From 25ac2f1e0866fa50ffcb701960b31fa4bf15be97 Mon Sep 17 00:00:00 2001 From: 0xallam Date: Tue, 20 Jan 2026 21:08:29 -0800 Subject: [PATCH] docs: add documentation to main repository --- docs/README.md | 10 +++ docs/advanced/configuration.mdx | 88 ++++++++++++++++++ docs/advanced/skills.mdx | 119 ++++++++++++++++++++++++ docs/cloud/overview.mdx | 40 +++++++++ docs/contributing.mdx | 96 ++++++++++++++++++++ docs/docs.json | 129 +++++++++++++++++++++++++++ docs/images/favicon-48.ico | Bin 0 -> 9662 bytes docs/images/logo.png | Bin 0 -> 3801 bytes docs/index.mdx | 45 ++++++++++ docs/integrations/ci-cd.mdx | 80 +++++++++++++++++ docs/integrations/github-actions.mdx | 60 +++++++++++++ docs/llm-providers/anthropic.mdx | 24 +++++ docs/llm-providers/azure.mdx | 37 ++++++++ docs/llm-providers/bedrock.mdx | 47 ++++++++++ docs/llm-providers/local.mdx | 56 ++++++++++++ docs/llm-providers/openai.mdx | 31 +++++++ docs/llm-providers/openrouter.mdx | 37 ++++++++ docs/llm-providers/overview.mdx | 61 +++++++++++++ docs/llm-providers/vertex.mdx | 53 +++++++++++ docs/logo/strix.png | Bin 0 -> 3801 bytes docs/quickstart.mdx | 76 ++++++++++++++++ docs/tools/browser.mdx | 34 +++++++ docs/tools/overview.mdx | 33 +++++++ docs/tools/proxy.mdx | 90 +++++++++++++++++++ docs/tools/sandbox.mdx | 83 +++++++++++++++++ docs/tools/terminal.mdx | 61 +++++++++++++ docs/usage/cli.mdx | 58 ++++++++++++ docs/usage/instructions.mdx | 73 +++++++++++++++ docs/usage/scan-modes.mdx | 58 ++++++++++++ 29 files changed, 1579 insertions(+) create mode 100644 docs/README.md create mode 100644 docs/advanced/configuration.mdx create mode 100644 docs/advanced/skills.mdx create mode 100644 docs/cloud/overview.mdx create mode 100644 docs/contributing.mdx create mode 100644 docs/docs.json create mode 100644 docs/images/favicon-48.ico create mode 100644 docs/images/logo.png create mode 100644 docs/index.mdx create mode 100644 docs/integrations/ci-cd.mdx create mode 100644 docs/integrations/github-actions.mdx create mode 100644 docs/llm-providers/anthropic.mdx create mode 100644 docs/llm-providers/azure.mdx create mode 100644 docs/llm-providers/bedrock.mdx create mode 100644 docs/llm-providers/local.mdx create mode 100644 docs/llm-providers/openai.mdx create mode 100644 docs/llm-providers/openrouter.mdx create mode 100644 docs/llm-providers/overview.mdx create mode 100644 docs/llm-providers/vertex.mdx create mode 100644 docs/logo/strix.png create mode 100644 docs/quickstart.mdx create mode 100644 docs/tools/browser.mdx create mode 100644 docs/tools/overview.mdx create mode 100644 docs/tools/proxy.mdx create mode 100644 docs/tools/sandbox.mdx create mode 100644 docs/tools/terminal.mdx create mode 100644 docs/usage/cli.mdx create mode 100644 docs/usage/instructions.mdx create mode 100644 docs/usage/scan-modes.mdx diff --git a/docs/README.md b/docs/README.md new file mode 100644 index 0000000..cc19895 --- /dev/null +++ b/docs/README.md @@ -0,0 +1,10 @@ +# Strix Documentation + +Documentation source files for Strix, powered by [Mintlify](https://mintlify.com). + +## Local Preview + +```bash +npm i -g mintlify +cd docs && mintlify dev +``` diff --git a/docs/advanced/configuration.mdx b/docs/advanced/configuration.mdx new file mode 100644 index 0000000..c40385b --- /dev/null +++ b/docs/advanced/configuration.mdx @@ -0,0 +1,88 @@ +--- +title: "Configuration" +description: "Environment variables for Strix" +--- + +Configure Strix using environment variables. + +## LLM Configuration + + + Model name in LiteLLM format (e.g., `openai/gpt-5`, `anthropic/claude-sonnet-4-5`). + + + + API key for your LLM provider. Not required for local models or cloud provider auth (Vertex AI, AWS Bedrock). + + + + Custom API base URL. Also accepts `OPENAI_API_BASE`, `LITELLM_BASE_URL`, or `OLLAMA_API_BASE`. + + + + Request timeout in seconds for LLM calls. + + + + Delay in seconds between LLM requests for rate limiting. + + + + Maximum concurrent LLM requests. + + + + Control thinking effort for reasoning models. Valid values: `none`, `minimal`, `low`, `medium`, `high`, `xhigh`. Defaults