first commit
This commit is contained in:
@@ -0,0 +1,10 @@
|
||||
# Strix Documentation
|
||||
|
||||
Documentation source files for Strix, powered by [Mintlify](https://mintlify.com).
|
||||
|
||||
## Local Preview
|
||||
|
||||
```bash
|
||||
npm i -g mintlify
|
||||
cd docs && mintlify dev
|
||||
```
|
||||
@@ -0,0 +1,130 @@
|
||||
---
|
||||
title: "Configuration"
|
||||
description: "Environment variables for Strix"
|
||||
---
|
||||
|
||||
Configure Strix using environment variables or a config file.
|
||||
|
||||
## LLM Configuration
|
||||
|
||||
<ParamField path="STRIX_LLM" type="string" required>
|
||||
Model name in LiteLLM format (e.g., `openai/gpt-5.4`, `anthropic/claude-sonnet-4-6`).
|
||||
</ParamField>
|
||||
|
||||
<ParamField path="LLM_API_KEY" type="string">
|
||||
API key for your LLM provider. Not required for local models or cloud provider auth (Vertex AI, AWS Bedrock).
|
||||
</ParamField>
|
||||
|
||||
<ParamField path="LLM_API_BASE" type="string">
|
||||
Custom API base URL. Also accepts `OPENAI_API_BASE`, `LITELLM_BASE_URL`, or `OLLAMA_API_BASE`.
|
||||
</ParamField>
|
||||
|
||||
<ParamField path="LLM_TIMEOUT" default="300" type="integer">
|
||||
Request timeout in seconds for LLM calls.
|
||||
</ParamField>
|
||||
|
||||
<ParamField path="STRIX_LLM_MAX_RETRIES" default="5" type="integer">
|
||||
Maximum number of retries for LLM API calls on transient failures.
|
||||
</ParamField>
|
||||
|
||||
<ParamField path="STRIX_REASONING_EFFORT" default="high" type="string">
|
||||
Control thinking effort for reasoning models. Valid values: `none`, `minimal`, `low`, `medium`, `high`, `xhigh`. Defaults to `medium` for quick scan mode.
|
||||
</ParamField>
|
||||
|
||||
<ParamField path="STRIX_MEMORY_COMPRESSOR_TIMEOUT" default="30" type="integer">
|
||||
Timeout in seconds for memory compression operations (context summarization).
|
||||
</ParamField>
|
||||
|
||||
## Optional Features
|
||||
|
||||
<ParamField path="PERPLEXITY_API_KEY" type="string">
|
||||
API key for Perplexity AI. Enables real-time web search during scans for OSINT and vulnerability research.
|
||||
</ParamField>
|
||||
|
||||
<ParamField path="STRIX_TELEMETRY" default="1" type="string">
|
||||
Telemetry toggle. Set to `0`, `false`, `no`, or `off` to disable telemetry (PostHog, Scarf, OTEL).
|
||||
</ParamField>
|
||||
|
||||
<ParamField path="TRACELOOP_BASE_URL" type="string">
|
||||
OTLP/Traceloop base URL for remote OpenTelemetry export. If unset, Strix keeps traces local only.
|
||||
</ParamField>
|
||||
|
||||
<ParamField path="TRACELOOP_API_KEY" type="string">
|
||||
API key used for remote trace export. Remote export is enabled only when both `TRACELOOP_BASE_URL` and `TRACELOOP_API_KEY` are set.
|
||||
</ParamField>
|
||||
|
||||
<ParamField path="TRACELOOP_HEADERS" type="string">
|
||||
Optional custom OTEL headers (JSON object or `key=value,key2=value2`). Useful for Langfuse or custom/self-hosted OTLP gateways.
|
||||
</ParamField>
|
||||
|
||||
When remote OTEL vars are not set, Strix still writes complete run telemetry locally to:
|
||||
|
||||
```bash
|
||||
strix_runs/<run_name>/events.jsonl
|
||||
```
|
||||
|
||||
When remote vars are set, Strix dual-writes telemetry to both local JSONL and the remote OTEL endpoint.
|
||||
|
||||
## Docker Configuration
|
||||
|
||||
<ParamField path="STRIX_IMAGE" default="ghcr.io/usestrix/strix-sandbox:1.0.0" type="string">
|
||||
Docker image to use for the sandbox container.
|
||||
</ParamField>
|
||||
|
||||
<ParamField path="DOCKER_HOST" type="string">
|
||||
Docker daemon socket path. Use for remote Docker hosts or custom configurations.
|
||||
</ParamField>
|
||||
|
||||
<ParamField path="STRIX_RUNTIME_BACKEND" default="docker" type="string">
|
||||
Runtime backend for the sandbox environment.
|
||||
</ParamField>
|
||||
|
||||
<ParamField path="STRIX_MAX_LOCAL_COPY_MB" default="1024" type="integer">
|
||||
Maximum size (in MB) of a local directory target that Strix will copy into the sandbox file-by-file. Larger targets exit early with a suggestion to use `--mount` instead. Set to `0` to disable the check.
|
||||
</ParamField>
|
||||
|
||||
## Sandbox Configuration
|
||||
|
||||
<ParamField path="STRIX_SANDBOX_EXECUTION_TIMEOUT" default="120" type="integer">
|
||||
Maximum execution time in seconds for sandbox operations.
|
||||
</ParamField>
|
||||
|
||||
<ParamField path="STRIX_SANDBOX_CONNECT_TIMEOUT" default="10" type="integer">
|
||||
Timeout in seconds for connecting to the sandbox container.
|
||||
</ParamField>
|
||||
|
||||
## Config File
|
||||
|
||||
Strix stores configuration in `~/.strix/cli-config.json`. You can also specify a custom config file:
|
||||
|
||||
```bash
|
||||
strix --target ./app --config /path/to/config.json
|
||||
```
|
||||
|
||||
**Config file format:**
|
||||
|
||||
```json
|
||||
{
|
||||
"env": {
|
||||
"STRIX_LLM": "openai/gpt-5.4",
|
||||
"LLM_API_KEY": "sk-...",
|
||||
"STRIX_REASONING_EFFORT": "high"
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
## Example Setup
|
||||
|
||||
```bash
|
||||
# Required
|
||||
export STRIX_LLM="openai/gpt-5.4"
|
||||
export LLM_API_KEY="sk-..."
|
||||
|
||||
# Optional: Enable web search
|
||||
export PERPLEXITY_API_KEY="pplx-..."
|
||||
|
||||
# Optional: Custom timeouts
|
||||
export LLM_TIMEOUT="600"
|
||||
export STRIX_SANDBOX_EXECUTION_TIMEOUT="300"
|
||||
|
||||
```
|
||||
@@ -0,0 +1,136 @@
|
||||
---
|
||||
title: "Skills"
|
||||
description: "Specialized knowledge packages that enhance agent capabilities"
|
||||
---
|
||||
|
||||
Skills are structured knowledge packages that give Strix agents deep expertise in specific vulnerability types, technologies, and testing methodologies.
|
||||
|
||||
## The Idea
|
||||
|
||||
LLMs have broad but shallow security knowledge. They know _about_ SQL injection, but lack the nuanced techniques that experienced pentesters use—parser quirks, bypass methods, validation tricks, and chain attacks.
|
||||
|
||||
Skills inject this deep, specialized knowledge directly into the agent's context, transforming it from a generalist into a specialist for the task at hand.
|
||||
|
||||
## How They Work
|
||||
|
||||
When Strix spawns an agent for a specific task, it selects up to 5 relevant skills based on the context:
|
||||
|
||||
```python
|
||||
# Agent created for JWT testing automatically loads relevant skills
|
||||
create_agent(
|
||||
task="Test authentication mechanisms",
|
||||
skills=["authentication_jwt", "business_logic"]
|
||||
)
|
||||
```
|
||||
|
||||
The skills are injected into the agent's system prompt, giving it access to:
|
||||
|
||||
- **Advanced techniques** — Non-obvious methods beyond standard testing
|
||||
- **Working payloads** — Practical examples with variations
|
||||
- **Validation methods** — How to confirm findings and avoid false positives
|
||||
|
||||
## Skill Categories
|
||||
|
||||
### Vulnerabilities
|
||||
|
||||
Core vulnerability classes with deep exploitation techniques.
|
||||
|
||||
| Skill | Coverage |
|
||||
| ------------------------------------- | ------------------------------------------------------ |
|
||||
| `authentication_jwt` | JWT attacks, algorithm confusion, claim tampering |
|
||||
| `idor` | Object reference attacks, horizontal/vertical access |
|
||||
| `sql_injection` | SQL injection variants, WAF bypasses, blind techniques |
|
||||
| `xss` | XSS types, filter bypasses, DOM exploitation |
|
||||
| `ssrf` | Server-side request forgery, protocol handlers |
|
||||
| `csrf` | Cross-site request forgery, token bypasses |
|
||||
| `xxe` | XML external entities, OOB exfiltration |
|
||||
| `rce` | Remote code execution vectors |
|
||||
| `business_logic` | Logic flaws, state manipulation, race conditions |
|
||||
| `race_conditions` | TOCTOU, parallel request attacks |
|
||||
| `path_traversal_lfi_rfi` | File inclusion, path traversal |
|
||||
| `open_redirect` | Redirect bypasses, URL parsing tricks |
|
||||
| `mass_assignment` | Attribute injection, hidden parameter pollution |
|
||||
| `insecure_file_uploads` | Upload bypasses, extension tricks |
|
||||
| `information_disclosure` | Data leakage, error-based enumeration |
|
||||
| `subdomain_takeover` | Dangling DNS, cloud resource claims |
|
||||
| `broken_function_level_authorization` | Privilege escalation, role bypasses |
|
||||
|
||||
### Frameworks
|
||||
|
||||
Framework-specific testing patterns.
