Download Hugin

Single binary. No dependencies. No account required.

Star on GitHub
macOS
Linux

What's in the box

Community ships the proxy, scanner, intruder, and core tools. Pro adds the offensive bundle. Full comparison.

Scanner

42 active + 40 passive checks. OWASP Top 10. OOB detection across six protocols.

Proxy + intruder

HTTP/1.1, HTTP/2, WebSocket. Match-and-replace, scope filtering, full-speed intruder with Turbo mode.

134 MCP tools

AI agents drive the proxy, scanner, intruder, and decoder directly. One JSON line of config.

Pro extras

Race-condition engine, Synaps WASM modules, Lua extensions, 35 offensive tools, mobile, collaboration.

Quick start

1. Start the proxy

hugin

Starts the MITM proxy on 127.0.0.1:8080 and opens the desktop GUI.

2. Configure your browser

Point your browser or tool at 127.0.0.1:8080 as the HTTP(S) proxy.

Install the CA certificate from http://hugin.local/cert (auto-generated on first run).

3. Browse and test

All traffic flows through Hugin. Use the scanner, repeater, or intruder.

MCP setup

Connect Claude Code, Cursor, or any MCP client to drive Hugin from an AI agent.

{
  "mcpServers": {
    "hugin": {
      "command": "hugin",
      "args": ["mcp"]
    }
  }
}

Add to claude_desktop_config.json or .mcp.json.

Verify downloads

All release binaries are Ed25519 signed. After downloading:

hugin verify hugin-cli-linux-x86_64.tar.gz

See verification instructions for manual verification without trusting the Hugin binary.