to `medium` for quick scan mode. + + +## Optional Features + + + API key for Perplexity AI. Enables real-time web search during scans for OSINT and vulnerability research. + + +## Docker Configuration + + + Docker image to use for the sandbox container. + + + + Docker daemon socket path. Use for remote Docker hosts or custom configurations. + + + + Runtime backend for the sandbox environment. + + +## Sandbox Configuration + + + Maximum execution time in seconds for sandbox operations. + + + + Timeout in seconds for connecting to the sandbox container. + + + + Disable browser tool. + + +## Example Setup + +```bash +# Required +export STRIX_LLM="openai/gpt-5" +export LLM_API_KEY="sk-..." + +# Optional: Enable web search +export PERPLEXITY_API_KEY="pplx-..." + +# Optional: Custom timeouts +export LLM_TIMEOUT="600" +export STRIX_SANDBOX_EXECUTION_TIMEOUT="1000" + +# Optional: Use custom Docker image +export STRIX_IMAGE="ghcr.io/usestrix/strix-sandbox:latest" +``` diff --git a/docs/advanced/skills.mdx b/docs/advanced/skills.mdx new file mode 100644 index 0000000..cbbcad6 --- /dev/null +++ b/docs/advanced/skills.mdx @@ -0,0 +1,119 @@ +--- +title: "Skills" +description: "Specialized knowledge packages that enhance agent capabilities" +--- + +Skills are structured knowledge packages that give Strix agents deep expertise in specific vulnerability types, technologies, and testing methodologies. + +## The Idea + +LLMs have broad but shallow security knowledge. They know _about_ SQL injection, but lack the nuanced techniques that experienced pentesters use—parser quirks, bypass methods, validation tricks, and chain attacks. + +Skills inject this deep, specialized knowledge directly into the agent's context, transforming it from a generalist into a specialist for the task at hand. + +## How They Work + +When Strix spawns an agent for a specific task, it selects up to 5 relevant skills based on the context: + +```python +# Agent created for JWT testing automatically loads relevant skills +create_agent( + task="Test authentication mechanisms", + skills=["authentication_jwt", "business_logic"] +) +``` + +The skills are injected into the agent's system prompt, giving it access to: + +- **Advanced techniques** — Non-obvious methods beyond standard testing +- **Working payloads** — Practical examples with variations +- **Validation methods** — How to confirm findings and avoid false positives + +## Skill Categories + +### Vulnerabilities + +Core vulnerability classes with deep exploitation techniques. + +| Skill | Coverage | +| ------------------------------------- | ------------------------------------------------------ | +| `authentication_jwt` | JWT attacks, algorithm confusion, claim tampering | +| `idor` | Object reference attacks, horizontal/vertical access | +| `sql_injection` | SQL injection variants, WAF bypasses, blind techniques | +| `xss` | XSS types, filter bypasses, DOM exploitation | +| `ssrf` | Server-side request forgery, protocol handlers | +| `csrf` | Cross-site request forgery, token bypasses | +| `xxe` | XML external entities, OOB exfiltration | +| `rce` | Remote code execution vectors | +| `business_logic` | Logic flaws, state manipulation, race conditions | +| `race_conditions` | TOCTOU, parallel request attacks | +| `path_traversal_lfi_rfi` | File inclusion, path traversal | +| `open_redirect` | Redirect bypasses, URL parsing tricks | +| `mass_assignment` | Attribute injection, hidden parameter pollution | +| `insecure_file_uploads` | Upload bypasses, extension tricks | +| `information_disclosure` | Data leakage, error-based enumeration | +| `subdomain_takeover` | Dangling DNS, cloud resource claims | +| `broken_function_level_authorization` | Privilege escalation, role bypasses | + +### Frameworks + +Framework-specific testing patterns. + +| Skill | Coverage | +| --------- | -------------------------------------------- | +| `fastapi` | FastAPI security patterns, Pydantic bypasses | +| `nextjs` | Next.js SSR/SSG issues, API route security | + +### Technologies + +Third-party service and platform security. + +| Skill | Coverage | +| -------------------- | ---------------------------------- | +| `supabase` | Supabase RLS bypasses, auth issues | +| `firebase_firestore` | Firestore rules, Firebase auth | + +### Protocols + +Protocol-specific testing techniques. + +| Skill | Coverage | +| --------- | ------------------------------------------------ | +| `graphql` | GraphQL introspection, batching, resolver issues | + +## Skill Structure + +Each skill uses XML-style tags for structure: + +```xml + + NAME + + Key insight about this vulnerability + + What this skill covers + + Step-by-step testing approach + + How to find it + + How to exploit it + + How to bypass protections + + How to confirm findings + + What to watch out for + + Additional Expert advice + +``` + +## Contributing Skills + +Community contributions are welcome. Good skills include: + +1. **Real-world techniques** — Methods that work in practice +2. **Practical payloads** — Working examples with variations +3. **Validation steps** — How to confirm without false positives +4. **Context awareness** — Version/environment-specific behavior diff --git a/docs/cloud/overview.mdx b/docs/cloud/overview.mdx new file mode 100644 index 0000000..9851a77 --- /dev/null +++ b/docs/cloud/overview.mdx @@ -0,0 +1,40 @@ +--- +title: "Introduction" +description: "Managed security testing without local setup" +--- + +Skip the setup. Run Strix in the cloud at [app.usestrix.com](https://app.usestrix.com). + +## Features + + + + No Docker, API keys, or local installation needed. + + + Detailed findings with remediation guidance. + + + Track vulnerabilities and fixes over time. + + + Automatic scans on pull requests. + + + +## What You Get + +- **Penetration test reports** — Validated findings with PoCs +- **Shareable dashboards** — Collaborate with your team +- **CI/CD integration** — Block risky changes automatically +- **Continuous monitoring** — Catch new vulnerabilities quickly + +## Getting Started + +1. Sign up at [app.usestrix.com](https://app.usestrix.com) +2. Connect your repository or enter a target URL +3. Launch your first scan + + + Run your first pentest in minutes. + diff --git a/docs/contributing.mdx b/docs/contributing.mdx new file mode 100644 index 0000000..830ec9b --- /dev/null +++ b/docs/contributing.mdx @@ -0,0 +1,96 @@ +--- +title: "Contributing" +description: "Contribute to Strix development" +--- + +## Development Setup + +### Prerequisites + +- Python 3.12+ +- Docker (running) +- Poetry +- Git + +### Local Development + + + + ```bash + git clone https://github.com/usestrix/strix.git + cd strix + ``` + + + ```bash + make setup-dev + + # or manually: + poetry install --with=dev + poetry run pre-commit install + ``` + + + ```bash + export STRIX_LLM="openai/gpt-5" + export LLM_API_KEY="your-api-key" + ``` + + + ```bash + poetry run strix --target https://example.com + ``` + + + +## Contributing Skills + +Skills are specialized knowledge packages that enhance agent capabilities. They live in `strix/skills/` + +### Creating a Skill + +1. Choose the right category +2. Create a `.jinja` file with your skill content +3. Include practical examples—working payloads, commands, test cases +4. Provide validation methods to confirm findings +5. Submit via PR + +## Contributing Code + +### Pull Request Process + +1. **Create an issue first** — Describe the problem or feature +2. **Fork and branch** — Work from `main` +3. **Make changes** — Follow existing code style +4. **Write tests** — Ensure coverage for new features +5. **Run checks** — `make check-all` should pass +6. **Submit PR** — Link to issue and provide context + +### Code Style + +- PEP 8 with 100-character line limit +- Type hints for all functions +- Docstrings for public methods +- Small, focused functions +- Meaningful variable names + +## Reporting Issues + +Include: + +- Python version and OS +- Strix version (`strix --version`) +- LLM being used +- Full error traceback +- Steps to reproduce + +## Community + + + + Join the community for help and discussion. + + + Report bugs and request features. + + diff --git a/docs/docs.json b/docs/docs.json new file mode 100644 index 0000000..725f418 --- /dev/null +++ b/docs/docs.json @@ -0,0 +1,129 @@ +{ + "$schema": "https://mintlify.com/docs.json", + "theme": "maple", + "name": "Strix", + "colors": { + "primary": "#000000", + "light": "#ffffff", + "dark": "#000000" + }, + "favicon": "/images/favicon-48.ico", + "navigation": { + "tabs": [ + { + "tab": "Documentation", + "groups": [ + { + "group": "Getting Started", + "pages": [ + "index", + "quickstart" + ] + }, + { + "group": "Usage", + "pages": [ + "usage/cli", + "usage/scan-modes", + "usage/instructions" + ] + }, + { + "group": "LLM Providers", + "pages": [ + "llm-providers/overview", + "llm-providers/openai", + "llm-providers/anthropic", + "llm-providers/openrouter", + "llm-providers/vertex", + "llm-providers/bedrock", + "llm-providers/azure", + "llm-providers/local" + ] + }, + { + "group": "Integrations", + "pages": [ + "integrations/github-actions", + "integrations/ci-cd" + ] + }, + { + "group": "Tools", + "pages": [ + "tools/overview", + "tools/browser", + "tools/proxy", + "tools/terminal", + "tools/sandbox" + ] + }, + { + "group": "Advanced", + "pages": [ + "advanced/configuration", + "advanced/skills", + "contributing" + ] + } + ] + }, + { + "tab": "Cloud", + "groups": [ + { + "group": "Strix Cloud", + "pages": [ + "cloud/overview" + ] + } + ] + } + ], + "global": { + "anchors": [ + { + "anchor": "GitHub", + "href": "https://github.com/usestrix/strix", + "icon": "github" + }, + { + "anchor": "Discord", + "href": "https://discord.gg/YjKFvEZSdZ", + "icon": "discord" + } + ] + } + }, + "navbar": { + "links": [], + "primary": { + "type": "button", + "label": "Try Strix Cloud", + "href": "https://app.usestrix.com" + } + }, + "footer": { + "socials": { + "x": "https://x.com/strix_ai", + "github": "https://github.com/usestrix", + "discord": "https://discord.gg/YjKFvEZSdZ" + } + }, + "fonts": { + "family": "Geist", + "heading": { + "family": "Geist" + }, + "body": { + "family": "Geist" + } + }, + "appearance": { + "default": "dark" + }, + "description": "Open-source AI Hackers to secure your Apps", + "background": { + "decoration": "grid" + } +} diff --git a/docs/images/favicon-48.ico b/docs/images/favicon-48.ico new file mode 100644 index 0000000000000000000000000000000000000000..64be0c4ade374e5ab7186777f8f2a0c95dd7e0b0 GIT binary patch literal 9662 zcmeHMTPtl*6kgjk)bSu&x#XmCI7)0ua?34}5+39MbzZ#r7nIyyyt*r#2+1wUrH*S# zlCnmwr^K-K5N5Bd%+PF7DlbDtu!z&K)t=aG&nd&LqkI>QrF+#Ps78*l$x5#twkM(|fxS2O&(yE}S(eAJcO+gona*VpG${NN05LxO^W z7)w=E6=QpNc%Y}JCtbnVPy~N)aPV6{-r|z*T|1{GB_)i_$VKpL`*75^wwlp(&1R#?$w|7ryrkXTT{<{8p#A;*H`&|Uj2@DM6HVq98tRu04m+R|mvRbVkoddzYv9ZDS5vLdf%JT9u+r}I@ z@}K0(rluy=f$sD3Ge2KlT~S0tgjewI?Ch{j_)q-5zP`@3ff3`>6X8c=V)w6v&I`T6wpl#ox+-qHN&_4S!L={Gz)oQjK!si2^M zii(Oj2gS$7)A;x}ZEkMT+S(dnKGXuvt*)*TauM6vmp+# z7g$iq-OUvJ@uuTg+q z_AgkU9Pvf!W&SEFD_I|Ymx5=kfoLo3M9*D!@qc%BH=9-aAAA3(s3_(R@*=pR6`UJ@ zrM=#*ci8xX=^X|6qMXAEK-7&)d&}AtNJ$@f*1;E-ro<{NgY0 zpt-r3kefO>I;g9wi#j_yS@4WHoZImof3JWZbVUDuyZego&io{M;g9bBv)`SK-~49& WAKv7E$pMoCUgdz@-DdHX2mS$mU2)(5 literal 0 HcmV?d00001 diff --git a/docs/images/logo.png b/docs/images/logo.png new file mode 100644 index 0000000000000000000000000000000000000000..699eb83737137673585c5d23f4b1d5865a7344aa GIT binary patch literal 3801 zcmeH}c~nzp8pdw|gDFxFQHW>(ixr|)6SOcaA!-RofQU%2B4HIqs41EdmOxn4LRo}q zi33OgmjX7_L`2YpEeHgy0*z<`28c=_L6)!t0)}O7VCK~6GIQpf_P>7T+;hL&^X1## z-}^jox+mV{U2S7+007=~J>=vC0MHBIlK_K)Ut}9BPJ^#^&Kx>U0RY_=^#i%IQ+G4i z$#iu(;2p~x>qAG2eTj0T)T7AVFz!g2aJZb!*RIf2a=|lCbtFsHEY1d{%n8r4e*xdP~_OHKfS7+N!FmU1=hL$`lSDJfKIMgh6yA#0^G2ENT9q0 zuI2eE{+93sK3GS?o3Igmf37ZR*^#DcSp;tes(N7-qJpePG zIW{$AMOz05wo4PDqYdfa^HKXeaw*yV1j`O}i1XWeE|oJ_tjp>+WA0;=y}JxEySlmt z$(ztH#=)#jX*_mLcJ_A(hr+6Q{QUgB6^*oq8KB+rnG^!S6qC3`5k9cZ(X1VawSmZX8)k^68PO-`>E7#NVXALaF&Hmt{qhf#bsxg)fAtZwqbXa^pT zzb1;vWREa8THUS>17bptHC$(S6_nh#T$bK%4Yax;s6?asw*HQwNwZLYhXyVeF;SCH zymwE=6{k?g`-;~2`8WkEF?gYS@3< z{YXpx`i=3QB%C?p8Rm-%Tj5TP(!