|
||||
|
||||
| Skill | Coverage |
|
||||
| --------- | -------------------------------------------- |
|
||||
| `fastapi` | FastAPI security patterns, Pydantic bypasses |
|
||||
| `nextjs` | Next.js SSR/SSG issues, API route security |
|
||||
|
||||
### Technologies
|
||||
|
||||
Third-party service and platform security.
|
||||
|
||||
| Skill | Coverage |
|
||||
| -------------------- | ---------------------------------- |
|
||||
| `supabase` | Supabase RLS bypasses, auth issues |
|
||||
| `firebase_firestore` | Firestore rules, Firebase auth |
|
||||
|
||||
### Protocols
|
||||
|
||||
Protocol-specific testing techniques.
|
||||
|
||||
| Skill | Coverage |
|
||||
| --------- | ------------------------------------------------ |
|
||||
| `graphql` | GraphQL introspection, batching, resolver issues |
|
||||
|
||||
### Tooling
|
||||
|
||||
Sandbox CLI playbooks for core recon and scanning tools.
|
||||
|
||||
| Skill | Coverage |
|
||||
| ----------- | ------------------------------------------------------- |
|
||||
| `nmap` | Port/service scan syntax and high-signal scan patterns |
|
||||
| `nuclei` | Template selection, severity filtering, and rate tuning |
|
||||
| `httpx` | HTTP probing and fingerprint output patterns |
|
||||
| `ffuf` | Wordlist fuzzing, matcher/filter strategy, recursion |
|
||||
| `subfinder` | Passive subdomain enumeration and source control |
|
||||
| `naabu` | Fast port scanning with explicit rate/verify controls |
|
||||
| `katana` | Crawl depth/JS/known-files behavior and pitfalls |
|
||||
| `sqlmap` | SQLi workflow for enumeration and controlled extraction |
|
||||
|
||||
## Skill Structure
|
||||
|
||||
Each skill is a Markdown file with YAML frontmatter for metadata:
|
||||
|
||||
```markdown
|
||||
---
|
||||
name: skill_name
|
||||
description: Brief description of the skill's coverage
|
||||
---
|
||||
|
||||
# Skill Title
|
||||
|
||||
Key insight about this vulnerability or technique.
|
||||
|
||||
## Attack Surface
|
||||
What this skill covers and where to look.
|
||||
|
||||
## Methodology
|
||||
Step-by-step testing approach.
|
||||
|
||||
## Techniques
|
||||
How to discover and exploit the vulnerability.
|
||||
|
||||
## Bypass Methods
|
||||
How to bypass common protections.
|
||||
|
||||
## Validation
|
||||
How to confirm findings and avoid false positives.
|
||||
```
|
||||
|
||||
## Contributing Skills
|
||||
|
||||
Community contributions are welcome. Create a `.md` file in the appropriate category with YAML frontmatter (`name` and `description` fields). Good skills include:
|
||||
|
||||
1. **Real-world techniques** — Methods that work in practice
|
||||
2. **Practical payloads** — Working examples with variations
|
||||
3. **Validation steps** — How to confirm without false positives
|
||||
4. **Context awareness** — Version/environment-specific behavior
|
||||
@@ -0,0 +1,40 @@
|
||||
---
|
||||
title: "Introduction"
|
||||
description: "Managed security testing without local setup"
|
||||
---
|
||||
|
||||
Skip the setup. Run Strix in the cloud at [app.strix.ai](https://app.strix.ai).
|
||||
|
||||
## Features
|
||||
|
||||
<CardGroup cols={2}>
|
||||
<Card title="No Setup Required" icon="cloud">
|
||||
No Docker, API keys, or local installation needed.
|
||||
</Card>
|
||||
<Card title="Full Reports" icon="file-lines">
|
||||
Detailed findings with remediation guidance.
|
||||
</Card>
|
||||
<Card title="Team Dashboards" icon="users">
|
||||
Track vulnerabilities and fixes over time.
|
||||
</Card>
|
||||
<Card title="GitHub Integration" icon="github">
|
||||
Automatic scans on pull requests.
|
||||
</Card>
|
||||
</CardGroup>
|
||||
|
||||
## What You Get
|
||||
|
||||
- **Penetration test reports** — Validated findings with PoCs
|
||||
- **Shareable dashboards** — Collaborate with your team
|
||||
- **CI/CD integration** — Block risky changes automatically
|
||||
- **Continuous monitoring** — Catch new vulnerabilities quickly
|
||||
|
||||
## Getting Started
|
||||
|
||||
1. Sign up at [app.strix.ai](https://app.strix.ai)
|
||||
2. Connect your repository or enter a target URL
|
||||
3. Launch your first scan
|
||||
|
||||
<Card title="Try Strix Cloud" icon="rocket" href="https://app.strix.ai">
|
||||
Run your first pentest in minutes.
|
||||
</Card>
|
||||
@@ -0,0 +1,96 @@
|
||||
---
|
||||
title: "Contributing"
|
||||
description: "Contribute to Strix development"
|
||||
---
|
||||
|
||||
## Development Setup
|
||||
|
||||
### Prerequisites
|
||||
|
||||
- Python 3.12+
|
||||
- Docker (running)
|
||||
- [uv](https://docs.astral.sh/uv/)
|
||||
- Git
|
||||
|
||||
### Local Development
|
||||
|
||||
<Steps>
|
||||
<Step title="Clone the repository">
|
||||
```bash
|
||||
git clone https://github.com/usestrix/strix.git
|
||||
cd strix
|
||||
```
|
||||
</Step>
|
||||
<Step title="Install dependencies">
|
||||
```bash
|
||||
make setup-dev
|
||||
|
||||
# or manually:
|
||||
uv sync
|
||||
uv run pre-commit install
|
||||
```
|
||||
</Step>
|
||||
<Step title="Configure LLM">
|
||||
```bash
|
||||
export STRIX_LLM="openai/gpt-5.4"
|
||||
export LLM_API_KEY="your-api-key"
|
||||
```
|
||||
</Step>
|
||||
<Step title="Run Strix">
|
||||
```bash
|
||||
uv run strix --target https://example.com
|
||||
```
|
||||
</Step>
|
||||
</Steps>
|
||||
|
||||
## Contributing Skills
|
||||
|
||||
Skills are specialized knowledge packages that enhance agent capabilities. They live in `strix/skills/`
|
||||
|
||||
### Creating a Skill
|
||||
|
||||
1. Choose the right category
|
||||
2. Create a `.md` file with YAML frontmatter (`name` and `description` fields)
|
||||
3. Include practical examples—working payloads, commands, test cases
|
||||
4. Provide validation methods to confirm findings
|
||||
5. Submit via PR
|
||||
|
||||
## Contributing Code
|
||||
|
||||
### Pull Request Process
|
||||
|
||||
1. **Create an issue first** — Describe the problem or feature
|
||||
2. **Fork and branch** — Work from `main`
|
||||
3. **Make changes** — Follow existing code style
|
||||
4. **Write tests** — Ensure coverage for new features
|
||||
5. **Run checks** — `make check-all` should pass
|
||||
6. **Submit PR** — Link to issue and provide context
|
||||
|
||||
### Code Style
|
||||
|
||||
- PEP 8 with 100-character line limit
|
||||
- Type hints for all functions
|
||||
- Docstrings for public methods
|
||||
- Small, focused functions
|
||||
- Meaningful variable names
|
||||
|
||||
## Reporting Issues
|
||||
|
||||
Include:
|
||||
|
||||
- Python version and OS
|
||||
- Strix version (`strix --version`)
|
||||
- LLM being used
|
||||
- Full error traceback
|
||||
- Steps to reproduce
|
||||
|
||||
## Community
|
||||
|
||||
<CardGroup cols={2}>
|
||||
<Card title="Discord" icon="discord" href="https://discord.gg/strix-ai">
|
||||
Join the community for help and discussion.
|
||||
</Card>
|
||||
<Card title="GitHub Issues" icon="github" href="https://github.com/usestrix/strix/issues">
|
||||
Report bugs and request features.
