry instead of GitHub releases

Install or upgrade:

npm i -g @cyberstrike-io/cyberstrike@latest

Full Changelog: v1.1.5...v1.1.8