`efxasXQ%{g3Fic~f+fn4eSDs^uIk|I4-)#H={ z1gt^`7wB)i74s9I>Y*=eSD|cJ4|ZRxKrp~H-k#V!o!lWb2OLcP6YjT{Q4eoMB1&cY z$>q*jL2#7TEIteIrOj)gQ+-r*5TWr^{+#PB-N9g}R`&CO?=C~3d2fVOfm06BDlacj zXny)EmAVlP-9LG`jEnfnoORU;M-*W>V##CawCpAnsbwpDGW%kAX1J?d*1p%O#F3ui ze}}_kPx~U1iS1!kvc=h(WnJNlp-lzqaAH+@M#eyDf%|rl2YLNndpo;~eg|`d{(%}& z1uLUp2QX(){C62v+E0q_knD@_=(xICCgnjNKoo(PoIqsEyiWtVT|2le7LTn5HeFpW zoT{&KN%{V(#l$Hxx2~>klsEq74K3&B#v5{#xELD15!pMM6;s$FJQizDMcf2Nyu4Xb z^?iVIJ&)(h5lN*|6aO{v5+2(q6I*HV@X^zK7b}K=(c>NSKmNFlch;N|9X%8s3e0|c z!-C>`m2?8F71*hWwFFa2?a&#o=xlxhF6Cz zO?ySM9u3}>t7Hi0FzZ5)q|*3JXdvtHh=?=7%PtOfXR+Rl-IXjYOn1r-T=5ImX$D2a zG-*Lt`h8zLZRYi}iert-OYsUbz+tPcls)npJlL+tnX?%swGfl+6!&K+wQb7rV^!04x8PpxkeJJj|OxmPU$@yU4k9$;Ic<@Kz-t7FuiE0 zdAVuqM`W%82GhvnJ(t6m8zbnFwHSV)H-SnfPd&&BFDyG-K#3s`KxE6pO(++mg*9Ud zjxibz{KZm6;^K^`o5(c~o(GL==$T?ZVSK~|&~iiE^r?{1=h`pY=cL-(+NS&8`S5wo zvykKXBv2C-hcYzIM-VYmISDg+jP)hV_UK$x0fqD5-Hx6emVBF}gsEU5| z@uhjKQ<2BZ_657AXY?I0F)?ul6Sy@I;#0ZY7F)b(eLq)+-vO4NyX$W);hz4cA;$#r zV)6^r2Rp0b>eM2LMknPQ2VCE3Mxvuq?}RX$fJolm~(^VxVSiO z&*||+g9fSGa7u5*xRC|!xLP_5+*;nFfBEX#UR+jCCJSt!>yAHrUfUq=?CjjLXOAf_ zn=Vm>=_Qw6>CR=FgJ^n<#*iVNY{rwGp5sxi&R{~R-7p`>I$mk><;BknJ0Wxa>YTZj zY3%OX#}XwcpfMUFLZ7xSG)OB8qr%cK{Tsk&zM5RV)r= zrL6hUC!+iF->#UD{Fg6-6fnNQHUV-!4nfm=@y_~{vg`jUrBWe|NlRPM&b74@ zpaF^s2#%mR@YdSZgFK4>jVp_ + + Install and run your first scan in minutes. + + + Learn all command-line options. + + + Explore the security testing toolkit. + + + Integrate into your CI/CD pipeline. + + + +## Key Capabilities + +- **Full hacker toolkit** — Browser automation, HTTP proxy, terminal, Python runtime +- **Real validation** — PoCs, not false positives +- **Multi-agent orchestration** — Specialized agents collaborate on complex targets +- **Developer-first CLI** — Interactive TUI or headless mode for automation + +## Vulnerability Coverage + +Strix can identify and validate: + +| Category | Examples | +|----------|----------| +| Access Control | IDOR, privilege escalation, auth bypass | +| Injection | SQL, NoSQL, command injection | +| Server-Side | SSRF, XXE, deserialization | +| Client-Side | XSS, prototype pollution, DOM vulnerabilities | +| Business Logic | Race conditions, workflow manipulation | +| Authentication | JWT vulnerabilities, session management | + + +Only test applications you own or have explicit permission to test. + diff --git a/docs/integrations/ci-cd.mdx b/docs/integrations/ci-cd.mdx new file mode 100644 index 0000000..48213e7 --- /dev/null +++ b/docs/integrations/ci-cd.mdx @@ -0,0 +1,80 @@ +--- +title: "CI/CD Integration" +description: "Run Strix in any CI/CD pipeline" +--- + +Strix runs in headless mode for automated pipelines. + +## Headless Mode + +Use the `-n` or `--non-interactive` flag: + +```bash +strix -n --target ./app --scan-mode quick +``` + +## Exit Codes + +| Code | Meaning | +|------|---------| +| 0 | No vulnerabilities found | +| 1 | Execution error | +| 2 | Vulnerabilities found | + +## GitLab CI + +```yaml .gitlab-ci.yml +security-scan: + image: docker:latest + services: + - docker:dind + variables: + STRIX_LLM: $STRIX_LLM + LLM_API_KEY: $LLM_API_KEY + script: + - curl -sSL https://strix.ai/install | bash + - strix -n -t ./ --scan-mode quick +``` + +## Jenkins + +```groovy Jenkinsfile +pipeline { + agent any + environment { + STRIX_LLM = credentials('strix-llm') + LLM_API_KEY = credentials('llm-api-key') + } + stages { + stage('Security Scan') { + steps { + sh 'curl -sSL https://strix.ai/install | bash' + sh 'strix -n -t ./ --scan-mode quick' + } + } + } +} +``` + +## CircleCI + +```yaml .circleci/config.yml +version: 2.1 +jobs: + security-scan: + docker: + - image: cimg/base:current + steps: + - checkout + - setup_remote_docker + - run: + name: Install Strix + command: curl -sSL https://strix.ai/install | bash + - run: + name: Run Scan + command: strix -n -t ./ --scan-mode quick +``` + + +All CI platforms require Docker access. Ensure your runner has Docker available. + diff --git a/docs/integrations/github-actions.mdx b/docs/integrations/github-actions.mdx new file