|
||||
</Card>
|
||||
</CardGroup>
|
||||
+130
@@ -0,0 +1,130 @@
|
||||
{
|
||||
"$schema": "https://mintlify.com/docs.json",
|
||||
"theme": "maple",
|
||||
"name": "Strix",
|
||||
"colors": {
|
||||
"primary": "#000000",
|
||||
"light": "#ffffff",
|
||||
"dark": "#000000"
|
||||
},
|
||||
"favicon": "/images/favicon-48.ico",
|
||||
"navigation": {
|
||||
"tabs": [
|
||||
{
|
||||
"tab": "Documentation",
|
||||
"groups": [
|
||||
{
|
||||
"group": "Getting Started",
|
||||
"pages": [
|
||||
"index",
|
||||
"quickstart"
|
||||
]
|
||||
},
|
||||
{
|
||||
"group": "Usage",
|
||||
"pages": [
|
||||
"usage/cli",
|
||||
"usage/scan-modes",
|
||||
"usage/instructions"
|
||||
]
|
||||
},
|
||||
{
|
||||
"group": "LLM Providers",
|
||||
"pages": [
|
||||
"llm-providers/overview",
|
||||
"llm-providers/openai",
|
||||
"llm-providers/anthropic",
|
||||
"llm-providers/openrouter",
|
||||
"llm-providers/vertex",
|
||||
"llm-providers/bedrock",
|
||||
"llm-providers/azure",
|
||||
"llm-providers/novita",
|
||||
"llm-providers/local"
|
||||
]
|
||||
},
|
||||
{
|
||||
"group": "Integrations",
|
||||
"pages": [
|
||||
"integrations/github-actions",
|
||||
"integrations/ci-cd"
|
||||
]
|
||||
},
|
||||
{
|
||||
"group": "Tools",
|
||||
"pages": [
|
||||
"tools/overview",
|
||||
"tools/browser",
|
||||
"tools/proxy",
|
||||
"tools/terminal",
|
||||
"tools/sandbox"
|
||||
]
|
||||
},
|
||||
{
|
||||
"group": "Advanced",
|
||||
"pages": [
|
||||
"advanced/configuration",
|
||||
"advanced/skills",
|
||||
"contributing"
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"tab": "Cloud",
|
||||
"groups": [
|
||||
{
|
||||
"group": "Strix Cloud",
|
||||
"pages": [
|
||||
"cloud/overview"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"global": {
|
||||
"anchors": [
|
||||
{
|
||||
"anchor": "GitHub",
|
||||
"href": "https://github.com/usestrix/strix",
|
||||
"icon": "github"
|
||||
},
|
||||
{
|
||||
"anchor": "Discord",
|
||||
"href": "https://discord.gg/strix-ai",
|
||||
"icon": "discord"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"navbar": {
|
||||
"links": [],
|
||||
"primary": {
|
||||
"type": "button",
|
||||
"label": "Try Strix Cloud",
|
||||
"href": "https://app.strix.ai"
|
||||
}
|
||||
},
|
||||
"footer": {
|
||||
"socials": {
|
||||
"x": "https://x.com/strix_ai",
|
||||
"github": "https://github.com/usestrix",
|
||||
"discord": "https://discord.gg/strix-ai"
|
||||
}
|
||||
},
|
||||
"fonts": {
|
||||
"family": "Geist",
|
||||
"heading": {
|
||||
"family": "Geist"
|
||||
},
|
||||
"body": {
|
||||
"family": "Geist"
|
||||
}
|
||||
},
|
||||
"appearance": {
|
||||
"default": "dark"
|
||||
},
|
||||
"description": "Open-source AI Hackers to secure your Apps",
|
||||
"background": {
|
||||
"decoration": "grid"
|
||||
}
|
||||
}
|
||||
Binary file not shown.
|
After Width: | Height: | Size: 9.4 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 3.7 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 1.6 MiB |
+101
@@ -0,0 +1,101 @@
|
||||
---
|
||||
title: "Introduction"
|
||||
description: "Open-source AI hackers to secure your apps"
|
||||
---
|
||||
|
||||
Strix are autonomous AI agents that act like real hackers—they run your code dynamically, find vulnerabilities, and validate them with proof-of-concepts. Built for developers and security teams who need fast, accurate security testing without the overhead of manual pentesting or the false positives of static analysis tools.
|
||||
|
||||
<Frame>
|
||||
<img src="/images/screenshot.png" alt="Strix Demo" />
|
||||
</Frame>
|
||||
|
||||
<CardGroup cols={2}>
|
||||
<Card title="Quick Start" icon="rocket" href="/quickstart">
|
||||
Install and run your first scan in minutes.
|
||||
</Card>
|
||||
<Card title="CLI Reference" icon="terminal" href="/usage/cli">
|
||||
Learn all command-line options.
|
||||
</Card>
|
||||
<Card title="Tools" icon="wrench" href="/tools/overview">
|
||||
Explore the security testing toolkit.
|
||||
</Card>
|
||||
<Card title="GitHub Actions" icon="github" href="/integrations/github-actions">
|
||||
Integrate into your CI/CD pipeline.
|
||||
</Card>
|
||||
</CardGroup>
|
||||
|
||||
## Use Cases
|
||||
|
||||
- **Application Security Testing** — Detect and validate critical vulnerabilities in your applications
|
||||
- **Rapid Penetration Testing** — Get penetration tests done in hours, not weeks
|
||||
- **Bug Bounty Automation** — Automate research and generate PoCs for faster reporting
|
||||
- **CI/CD Integration** — Block vulnerabilities before they reach production
|
||||
|
||||
## Key Capabilities
|
||||
|
||||
- **Full hacker toolkit** — Browser automation, HTTP proxy, terminal, Python runtime
|
||||
- **Real validation** — PoCs, not false positives
|
||||
- **Multi-agent orchestration** — Specialized agents collaborate on complex targets
|
||||
- **Developer-first CLI** — Interactive TUI or headless mode for automation
|
||||
|
||||
## Security Tools
|
||||
|
||||
Strix agents come equipped with a comprehensive toolkit:
|
||||
|
||||
| Tool | Purpose |
|
||||
|------|---------|
|
||||
| HTTP Proxy | Full request/response manipulation and analysis |
|
||||
| Browser Automation | Multi-tab browser for XSS, CSRF, auth flow testing |
|
||||
| Terminal | Interactive shells for command execution |
|
||||
| Python Runtime | Custom exploit development and validation |
|
||||
| Reconnaissance | Automated OSINT and attack surface mapping |
|
||||
| Code Analysis | Static and dynamic analysis capabilities |
|
||||
|
||||
## Vulnerability Coverage
|
||||
|
||||
| Category | Examples |
|
||||
|----------|----------|
|
||||
| Access Control | IDOR, privilege escalation, auth bypass |
|
||||
| Injection | SQL, NoSQL, command injection |
|
||||
| Server-Side | SSRF, XXE, deserialization |
|
||||
| Client-Side | XSS, prototype pollution, DOM vulnerabilities |
|
||||
| Business Logic | Race conditions, workflow manipulation |
|
||||
| Authentication | JWT vulnerabilities, session management |
|
||||
| Infrastructure | Misconfigurations, exposed services |
|
||||
|
||||
## Multi-Agent Architecture
|
||||
|
||||
Strix uses a graph of specialized agents for comprehensive security testing:
|
||||
|
||||
- **Distributed Workflows** — Specialized agents for different attacks and assets
|
||||
- **Scalable Testing** — Parallel execution for fast comprehensive coverage
|
||||
- **Dynamic Coordination** — Agents collaborate and share discoveries
|
||||
|
||||
## Quick Example
|
||||
|
||||
```bash
|
||||
# Install
|
||||
curl -sSL https://strix.ai/install | bash
|
||||
|
||||
# Configure
|
||||
export STRIX_LLM="openai/gpt-5.4"
|
||||
export LLM_API_KEY="your-api-key"
|
||||
|
||||
# Scan
|
||||
strix --target ./your-app
|
||||
```
|
||||
|
||||
## Community
|
||||
|
||||
<CardGroup cols={2}>
|
||||
<Card title="Discord" icon="discord" href="https://discord.gg/strix-ai">
|
||||
Join the community for help and discussion.
|
||||
</Card>
|
||||
<Card title="GitHub" icon="github" href="https://github.com/usestrix/strix">
|
||||
Star the repo and contribute.
|
||||
</Card>
|
||||
</CardGroup>
|
||||
|
||||
<Warning>
|
||||
Only test applications you own or have explicit permission to test.
|
||||
</Warning>
|
||||
@@ -0,0 +1,90 @@
|
||||
---
|
||||
title: "CI/CD Integration"
|
||||
description: "Run Strix in any CI/CD pipeline"
|
||||
---
|
||||
|
||||
Strix runs in headless mode for automated pipelines.
|
||||
|
||||
## Headless Mode
|
||||
|
||||
Use the `-n` or `--non-interactive` flag:
|
||||
|
||||
```bash
|
||||
strix -n --target ./app --scan-mode quick
|
||||
```
|
||||
|
||||
For pull-request style CI runs, Strix automatically scopes quick scans to changed files. You can force this behavior and set a base ref explicitly:
|
||||
|
||||
```bash
|
||||
strix -n --target ./app --scan-mode quick --scope-mode diff --diff-base origin/main
|
||||
```
|
||||
|
||||
## Exit Codes
|
||||
|
||||
| Code | Meaning |
|
||||
|------|---------|
|
||||
| 0 | No vulnerabilities found |
|
||||
| 1 | Execution error |
|
||||
| 2 | Vulnerabilities found |
|
||||
|
||||
## GitLab CI
|
||||
|
||||
```yaml .gitlab-ci.yml
|
||||
security-scan:
|
||||
image: docker:latest
|
||||
services:
|
||||
- docker:dind
|
||||
variables:
|
||||
STRIX_LLM: $STRIX_LLM
|
||||
LLM_API_KEY: $LLM_API_KEY
|
||||
script:
|
||||
- curl -sSL https://strix.ai/install | bash
|
||||
- strix -n -t ./ --scan-mode quick
|
||||
```
|
||||
|
||||
## Jenkins
|
||||
|
||||
```groovy Jenkinsfile
|
||||
pipeline {
|
||||
agent any
|
||||
environment {
|
||||
STRIX_LLM = credentials('strix-llm')
|
||||
LLM_API_KEY = credentials('llm-api-key')
|
||||
}
|
||||
stages {
|
||||
stage('Security Scan') {
|
||||
steps {
|
||||
sh 'curl -sSL https://strix.ai/install | bash'
|
||||
sh 'strix -n -t ./ --scan-mode quick'
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
## CircleCI
|
||||
|
||||
```yaml .circleci/config.yml
|
||||
version: 2.1
|
||||
jobs:
|
||||
security-scan:
|
||||
docker:
|
||||
- image: cimg/base:current
|
||||
steps:
|
||||
- checkout
|
||||
- setup_remote_docker
|
||||
- run:
|
||||
name: Install Strix
|
||||
command: curl -sSL https://strix.ai/install | bash
|
||||
- run:
|
||||
name: Run Scan
|
||||
command: strix -n -t ./ --scan-mode quick
|
||||
```
|
||||
|
||||
<Note>
|
||||
All CI platforms require Docker access. Ensure your runner has Docker available.
|
||||
</Note>
|
||||
|
||||
<Tip>
|
||||
If diff-scope fails in CI, fetch full git history (for example, `fetch-depth: 0` in GitHub Actions) so merge-base and branch comparison can be resolved.
|
||||
</Tip>
|
||||
@@ -0,0 +1,66 @@
|
||||
---
|
||||
title: "GitHub Actions"
|
||||
description: "Run Strix security scans on every pull request"
|
||||
---
|
||||
|
||||
Integrate Strix into your GitHub workflow to catch vulnerabilities before they reach production.
|
||||
|
||||
## Basic Workflow
|
||||
|
||||
```yaml .github/workflows/security.yml
|
||||
name: Security Scan
|
||||
|
||||
on:
|
||||
pull_request:
|
||||
|
||||
jobs:
|
||||
strix-scan:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
with:
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Install Strix
|
||||
run: curl -sSL https://strix.ai/install | bash
|
||||
|
||||
- name: Run Security Scan
|
||||
env:
|
||||
STRIX_LLM: ${{ secrets.STRIX_LLM }}
|
||||
LLM_API_KEY: ${{ secrets.LLM_API_KEY }}
|
||||
run: strix -n -t ./ --scan-mode quick
|
||||
```
|
||||
|
||||
## Required Secrets
|
||||
|
||||
Add these secrets to your repository:
|
||||
|
||||
| Secret | Description |
|
||||
|--------|-------------|
|
||||
| `STRIX_LLM` | Model name (e.g., `openai/gpt-5.4`) |
|
||||
| `LLM_API_KEY` | API key for your LLM provider |
|
||||
|
||||
## Exit Codes
|
||||
|
||||
The workflow fails when vulnerabilities are found:
|
||||
|
||||
| Code | Result |
|
||||
|------|--------|
|
||||
| 0 | Pass — No vulnerabilities |
|
||||
| 2 | Fail — Vulnerabilities found |
|
||||
|
||||
## Scan Modes for CI
|
||||
|
||||
| Mode | Duration | Use Case |
|
||||
|------|----------|----------|
|
||||
| `quick` | Minutes | Every PR |
|
||||
| `standard` | ~30 min | Nightly builds |
|
||||
| `deep` | 1-4 hours | Release candidates |
|
||||
|
||||
<Tip>
|
||||
Use `quick` mode for PRs to keep feedback fast. Schedule `deep` scans nightly.
|
||||
</Tip>
|
||||
|
||||
<Note>
|
||||
For pull_request workflows, Strix automatically uses changed-files diff-scope in CI/headless runs. If diff resolution fails, ensure full history is fetched (`fetch-depth: 0`) or set `--diff-base`.
|
||||
</Note>
|
||||
@@ -0,0 +1,24 @@
|
||||
---
|
||||
title: "Anthropic"
|
||||
description: "Configure Strix with Claude models"
|
||||
---
|
||||
|
||||
## Setup
|
||||
|
||||
```bash
|
||||
export STRIX_LLM="anthropic/claude-sonnet-4-6"
|
||||
export LLM_API_KEY="sk-ant-..."
|
||||
```
|
||||
|
||||
## Available Models
|
||||
|
||||
| Model | Description |
|
||||
|-------|-------------|
|
||||
| `anthropic/claude-sonnet-4-6` | Best balance of intelligence and speed |
|
||||
| `anthropic/claude-opus-4-6` | Maximum capability for deep analysis |
|
||||
|
||||
## Get API Key
|
||||
|
||||
1. Go to [console.anthropic.com](https://console.anthropic.com)
|
||||
2. Navigate to API Keys
|
||||
3. Create a new key
|
||||
@@ -0,0 +1,37 @@
|
||||
---
|
||||
title: "Azure OpenAI"
|
||||
description: "Configure Strix with OpenAI models via Azure"
|
||||
---
|
||||
|
||||
## Setup
|
||||
|
||||
```bash
|
||||
export STRIX_LLM="azure/your-gpt5-deployment"
|
||||
export AZURE_API_KEY="your-azure-api-key"
|
||||
export AZURE_API_BASE="https://your-resource.openai.azure.com"
|
||||
export AZURE_API_VERSION="2025-11-01-preview"
|
||||
```
|
||||
|
||||
## Configuration
|
||||
|
||||
| Variable | Description |
|
||||
|----------|-------------|
|
||||
| `STRIX_LLM` | `azure/<your-deployment-name>` |
|
||||
| `AZURE_API_KEY` | Your Azure OpenAI API key |
|
||||
| `AZURE_API_BASE` | Your Azure OpenAI endpoint URL |
|
||||
| `AZURE_API_VERSION` | API version (e.g., `2025-11-01-preview`) |
|
||||
|
||||
## Example
|
||||
|
||||
```bash
|
||||
export STRIX_LLM="azure/gpt-5.4-deployment"
|
||||
export AZURE_API_KEY="abc123..."
|
||||
export AZURE_API_BASE="https://mycompany.openai.azure.com"
|
||||
export AZURE_API_VERSION="2025-11-01-preview"
|
||||
```
|
||||
|
||||
## Prerequisites
|
||||
|
||||
1. Create an Azure OpenAI resource
|
||||
2. Deploy a model (e.g., GPT-5.4)
|
||||
3. Get the endpoint URL and API key from the Azure portal
|
||||
@@ -0,0 +1,47 @@
|
||||
---
|
||||
title: "AWS Bedrock"
|
||||
description: "Configure Strix with models via AWS Bedrock"
|
||||
---
|
||||
|
||||
## Setup
|
||||
|
||||
```bash
|
||||
export STRIX_LLM="bedrock/anthropic.claude-4-5-sonnet-20251022-v1:0"
|
||||
```
|
||||
|
||||
No API key required—uses AWS credentials from environment.
|
||||
|
||||
## Authentication
|
||||
|
||||
### Option 1: AWS CLI Profile
|
||||
|
||||
```bash
|
||||
export AWS_PROFILE="your-profile"
|
||||
export AWS_REGION="us-east-1"
|
||||
```
|
||||
|
||||
### Option 2: Access Keys
|
||||
|
||||
```bash
|
||||
export AWS_ACCESS_KEY_ID="AKIA..."
|
||||
export AWS_SECRET_ACCESS_KEY="..."
|
||||
export AWS_REGION="us-east-1"
|
||||
```
|
||||
|
||||
### Option 3: IAM Role (EC2/ECS)
|
||||
|
||||
Automatically uses instance role credentials.
|
||||
|
||||
## Available Models
|
||||
|
||||
| Model | Description |
|
||||
|-------|-------------|
|
||||
| `bedrock/anthropic.claude-4-5-sonnet-20251022-v1:0` | Claude 4.5 Sonnet |
|
||||
| `bedrock/anthropic.claude-4-5-opus-20251022-v1:0` | Claude 4.5 Opus |
|
||||
| `bedrock/anthropic.claude-4-5-haiku-20251022-v1:0` | Claude 4.5 Haiku |
|
||||
| `bedrock/amazon.titan-text-premier-v2:0` | Amazon Titan Premier v2 |
|
||||
|
||||
## Prerequisites
|
||||
|
||||
1. Enable model access in the AWS Bedrock console
|
||||
2. Ensure your IAM role/user has `bedrock:InvokeModel` permission
|
||||
@@ -0,0 +1,56 @@
|
||||
---
|
||||
title: "Local Models"
|
||||
description: "Run Strix with self-hosted LLMs for privacy and air-gapped testing"
|
||||
---
|
||||
|
||||
Running Strix with local models allows for completely offline, privacy-first security assessments. Data never leaves your machine, making this ideal for sensitive internal networks or air-gapped environments.
|
||||
|
||||
## Privacy vs Performance
|
||||
|
||||
| Feature | Local Models | Cloud Models (GPT-5/Claude 4.5) |
|
||||
|---------|--------------|--------------------------------|
|
||||
| **Privacy** | 🔒 Data stays local | Data sent to provider |
|
||||
| **Cost** | Free (hardware only) | Pay-per-token |
|
||||
| **Reasoning** | Lower (struggles with agents) | State-of-the-art |
|
||||
| **Setup** | Complex (GPU required) | Instant |
|
||||
|
||||
<Warning>
|
||||
**Compatibility Note**: Strix relies on advanced agentic capabilities (tool use, multi-step planning, self-correction). Most local models, especially those under 70B parameters, struggle with these complex tasks.
|
||||
|
||||
For critical assessments, we strongly recommend using state-of-the-art cloud models like **Claude 4.5 Sonnet** or **GPT-5**. Use local models only when privacy is the absolute priority.
|
||||
</Warning>
|
||||
|
||||
## Ollama
|
||||
|
||||
[Ollama](https://ollama.ai) is the easiest way to run local models on macOS, Linux, and Windows.
|
||||
|
||||
### Setup
|
||||
|
||||
1. Install Ollama from [ollama.ai](https://ollama.ai)
|
||||
2. Pull a high-performance model:
|
||||
```bash
|
||||
ollama pull qwen3-vl
|
||||
```
|
||||
3. Configure Strix:
|
||||
```bash
|
||||
export STRIX_LLM="ollama/qwen3-vl"
|
||||
export LLM_API_BASE="http://localhost:11434"
|
||||
```
|
||||
|
||||
### Recommended Models
|
||||
|
||||
We recommend these models for the best balance of reasoning and tool use:
|
||||
|
||||
**Recommended models:**
|
||||
- **Qwen3 VL** (`ollama pull qwen3-vl`)
|
||||
- **DeepSeek V3.1** (`ollama pull deepseek-v3.1`)
|
||||
- **Devstral 2** (`ollama pull devstral-2`)
|
||||
|
||||
## LM Studio / OpenAI Compatible
|
||||
|
||||
If you use LM Studio, vLLM, or other runners:
|
||||
|
||||
```bash
|
||||
export STRIX_LLM="openai/local-model"
|
||||
export LLM_API_BASE="http://localhost:1234/v1" # Adjust port as needed
|
||||
```
|
||||
@@ -0,0 +1,35 @@
|
||||
---
|
||||
title: "Novita AI"
|
||||
description: "Configure Strix with Novita AI models"
|
||||
---
|
||||
|
||||
[Novita AI](https://novita.ai) provides fast, cost-efficient inference for open-source models via an OpenAI-compatible API.