mode 100644 index 0000000..827dce0 --- /dev/null +++ b/docs/integrations/github-actions.mdx @@ -0,0 +1,60 @@ +--- +title: "GitHub Actions" +description: "Run Strix security scans on every pull request" +--- + +Integrate Strix into your GitHub workflow to catch vulnerabilities before they reach production. + +## Basic Workflow + +```yaml .github/workflows/security.yml +name: Security Scan + +on: + pull_request: + +jobs: + strix-scan: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - name: Install Strix + run: curl -sSL https://strix.ai/install | bash + + - name: Run Security Scan + env: + STRIX_LLM: ${{ secrets.STRIX_LLM }} + LLM_API_KEY: ${{ secrets.LLM_API_KEY }} + run: strix -n -t ./ --scan-mode quick +``` + +## Required Secrets + +Add these secrets to your repository: + +| Secret | Description | +|--------|-------------| +| `STRIX_LLM` | Model name (e.g., `openai/gpt-5`) | +| `LLM_API_KEY` | API key for your LLM provider | + +## Exit Codes + +The workflow fails when vulnerabilities are found: + +| Code | Result | +|------|--------| +| 0 | Pass — No vulnerabilities | +| 2 | Fail — Vulnerabilities found | + +## Scan Modes for CI + +| Mode | Duration | Use Case | +|------|----------|----------| +| `quick` | Minutes | Every PR | +| `standard` | ~30 min | Nightly builds | +| `deep` | 1-4 hours | Release candidates | + + +Use `quick` mode for PRs to keep feedback fast. Schedule `deep` scans nightly. + diff --git a/docs/llm-providers/anthropic.mdx b/docs/llm-providers/anthropic.mdx new file mode 100644 index 0000000..81680a1 --- /dev/null +++ b/docs/llm-providers/anthropic.mdx @@ -0,0 +1,24 @@ +--- +title: "Anthropic" +description: "Configure Strix with Claude models" +--- + +## Setup + +```bash +export STRIX_LLM="anthropic/claude-sonnet-4-5" +export LLM_API_KEY="sk-ant-..." +``` + +## Available Models + +| Model | Description | +|-------|-------------| +| `anthropic/claude-sonnet-4-5` | Best balance of intelligence and speed (recommended) | +| `anthropic/claude-opus-4-5` | Maximum capability for deep analysis | + +## Get API Key + +1. Go to [console.anthropic.com](https://console.anthropic.com) +2. Navigate to API Keys +3. Create a new key diff --git a/docs/llm-providers/azure.mdx b/docs/llm-providers/azure.mdx new file mode 100644 index 0000000..629516d --- /dev/null +++ b/docs/llm-providers/azure.mdx @@ -0,0 +1,37 @@ +--- +title: "Azure OpenAI" +description: "Configure Strix with OpenAI models via Azure" +--- + +## Setup + +```bash +export STRIX_LLM="azure/your-gpt5-deployment" +export AZURE_API_KEY="your-azure-api-key" +export AZURE_API_BASE="https://your-resource.openai.azure.com" +export AZURE_API_VERSION="2025-11-01-preview" +``` + +## Configuration + +| Variable | Description | +|----------|-------------| +| `STRIX_LLM` | `azure/` | +| `AZURE_API_KEY` | Your Azure OpenAI API key | +| `AZURE_API_BASE` | Your Azure OpenAI endpoint URL | +| `AZURE_API_VERSION` | API version (e.g., `2025-11-01-preview`) | + +## Example + +```bash +export STRIX_LLM="azure/gpt-5-deployment" +export AZURE_API_KEY="abc123..." +export AZURE_API_BASE="https://mycompany.openai.azure.com" +export AZURE_API_VERSION="2025-11-01-preview" +``` + +## Prerequisites + +1. Create an Azure OpenAI resource +2. Deploy a model (e.g., GPT-5) +3. Get the endpoint URL and API key from the Azure portal diff --git a/docs/llm-providers/bedrock.mdx b/docs/llm-providers/bedrock.mdx new file mode 100644 index 0000000..2189e98 --- /dev/null +++ b/docs/llm-providers/bedrock.mdx @@ -0,0 +1,47 @@ +--- +title: "AWS Bedrock" +description: "Configure Strix with models via AWS Bedrock" +--- + +## Setup + +```bash +export STRIX_LLM="bedrock/anthropic.claude-4-5-sonnet-20251022-v1:0" +``` + +No API key required—uses AWS credentials from environment. + +## Authentication + +### Option 1: AWS CLI Profile + +```bash +export AWS_PROFILE="your-profile" +export AWS_REGION="us-east-1" +``` + +### Option 2: Access Keys + +```bash +export AWS_ACCESS_KEY_ID="AKIA..." +export AWS_SECRET_ACCESS_KEY="..." +export AWS_REGION="us-east-1" +``` + +### Option 