|
||||
|
||||
## Setup
|
||||
|
||||
```bash
|
||||
export STRIX_LLM="openai/moonshotai/kimi-k2.5"
|
||||
export LLM_API_KEY="your-novita-api-key"
|
||||
export LLM_API_BASE="https://api.novita.ai/openai"
|
||||
```
|
||||
|
||||
## Available Models
|
||||
|
||||
| Model | Configuration |
|
||||
|-------|---------------|
|
||||
| Kimi K2.5 | `openai/moonshotai/kimi-k2.5` |
|
||||
| GLM-5 | `openai/zai-org/glm-5` |
|
||||
| MiniMax M2.5 | `openai/minimax/minimax-m2.5` |
|
||||
|
||||
## Get API Key
|
||||
|
||||
1. Sign up at [novita.ai](https://novita.ai)
|
||||
2. Navigate to **API Keys** in your dashboard
|
||||
3. Create a new key and copy it
|
||||
|
||||
## Benefits
|
||||
|
||||
- **Cost-efficient** — Competitive pricing with per-token billing
|
||||
- **OpenAI-compatible** — Drop-in replacement using `LLM_API_BASE`
|
||||
- **Large context** — Models support up to 262k token context windows
|
||||
- **Function calling** — All listed models support tool/function calling
|
||||
@@ -0,0 +1,31 @@
|
||||
---
|
||||
title: "OpenAI"
|
||||
description: "Configure Strix with OpenAI models"
|
||||
---
|
||||
|
||||
## Setup
|
||||
|
||||
```bash
|
||||
export STRIX_LLM="openai/gpt-5.4"
|
||||
export LLM_API_KEY="sk-..."
|
||||
```
|
||||
|
||||
## Available Models
|
||||
|
||||
See [OpenAI Models Documentation](https://platform.openai.com/docs/models) for the full list of available models.
|
||||
|
||||
## Get API Key
|
||||
|
||||
1. Go to [platform.openai.com](https://platform.openai.com)
|
||||
2. Navigate to API Keys
|
||||
3. Create a new secret key
|
||||
|
||||
## Custom Base URL
|
||||
|
||||
For OpenAI-compatible APIs:
|
||||
|
||||
```bash
|
||||
export STRIX_LLM="openai/gpt-5.4"
|
||||
export LLM_API_KEY="your-key"
|
||||
export LLM_API_BASE="https://your-proxy.com/v1"
|
||||
```
|
||||
@@ -0,0 +1,37 @@
|
||||
---
|
||||
title: "OpenRouter"
|
||||
description: "Configure Strix with models via OpenRouter"
|
||||
---
|
||||
|
||||
[OpenRouter](https://openrouter.ai) provides access to 100+ models from multiple providers through a single API.
|
||||
|
||||
## Setup
|
||||
|
||||
```bash
|
||||
export STRIX_LLM="openrouter/openai/gpt-5.4"
|
||||
export LLM_API_KEY="sk-or-..."
|
||||
```
|
||||
|
||||
## Available Models
|
||||
|
||||
Access any model on OpenRouter using the format `openrouter/<provider>/<model>`:
|
||||
|
||||
| Model | Configuration |
|
||||
|-------|---------------|
|
||||
| GPT-5.4 | `openrouter/openai/gpt-5.4` |
|
||||
| Claude Sonnet 4.6 | `openrouter/anthropic/claude-sonnet-4.6` |
|
||||
| Gemini 3 Pro | `openrouter/google/gemini-3-pro-preview` |
|
||||
| GLM-4.7 | `openrouter/z-ai/glm-4.7` |
|
||||
|
||||
## Get API Key
|
||||
|
||||
1. Go to [openrouter.ai](https://openrouter.ai)
|
||||
2. Sign in and navigate to Keys
|
||||
3. Create a new API key
|
||||
|
||||
## Benefits
|
||||
|
||||
- **Single API** — Access models from OpenAI, Anthropic, Google, Meta, and more
|
||||
- **Fallback routing** — Automatic failover between providers
|
||||
- **Cost tracking** — Monitor usage across all models
|
||||
- **Higher rate limits** — OpenRouter handles provider limits for you
|
||||
@@ -0,0 +1,70 @@
|
||||
---
|
||||
title: "Overview"
|
||||
description: "Configure your AI model for Strix"
|
||||
---
|
||||
|
||||
Strix uses [LiteLLM](https://docs.litellm.ai/docs/providers) for model compatibility, supporting 100+ LLM providers.
|
||||
|
||||
## Configuration
|
||||
|
||||
Set your model and API key:
|
||||
|
||||
| Model | Provider | Configuration |
|
||||
| ----------------- | ------------- | -------------------------------- |
|
||||
| GPT-5.4 | OpenAI | `openai/gpt-5.4` |
|
||||
| Claude Sonnet 4.6 | Anthropic | `anthropic/claude-sonnet-4-6` |
|
||||
| Gemini 3 Pro | Google Vertex | `vertex_ai/gemini-3-pro-preview` |
|
||||
|
||||
```bash
|
||||
export STRIX_LLM="openai/gpt-5.4"
|
||||
export LLM_API_KEY="your-api-key"
|
||||
```
|
||||
|
||||
## Local Models
|
||||
|
||||
Run models locally with [Ollama](https://ollama.com), [LM Studio](https://lmstudio.ai), or any OpenAI-compatible server:
|
||||
|
||||
```bash
|
||||
export STRIX_LLM="ollama/llama4"
|
||||
export LLM_API_BASE="http://localhost:11434"
|
||||
```
|
||||
|
||||
See the [Local Models guide](/llm-providers/local) for setup instructions and recommended models.
|
||||
|
||||
## Provider Guides
|
||||
|
||||
<CardGroup cols={2}>
|
||||
<Card title="OpenAI" href="/llm-providers/openai">
|
||||
GPT-5.4 models.
|
||||
</Card>
|
||||
<Card title="Anthropic" href="/llm-providers/anthropic">
|
||||
Claude Opus, Sonnet, and Haiku.
|
||||
</Card>
|
||||
<Card title="OpenRouter" href="/llm-providers/openrouter">
|
||||
Access 100+ models through a single API.
|
||||
</Card>
|
||||
<Card title="Google Vertex AI" href="/llm-providers/vertex">
|
||||
Gemini 3 models via Google Cloud.
|
||||
</Card>
|
||||
<Card title="AWS Bedrock" href="/llm-providers/bedrock">
|
||||
Claude and Titan models via AWS.
|
||||
</Card>
|
||||
<Card title="Azure OpenAI" href="/llm-providers/azure">
|
||||
GPT-5.4 via Azure.
|
||||
</Card>
|
||||
<Card title="Local Models" href="/llm-providers/local">
|
||||
Llama 4, Mistral, and self-hosted models.
|
||||
</Card>
|
||||
</CardGroup>
|
||||
|
||||
## Model Format
|
||||
|
||||
Use LiteLLM's `provider/model-name` format:
|
||||
|
||||
```
|
||||
openai/gpt-5.4
|
||||
anthropic/claude-sonnet-4-6
|
||||
vertex_ai/gemini-3-pro-preview
|
||||
bedrock/anthropic.claude-4-5-sonnet-20251022-v1:0
|
||||
ollama/llama4
|
||||
```
|
||||
@@ -0,0 +1,53 @@
|
||||
---
|
||||
title: "Google Vertex AI"
|
||||
description: "Configure Strix with Gemini models via Google Cloud"
|
||||
---
|
||||
|
||||
## Installation
|
||||
|
||||
Vertex AI requires the Google Cloud dependency. Install Strix with the vertex extra:
|
||||
|
||||
```bash
|
||||
pipx install "strix-agent[vertex]"
|
||||
```
|
||||
|
||||
## Setup
|
||||
|
||||
```bash
|
||||
export STRIX_LLM="vertex_ai/gemini-3-pro-preview"
|
||||
```
|
||||
|
||||
No API key required—uses Google Cloud Application Default Credentials.
|
||||
|
||||
## Authentication
|
||||
|
||||
### Option 1: gcloud CLI
|
||||
|
||||
```bash
|
||||
gcloud auth application-default login
|
||||
```
|
||||
|
||||
### Option 2: Service Account
|
||||
|
||||
```bash
|
||||
export GOOGLE_APPLICATION_CREDENTIALS="/path/to/service-account.json"
|
||||
```
|
||||
|
||||
## Available Models
|
||||
|
||||
| Model | Description |
|
||||
|-------|-------------|
|
||||
| `vertex_ai/gemini-3-pro-preview` | Best overall performance for security testing |
|
||||
| `vertex_ai/gemini-3-flash-preview` | Faster and cheaper |
|
||||
|
||||
## Project Configuration
|
||||
|
||||
```bash
|
||||
export VERTEXAI_PROJECT="your-project-id"
|
||||
export VERTEXAI_LOCATION="global"
|
||||
```
|
||||
|
||||
## Prerequisites
|
||||
|
||||
1. Enable the Vertex AI API in your Google Cloud project
|
||||
2. Ensure your account has the `Vertex AI User` role
|
||||
Binary file not shown.
|
After Width: | Height: | Size: 3.7 KiB |
@@ -0,0 +1,76 @@
|
||||
---
|
||||
title: "Quick Start"
|
||||
description: "Install Strix and run your first security scan"
|
||||
---
|
||||
|
||||
## Prerequisites
|
||||
|
||||
- Docker (running)
|
||||
- An LLM API key from any [supported provider](/llm-providers/overview) (OpenAI, Anthropic, Google, etc.)
|
||||
|
||||
## Installation
|
||||
|
||||
<Tabs>
|
||||
<Tab title="curl">
|
||||
```bash
|
||||
curl -sSL https://strix.ai/install | bash
|
||||
```
|
||||
</Tab>
|
||||
<Tab title="pipx">
|
||||
```bash
|
||||
pipx install strix-agent
|
||||
```
|
||||
</Tab>
|
||||
</Tabs>
|
||||
|
||||
## Configuration
|
||||
|
||||
Set your LLM provider:
|
||||
|
||||
```bash
|
||||
export STRIX_LLM="openai/gpt-5.4"
|
||||
export LLM_API_KEY="your-api-key"
|
||||
```
|
||||
|
||||
<Tip>
|
||||
For best results, use `openai/gpt-5.4`, `anthropic/claude-opus-4-6`, or `openai/gpt-5.2`.
|
||||
</Tip>
|
||||
|
||||
## Run Your First Scan
|
||||
|
||||
```bash
|
||||
strix --target ./your-app
|
||||
```
|
||||
|
||||
<Note>
|
||||
First run pulls the Docker sandbox image automatically. Results are saved to `strix_runs/<run-name>`.
|
||||
</Note>
|
||||
|
||||
## Target Types
|
||||
|
||||
Strix accepts multiple target types:
|
||||
|
||||
```bash
|
||||
# Local codebase
|
||||
strix --target ./app-directory
|
||||
|
||||
# GitHub repository
|
||||
strix --target https://github.com/org/repo
|
||||
|
||||
# Live web application
|
||||
strix --target https://your-app.com
|
||||
|
||||
# Multiple targets (white-box testing)
|
||||
strix -t https://github.com/org/repo -t https://your-app.com
|
||||
```
|
||||
|
||||
## Next Steps
|
||||
|
||||
<CardGroup cols={2}>
|
||||
<Card title="CLI Options" icon="terminal" href="/usage/cli">
|
||||
Explore all command-line options.
|
||||
</Card>
|
||||
<Card title="Scan Modes" icon="gauge" href="/usage/scan-modes">
|
||||
Choose the right scan depth.
|
||||
</Card>
|
||||
</CardGroup>
|
||||
@@ -0,0 +1,34 @@
|
||||
---
|
||||
title: "Browser"
|
||||
description: "Playwright-powered Chrome for web application testing"
|
||||
---
|
||||
|
||||
Strix uses a headless Chrome browser via Playwright to interact with web applications exactly like a real user would.
|
||||
|
||||
## How It Works
|
||||
|
||||
All browser traffic is automatically routed through the Caido proxy, giving Strix full visibility into every request and response. This enables:
|
||||
|
||||
- Testing client-side vulnerabilities (XSS, DOM manipulation)
|
||||
- Navigating authenticated flows (login, OAuth, MFA)
|
||||
- Triggering JavaScript-heavy functionality
|
||||
- Capturing dynamically generated requests
|
||||
|
||||
## Capabilities
|
||||
|
||||
| Action | Description |
|
||||
| ---------- | ------------------------------------------- |
|
||||
| Navigate | Go to URLs, follow links, handle redirects |
|
||||
| Click | Interact with buttons, links, form elements |
|
||||
| Type | Fill in forms, search boxes, input fields |
|
||||
| Execute JS | Run custom JavaScript in the page context |
|
||||
| Screenshot | Capture visual state for reports |
|
||||
| Multi-tab | Test across multiple browser tabs |
|
||||
|
||||
## Example Flow
|
||||
|
||||
1. Agent launches browser and navigates to login page
|
||||
2. Fills in credentials and submits form
|
||||
3. Proxy captures the authentication request
|
||||
4. Agent navigates to protected areas
|
||||
5. Tests for IDOR by replaying requests with modified IDs
|
||||
@@ -0,0 +1,33 @@
|
||||
---
|
||||
title: "Agent Tools"
|
||||
description: "How Strix agents interact with targets"
|
||||
---
|
||||
|
||||
Strix agents use specialized tools to test your applications like a real penetration tester would.
|
||||
|
||||
## Core Tools
|
||||
|
||||
<CardGroup cols={2}>
|
||||
<Card title="Browser" icon="globe" href="/tools/browser">
|
||||
Playwright-powered Chrome for interacting with web UIs.
|
||||
</Card>
|
||||
<Card title="HTTP Proxy" icon="network-wired" href="/tools/proxy">
|
||||
Caido-powered proxy for intercepting and replaying requests.
|
||||
</Card>
|
||||
<Card title="Terminal" icon="terminal" href="/tools/terminal">
|
||||
Bash shell for running commands and security tools.
|
||||
</Card>
|
||||
<Card title="Sandbox Tools" icon="toolbox" href="/tools/sandbox">
|
||||
Pre-installed security tools: Nuclei, ffuf, and more.
|
||||
</Card>
|
||||
</CardGroup>
|
||||
|
||||
## Additional Tools
|
||||
|
||||
| Tool | Purpose |
|
||||
| -------------- | ---------------------------------------- |
|
||||
| Python Runtime | Write and execute custom exploit scripts |
|
||||
| File Editor | Read and modify source code |
|
||||
| Web Search | Real-time OSINT via Perplexity |
|
||||
| Notes | Document findings during the scan |
|
||||
| Reporting | Generate vulnerability reports with PoCs |
|
||||
@@ -0,0 +1,135 @@
|
||||
---
|
||||
title: "HTTP Proxy"
|
||||
description: "Caido-powered proxy for request interception and replay"
|
||||
---
|
||||
|
||||
Strix includes [Caido](https://caido.io), a modern HTTP proxy built for security testing. All browser traffic flows through Caido, giving the agent full control over requests and responses.
|
||||
|
||||
## Capabilities
|
||||
|
||||
| Feature | Description |
|
||||
| ---------------- | -------------------------------------------- |
|
||||
| Request Capture | Log all HTTP/HTTPS traffic automatically |
|
||||
| Request Replay | Repeat any request with modifications |
|
||||
| HTTPQL | Query captured traffic with powerful filters |
|
||||
| Scope Management | Focus on specific domains or paths |
|
||||
| Sitemap | Visualize the discovered attack surface |
|
||||
|
||||
## HTTPQL Filtering
|
||||
|
||||
Query captured requests using Caido's HTTPQL syntax
|
||||
|
||||
## Request Replay
|
||||
|
||||
The agent can take any captured request and replay it with modifications:
|
||||
|
||||
- Change path parameters (test for IDOR)
|
||||
- Modify request body (test for injection)
|
||||
- Add/remove headers (test for auth bypass)
|
||||
- Alter cookies (test for session issues)
|
||||
|
||||
## Python Integration
|
||||
|
||||
Proxy helpers are available to sandbox Python scripts through the image-baked `caido_api` module. This enables powerful scripted security testing:
|
||||
|
||||
```python
|
||||
import asyncio
|
||||
|
||||
from caido_api import list_requests, repeat_request, view_request
|
||||
|
||||
|
||||
async def main():
|
||||
# List recent POST requests
|
||||
post_requests = await list_requests(
|
||||
httpql_filter='req.method.eq:"POST"',
|
||||
first=20,
|
||||
)
|
||||
|
||||
# View a specific request
|
||||
request_details = await view_request("req_123", part="request")
|
||||
|
||||
# Replay with modified payload
|
||||
response = await repeat_request(
|
||||
"req_123",
|
||||
modifications={"body": '{"user_id": "admin"}'},
|
||||
)
|
||||
print(response["status"], request_details is not None, len(post_requests.edges))
|
||||
|
||||
|
||||
asyncio.run(main())
|
||||
```
|
||||
|
||||
### Available Functions
|
||||
|
||||
| Function | Description |
|
||||
| ---------------------- | ------------------------------------------ |
|
||||
| `list_requests()` | Query captured traffic with HTTPQL filters |
|
||||
| `view_request()` | Get full request/response details |
|
||||
| `repeat_request()` | Replay a request with modifications |
|
||||
| `list_sitemap()` | Browse the request-tree view of discovered surface |
|
||||
| `view_sitemap_entry()` | Inspect one sitemap entry + its related requests |
|
||||
| `scope_rules()` | Manage proxy scope (allowlist/denylist) |
|
||||
|
||||
For one-off arbitrary requests, use shell tooling like `curl` — the
|
||||
sandbox's `HTTP_PROXY` env routes the traffic through Caido
|
||||
automatically, so it lands in `list_requests` and can be replayed via
|
||||
`repeat_request`.