3: IAM Role (EC2/ECS) + +Automatically uses instance role credentials. + +## Available Models + +| Model | Description | +|-------|-------------| +| `bedrock/anthropic.claude-4-5-sonnet-20251022-v1:0` | Claude 4.5 Sonnet | +| `bedrock/anthropic.claude-4-5-opus-20251022-v1:0` | Claude 4.5 Opus | +| `bedrock/anthropic.claude-4-5-haiku-20251022-v1:0` | Claude 4.5 Haiku | +| `bedrock/amazon.titan-text-premier-v2:0` | Amazon Titan Premier v2 | + +## Prerequisites + +1. Enable model access in the AWS Bedrock console +2. Ensure your IAM role/user has `bedrock:InvokeModel` permission diff --git a/docs/llm-providers/local.mdx b/docs/llm-providers/local.mdx new file mode 100644 index 0000000..8a899a5 --- /dev/null +++ b/docs/llm-providers/local.mdx @@ -0,0 +1,56 @@ +--- +title: "Local Models" +description: "Run Strix with self-hosted LLMs for privacy and air-gapped testing" +--- + +Running Strix with local models allows for completely offline, privacy-first security assessments. Data never leaves your machine, making this ideal for sensitive internal networks or air-gapped environments. + +## Privacy vs Performance + +| Feature | Local Models | Cloud Models (GPT-5/Claude 4.5) | +|---------|--------------|--------------------------------| +| **Privacy** | 🔒 Data stays local | Data sent to provider | +| **Cost** | Free (hardware only) | Pay-per-token | +| **Reasoning** | Lower (struggles with agents) | State-of-the-art | +| **Setup** | Complex (GPU required) | Instant | + + +**Compatibility Note**: Strix relies on advanced agentic capabilities (tool use, multi-step planning, self-correction). Most local models, especially those under 70B parameters, struggle with these complex tasks. + +For critical assessments, we strongly recommend using state-of-the-art cloud models like **Claude 4.5 Sonnet** or **GPT-5**. Use local models only when privacy is the absolute priority. + + +## Ollama + +[Ollama](https://ollama.ai) is the easiest way to run local models on macOS, Linux, and Windows. + +### Setup + +1. Install Ollama from [ollama.ai](https://ollama.ai) +2. Pull a high-performance model: + ```bash + ollama pull qwen3-vl + ``` +3. Configure Strix: + ```bash + export STRIX_LLM="ollama/qwen3-vl" + export LLM_API_BASE="http://localhost:11434" + ``` + +### Recommended Models + +We recommend these models for the best balance of reasoning and tool use: + +**Recommended models:** +- **Qwen3 VL** (`ollama pull qwen3-vl`) +- **DeepSeek V3.1** (`ollama pull deepseek-v3.1`) +- **Devstral 2** (`ollama pull devstral-2`) + +## LM Studio / OpenAI Compatible + +If you use LM Studio, vLLM, or other runners: + +```bash +export STRIX_LLM="openai/local-model" +export LLM_API_BASE="http://localhost:1234/v1" # Adjust port as needed +``` diff --git a/docs/llm-providers/openai.mdx b/docs/llm-providers/openai.mdx new file mode 100644 index 0000000..77c8ea8 --- /dev/null +++ b/docs/llm-providers/openai.mdx @@ -0,0 +1,31 @@ +--- +title: "OpenAI" +description: "Configure Strix with OpenAI models" +--- + +## Setup + +```bash +export STRIX_LLM="openai/gpt-5" +export LLM_API_KEY="sk-..." +``` + +## Available Models + +See [OpenAI Models Documentation](https://platform.openai.com/docs/models) for the full list of available models. + +## Get API Key + +1. Go to [platform.openai.com](https://platform.openai.com) +2. Navigate to API Keys +3. Create a new secret key + +## Custom Base URL + +For OpenAI-compatible APIs: + +```bash +export STRIX_LLM="openai/gpt-5" +export LLM_API_KEY="your-key" +export LLM_API_BASE="https://your-proxy.com/v1" +``` diff --git a/docs/llm-providers/openrouter.mdx b/docs/llm-providers/openrouter.mdx new file mode 100644 index 0000000..31919c1 --- /dev/null +++ b/docs/llm-providers/openrouter.mdx @@ -0,0 +1,37 @@ +--- +title: "OpenRouter" +description: "Configure Strix with models via OpenRouter" +--- + +[OpenRouter](https://openrouter.ai) provides access to 100+ models from multiple providers through a single API. + +## Setup + +```bash +export STRIX_LLM="openrouter/openai/gpt-5" +export