|
||||
|
||||
### Example: Automated IDOR Testing
|
||||
|
||||
```python
|
||||
import asyncio
|
||||
|
||||
# Get all requests to user endpoints
|
||||
from caido_api import list_requests, repeat_request
|
||||
|
||||
|
||||
async def main():
|
||||
user_requests = await list_requests(httpql_filter='req.path.cont:"/users/"')
|
||||
|
||||
for edge in user_requests.edges:
|
||||
req = edge.node.request
|
||||
scheme = "https" if req.is_tls else "http"
|
||||
for test_id in ["1", "2", "admin", "../admin"]:
|
||||
url = f"{scheme}://{req.host}{req.path.replace('/users/1', f'/users/{test_id}')}"
|
||||
response = await repeat_request(
|
||||
req.id,
|
||||
modifications={"url": url},
|
||||
)
|
||||
print(req.id, test_id, response["status"])
|
||||
if response["status"] == "DONE":
|
||||
print(f"Replay completed for candidate {test_id}")
|
||||
|
||||
|
||||
asyncio.run(main())
|
||||
```
|
||||
|
||||
## Human-in-the-Loop
|
||||
|
||||
Strix exposes the Caido proxy to your host machine, so you can interact with it alongside the automated scan. When the sandbox starts, the Caido URL is displayed in the TUI sidebar — click it to copy, then open it in Caido Desktop.
|
||||
|
||||
### Accessing Caido
|
||||
|
||||
1. Start a scan as usual
|
||||
2. Look for the **Caido** URL in the sidebar stats panel (e.g. `localhost:52341`)
|
||||
3. Open the URL in Caido Desktop
|
||||
4. Click **Continue as guest** to access the instance
|
||||
|
||||
### What You Can Do
|
||||
|
||||
- **Inspect traffic** — Browse all HTTP/HTTPS requests the agent is making in real time
|
||||
- **Replay requests** — Take any captured request and resend it with your own modifications
|
||||
- **Intercept and modify** — Pause requests mid-flight, edit them, then forward
|
||||
- **Explore the sitemap** — See the full attack surface the agent has discovered
|
||||
- **Manual testing** — Use Caido's tools to test findings the agent reports, or explore areas it hasn't reached
|
||||
|
||||
This turns Strix from a fully automated scanner into a collaborative tool — the agent handles the heavy lifting while you focus on the interesting parts.
|
||||
|
||||
## Scope
|
||||
|
||||
Create scopes to filter traffic to relevant domains:
|
||||
|
||||
```
|
||||
Allowlist: ["api.example.com", "*.example.com"]
|
||||
Denylist: ["*.gif", "*.jpg", "*.png", "*.css", "*.js"]
|
||||
```
|
||||
@@ -0,0 +1,91 @@
|
||||
---
|
||||
title: "Sandbox Tools"
|
||||
description: "Pre-installed security tools in the Strix container"
|
||||
---
|
||||
|
||||
Strix runs inside a Kali Linux-based Docker container with a comprehensive set of security tools pre-installed. The agent can use any of these tools through the [terminal](/tools/terminal).
|
||||
|
||||
## Reconnaissance
|
||||
|
||||
| Tool | Description |
|
||||
| ---------------------------------------------------------- | -------------------------------------- |
|
||||
| [Subfinder](https://github.com/projectdiscovery/subfinder) | Subdomain discovery |
|
||||
| [Naabu](https://github.com/projectdiscovery/naabu) | Fast port scanner |
|
||||
| [httpx](https://github.com/projectdiscovery/httpx) | HTTP probing and analysis |
|
||||
| [Katana](https://github.com/projectdiscovery/katana) | Web crawling and spidering |
|
||||
| [ffuf](https://github.com/ffuf/ffuf) | Fast web fuzzer |
|
||||
| [Nmap](https://nmap.org) | Network scanning and service detection |
|
||||
|
||||
## Web Testing
|
||||
|
||||
| Tool | Description |
|
||||
| ------------------------------------------------------ | -------------------------------- |
|
||||
| [Arjun](https://github.com/s0md3v/Arjun) | HTTP parameter discovery |
|
||||
| [Dirsearch](https://github.com/maurosoria/dirsearch) | Directory and file brute-forcing |
|
||||
| [wafw00f](https://github.com/EnableSecurity/wafw00f) | WAF fingerprinting |
|
||||
| [GoSpider](https://github.com/jaeles-project/gospider) | Web spider for link extraction |
|
||||
|
||||
## Automated Scanners
|
||||
|
||||
| Tool | Description |
|
||||
| ---------------------------------------------------- | -------------------------------------------------- |
|
||||
| [Nuclei](https://github.com/projectdiscovery/nuclei) | Template-based vulnerability scanner |
|
||||
| [SQLMap](https://sqlmap.org) | Automatic SQL injection detection and exploitation |
|
||||
| [Wapiti](https://wapiti-scanner.github.io) | Web application vulnerability scanner |
|
||||
| [ZAP](https://zaproxy.org) | OWASP Zed Attack Proxy |
|
||||
|
||||
## JavaScript Analysis
|
||||
|
||||
| Tool | Description |
|
||||
| -------------------------------------------------------- | ------------------------------ |
|
||||
| [JS-Snooper](https://github.com/aravind0x7/JS-Snooper) | JavaScript reconnaissance |
|
||||
| [jsniper](https://github.com/xchopath/jsniper.sh) | JavaScript file analysis |
|
||||
| [Retire.js](https://retirejs.github.io/retire.js) | Detect vulnerable JS libraries |
|
||||
| [ESLint](https://eslint.org) | JavaScript static analysis |
|
||||
| [js-beautify](https://github.com/beautifier/js-beautify) | JavaScript deobfuscation |
|
||||
| [JSHint](https://jshint.com) | JavaScript code quality tool |
|
||||
|
||||
## Source-Aware Analysis
|
||||
|
||||
| Tool | Description |
|
||||
| ------------------------------------------------------- | --------------------------------------------- |
|
||||
| [Semgrep](https://github.com/semgrep/semgrep) | Fast SAST and custom rule matching |
|
||||
| [ast-grep](https://ast-grep.github.io) | Structural AST/CST-aware code search (`sg`) |
|
||||
| [Tree-sitter](https://tree-sitter.github.io/tree-sitter/) | Syntax tree parsing and symbol extraction (Java/JS/TS/Python/Go/Bash/JSON/YAML grammars pre-configured) |
|
||||
| [Bandit](https://bandit.readthedocs.io) | Python security linter |
|
||||
|
||||
## Secret Detection
|
||||
|
||||
| Tool | Description |
|
||||
| ----------------------------------------------------------- | ------------------------------------- |
|
||||
| [TruffleHog](https://github.com/trufflesecurity/trufflehog) | Find secrets in code and history |
|
||||
| [Gitleaks](https://github.com/gitleaks/gitleaks) | Detect hardcoded secrets in repositories |
|
||||
|
||||
## Authentication Testing
|
||||
|
||||
| Tool | Description |
|
||||
| ------------------------------------------------------------ | ---------------------------------- |
|
||||
| [jwt_tool](https://github.com/ticarpi/jwt_tool) | JWT token testing and exploitation |
|
||||
| [Interactsh](https://github.com/projectdiscovery/interactsh) | Out-of-band interaction detection |
|
||||
|
||||
## Container & Supply Chain
|
||||
|
||||
| Tool | Description |
|
||||
| -------------------------- | ---------------------------------------------- |
|
||||
| [Trivy](https://trivy.dev) | Filesystem/container scanning for vulns, misconfigurations, secrets, and licenses |
|
||||
|
||||
## HTTP Proxy
|
||||
|
||||
| Tool | Description |
|
||||
| ------------------------- | --------------------------------------------- |
|
||||
| [Caido](https://caido.io) | Modern HTTP proxy for interception and replay |
|
||||
|
||||
## Browser
|
||||
|
||||
| Tool | Description |
|
||||
| ------------------------------------ | --------------------------- |
|
||||
| [Playwright](https://playwright.dev) | Headless browser automation |
|
||||
|
||||
<Note>
|
||||
All tools are pre-configured and ready to use. The agent selects the appropriate tool based on the vulnerability being tested.
|
||||
</Note>
|
||||
@@ -0,0 +1,65 @@
|
||||
---
|
||||
title: "Terminal"
|
||||
description: "Bash shell for running commands and security tools"
|
||||
---
|
||||
|
||||
Strix has access to a persistent bash terminal running inside the Docker sandbox. This gives the agent access to all [pre-installed security tools](/tools/sandbox).
|
||||
|
||||
## Capabilities
|
||||
|
||||
| Feature | Description |
|
||||
| ----------------- | ---------------------------------------------------------- |
|
||||
| Persistent state | Working directory and environment persist between commands |
|
||||
| Multiple sessions | Run parallel terminals for concurrent operations |
|
||||
| Background jobs | Start long-running processes without blocking |
|
||||
| Interactive | Respond to prompts and control running processes |
|
||||
|
||||
## Common Uses
|
||||
|
||||
### Running Security Tools
|
||||
|
||||
```bash
|
||||
# Subdomain enumeration
|
||||
subfinder -d example.com
|
||||
|
||||
# Vulnerability scanning
|
||||
nuclei -u https://example.com
|
||||
|
||||
# SQL injection testing
|
||||
sqlmap -u "https://example.com/page?id=1"
|
||||
```
|
||||
|
||||
### Code Analysis
|
||||
|
||||
```bash
|
||||
# Fast SAST triage
|
||||
semgrep --config auto ./src
|
||||
|
||||
# Structural AST search
|
||||
sg scan ./src
|
||||
|
||||
# Secret detection
|
||||
gitleaks detect --source ./
|
||||
trufflehog filesystem ./
|
||||
|
||||
# Supply-chain and misconfiguration checks
|
||||
trivy fs ./
|
||||
```
|
||||
|
||||
### Custom Scripts
|
||||
|
||||
```bash
|
||||
# Run Python exploits
|
||||
python3 exploit.py
|
||||
|
||||
# Execute shell scripts
|
||||
./test_auth_bypass.sh
|
||||
```
|
||||
|
||||
## Session Management
|
||||
|
||||
The agent can run multiple terminal sessions concurrently, for example:
|
||||
|
||||
- Main session for primary testing
|
||||
- Secondary session for monitoring
|
||||
- Background processes for servers or watchers
|
||||
@@ -0,0 +1,108 @@
|
||||
---
|
||||
title: "CLI Reference"
|
||||
description: "Command-line options for Strix"
|
||||
---
|
||||
|
||||
## Basic Usage
|
||||
|
||||
```bash
|
||||
strix --target <target> [options]
|
||||
```
|
||||
|
||||
## Options
|
||||
|
||||
<ParamField path="--target, -t" type="string" required>
|
||||
Target to test. Accepts URLs, repositories, local directories, domains, or IP addresses. Can be specified multiple times.
|
||||
</ParamField>
|
||||
|
||||
<ParamField path="--mount" type="string">
|
||||
Bind-mount a local directory into the sandbox (read-only) instead of copying it in file-by-file. Use this for large repositories that are too big to stream into the container. Can be specified multiple times.
|
||||
|
||||
Strix copies local `--target` directories into the sandbox one file at a time, which stalls on very large trees. When a local target exceeds the copy limit (see `STRIX_MAX_LOCAL_COPY_MB`, default 1024 MB) Strix exits early and asks you to re-run with `--mount`.
|
||||
|
||||
<Note>
|
||||
The mount is read-only to protect your source from accidental modification. This is not a hard security boundary: a root process inside the container can remount it writable, so treat `--mount` as "scan my own code", not as isolation from untrusted code.
|
||||
</Note>
|
||||
|
||||
<Note>
|
||||
The size pre-flight only covers local directory targets. Remote repositories (cloned at scan time) are not size-checked.
|
||||
</Note>
|
||||
</ParamField>
|
||||
|
||||
<ParamField path="--instruction" type="string">
|
||||
Custom instructions for the scan. Use for credentials, focus areas, or specific testing approaches.
|
||||
</ParamField>
|
||||
|
||||
<ParamField path="--instruction-file" type="string">
|
||||
Path to a file containing detailed instructions.
|
||||
</ParamField>
|
||||
|
||||
<ParamField path="--scan-mode, -m" type="string" default="deep">
|
||||
Scan depth: `quick`, `standard`, or `deep`.
|
||||
</ParamField>
|
||||
|
||||
<ParamField path="--scope-mode" type="string" default="auto">
|
||||
Code scope mode: `auto` (enable PR diff-scope in CI/headless runs), `diff` (force changed-files scope), or `full` (disable diff-scope).
|
||||
</ParamField>
|
||||
|
||||
<ParamField path="--diff-base" type="string">
|
||||
Target branch or commit to compare against (e.g., `origin/main`). Defaults to the repository's default branch.
|
||||
</ParamField>
|
||||
|
||||
<ParamField path="--non-interactive, -n" type="boolean">
|
||||
Run in headless mode without TUI. Ideal for CI/CD.
|
||||
</ParamField>
|
||||
|
||||
<ParamField path="--config" type="string">
|
||||
Path to a custom config file (JSON) to use instead of `~/.strix/cli-config.json`.
|
||||
</ParamField>
|
||||
|
||||
<ParamField path="--max-budget-usd" type="number">
|
||||
Maximum LLM spend in USD for the whole scan, counted cumulatively across the
|
||||
root agent and every child agent. The budget is checked after each model
|
||||
response; once the running cost reaches the threshold, the scan stops cleanly
|
||||
with a `stopped` status (not a failure) and the sandbox is torn down.
|
||||
|
||||
Must be greater than `0`. Omit the flag for no limit.
|
||||
|
||||
**Limitations**
|
||||
|
||||
- The check fires *after* a response is returned, so the final spend can
|
||||
slightly overshoot the limit by any calls already in flight when the
|
||||
threshold is crossed (most relevant with several child agents running
|
||||
concurrently).
|
||||
- Cost is a best-effort estimate derived from token usage and model pricing;
|
||||
providers that do not expose priced usage may under-count.
|
||||
</ParamField>
|
||||
|
||||
## Examples
|
||||
|
||||
```bash
|
||||
# Basic scan
|
||||
strix --target https://example.com
|
||||
|
||||
# Authenticated testing
|
||||
strix --target https://app.com --instruction "Use credentials: user:pass"
|
||||
|
||||
# Focused testing
|
||||
strix --target api.example.com --instruction "Focus on IDOR and auth bypass"
|
||||
|
||||
# CI/CD mode
|
||||
strix -n --target ./ --scan-mode quick
|
||||
|
||||
# Force diff-scope against a specific base ref
|
||||
strix -n --target ./ --scan-mode quick --scope-mode diff --diff-base origin/main
|
||||
|
||||
# Multi-target white-box testing
|
||||
strix -t https://github.com/org/app -t https://staging.example.com
|
||||
|
||||
# Large local repository — bind-mount instead of copying it in
|
||||
strix --mount ./huge-monorepo
|
||||
```
|
||||
|
||||
## Exit Codes
|
||||
|
||||
| Code | Meaning |
|
||||
|------|---------|
|
||||
| 0 | Scan completed, no vulnerabilities found |
|
||||
| 2 | Vulnerabilities found (headless mode only) |
|
||||
@@ -0,0 +1,73 @@
|
||||
---
|
||||
title: "Custom Instructions"
|
||||
description: "Guide Strix with custom testing instructions"
|
||||
---
|
||||
|
||||
Use instructions to provide context, credentials, or focus areas for your scan.
|
||||
|
||||
## Inline Instructions
|
||||
|
||||
```bash
|
||||
strix --target https://app.com --instruction "Focus on authentication vulnerabilities"
|
||||
```
|
||||
|
||||
## File-Based Instructions
|
||||
|
||||
For complex instructions, use a file:
|
||||
|
||||
```bash
|
||||
strix --target https://app.com --instruction-file ./pentest-instructions.md
|
||||
```
|
||||
|
||||
## Common Use Cases
|
||||
|
||||
### Authenticated Testing
|
||||
|
||||
```bash
|
||||
strix --target https://app.com \
|
||||
--instruction "Login with email: test@example.com, password: TestPass123"
|
||||
```
|
||||
|
||||
### Focused Scope
|
||||
|
||||
```bash
|
||||
strix --target https://api.example.com \
|
||||
--instruction "Focus on IDOR vulnerabilities in the /api/users endpoints"
|
||||
```
|
||||
|
||||
### Exclusions
|
||||
|
||||
```bash
|
||||
strix --target https://app.com \
|
||||
--instruction "Do not test /admin or /internal endpoints"
|
||||
```
|
||||
|
||||
### API Testing
|
||||
|
||||
```bash
|
||||
strix --target https://api.example.com \
|
||||
--instruction "Use API key header: X-API-Key: abc123. Focus on rate limiting bypass."
|
||||
```
|
||||
|
||||
## Instruction File Example
|
||||
|
||||
```markdown instructions.md
|
||||
# Penetration Test Instructions
|
||||
|
||||
## Credentials
|
||||
- Admin: admin@example.com / AdminPass123
|
||||
- User: user@example.com / UserPass123
|
||||
|
||||
## Focus Areas
|
||||
1. IDOR in user profile endpoints
|
||||
2. Privilege escalation between roles
|
||||
3. JWT token manipulation
|
||||
|
||||
## Out of Scope
|
||||
- /health endpoints
|
||||
- Third-party integrations
|
||||
```
|
||||
|
||||
<Tip>
|
||||
Be specific. Good instructions help Strix prioritize the most valuable attack paths.
|
||||
</Tip>
|
||||
@@ -0,0 +1,62 @@
|
||||
---
|
||||
title: "Scan Modes"
|
||||
description: "Choose the right scan depth for your use case"
|
||||
---
|
||||
|
||||
Strix offers three scan modes to balance speed and thoroughness.
|
||||
|
||||
## Quick
|
||||
|
||||
```bash
|
||||
strix --target ./app --scan-mode quick
|
||||
```
|
||||
|
||||
Fast checks for obvious vulnerabilities. Best for:
|
||||
- CI/CD pipelines
|
||||
- Pull request validation
|
||||
- Rapid smoke tests
|
||||
|
||||
**Duration**: Minutes
|
||||
|
||||
## Standard
|
||||
|
||||
```bash
|
||||
strix --target ./app --scan-mode standard
|
||||
```
|
||||
|
||||
Balanced testing for routine security reviews. Best for:
|
||||
- Regular security assessments
|
||||
- Pre-release validation
|
||||
- Development milestones
|
||||
|
||||
**Duration**: 30 minutes to 1 hour
|
||||
|
||||
**White-box behavior**: Uses source-aware mapping and static triage to prioritize dynamic exploit validation paths.
|
||||
|
||||
## Deep
|
||||
|
||||
```bash
|
||||
strix --target ./app --scan-mode deep
|
||||
```
|
||||
|
||||
Thorough penetration testing. Best for:
|
||||
- Comprehensive security audits
|
||||
- Pre-production reviews
|
||||
- Critical application assessments
|
||||
|
||||
**Duration**: 1-4 hours depending on target complexity
|
||||
|
||||
**White-box behavior**: Runs broad source-aware triage (`semgrep`, AST structural search, secrets, supply-chain checks) and then systematically validates top candidates dynamically.
|
||||
|
||||
<Note>
|
||||
Deep mode is the default. It explores edge cases, chained vulnerabilities, and complex attack paths.
|
||||
</Note>
|
||||
|
||||
## Choosing a Mode
|
||||
|
||||
| Scenario | Recommended Mode |
|
||||
|----------|------------------|
|
||||
| Every PR | Quick |
|
||||
| Weekly scans | Standard |
|
||||
| Before major release | Deep |
|
||||
| Bug bounty hunting | Deep |
|
||||
Reference in New Issue
Block a user