LLM_API_KEY="sk-or-..." +``` + +## Available Models + +Access any model on OpenRouter using the format `openrouter//`: + +| Model | Configuration | +|-------|---------------| +| GPT-5 | `openrouter/openai/gpt-5` | +| Claude 4.5 Sonnet | `openrouter/anthropic/claude-sonnet-4.5` | +| Gemini 3 Pro | `openrouter/google/gemini-3-pro-preview` | +| GLM-4.7 | `openrouter/z-ai/glm-4.7` | + +## Get API Key + +1. Go to [openrouter.ai](https://openrouter.ai) +2. Sign in and navigate to Keys +3. Create a new API key + +## Benefits + +- **Single API** — Access models from OpenAI, Anthropic, Google, Meta, and more +- **Fallback routing** — Automatic failover between providers +- **Cost tracking** — Monitor usage across all models +- **Higher rate limits** — OpenRouter handles provider limits for you diff --git a/docs/llm-providers/overview.mdx b/docs/llm-providers/overview.mdx new file mode 100644 index 0000000..9027aac --- /dev/null +++ b/docs/llm-providers/overview.mdx @@ -0,0 +1,61 @@ +--- +title: "Overview" +description: "Configure your AI model for Strix" +--- + +Strix uses [LiteLLM](https://docs.litellm.ai/docs/providers) for model compatibility, supporting 100+ LLM providers. + +## Recommended Models + +For best results, use one of these models: + +| Model | Provider | Configuration | +| ----------------- | ------------- | -------------------------------- | +| GPT-5 | OpenAI | `openai/gpt-5` | +| Claude 4.5 Sonnet | Anthropic | `anthropic/claude-sonnet-4-5` | +| Gemini 3 Pro | Google Vertex | `vertex_ai/gemini-3-pro-preview` | + +## Quick Setup + +```bash +export STRIX_LLM="openai/gpt-5" +export LLM_API_KEY="your-api-key" +``` + +## Provider Guides + + + + GPT-5 and Codex models. + + + Claude 4.5 Sonnet, Opus, and Haiku. + + + Access 100+ models through a single API. + + + Gemini 3 models via Google Cloud. + + + Claude 4.5 and Titan models via AWS. + + + GPT-5 via Azure. + + + Llama 4, Mistral, and self-hosted models. + + + +## Model Format + +Use LiteLLM's `provider/model-name` format: + +``` +openai/gpt-5 +anthropic/claude-sonnet-4-5 +vertex_ai/gemini-3-pro-preview +bedrock/anthropic.claude-4-5-sonnet-20251022-v1:0 +ollama/llama4 +``` diff --git a/docs/llm-providers/vertex.mdx b/docs/llm-providers/vertex.mdx new file mode 100644 index 0000000..18c6ecc --- /dev/null +++ b/docs/llm-providers/vertex.mdx @@ -0,0 +1,53 @@ +--- +title: "Google Vertex AI" +description: "Configure Strix with Gemini models via Google Cloud" +--- + +## Installation + +Vertex AI requires the Google Cloud dependency. Install Strix with the vertex extra: + +```bash +pipx install "strix-agent[vertex]" +``` + +## Setup + +```bash +export STRIX_LLM="vertex_ai/gemini-3-pro-preview" +``` + +No API key required—uses Google Cloud Application Default Credentials. + +## Authentication + +### Option 1: gcloud CLI + +```bash +gcloud auth application-default login +``` + +### Option 2: Service Account + +```bash +export GOOGLE_APPLICATION_CREDENTIALS="/path/to/service-account.json" +``` + +## Available Models + +| Model | Description | +|-------|-------------| +| `vertex_ai/gemini-3-pro-preview` | Best overall performance for security testing | +| `vertex_ai/gemini-3-flash-preview` | Faster and cheaper | + +## Project Configuration + +```bash +export VERTEXAI_PROJECT="your-project-id" +export VERTEXAI_LOCATION="us-central1" +``` + +## Prerequisites + +1. Enable the Vertex AI API in your Google Cloud project +2. Ensure your account has the `Vertex AI User` role diff --git a/docs/logo/strix.png b/docs/logo/strix.png new file mode 100644 index 0000000000000000000000000000000000000000..699eb83737137673585c5d23f4b1d5865a7344aa GIT binary patch literal 3801 zcmeH}c~nzp8pdw|gDFxFQHW>(ixr|)6SOcaA!-RofQU%2B4HIqs41EdmOxn4LRo}q zi33OgmjX7_L`2YpEeHgy0*z<`28c=_L6)!t0)}O7VCK~6GIQpf_P>7T+;hL&^X1## z-}^jox+mV{U2S7+007=~J>=vC0MHBIlK_K)Ut}9BPJ^#^&Kx>U0RY_=^#i%IQ+G4i z$#iu(;2p~x>qAG2eTj0T)T7AVFz!g2aJZb!*RIf2a=|lCbtFsHEY1d{%n8r4e*xdP~_OHKfS7+N!FmU1=hL$`lSDJfKIMgh6yA#0^G2ENT9q0 zuI2eE{+93sK3GS?o3Igmf37ZR*^#DcSp;tes(N7-qJpePG zIW{$AMOz05wo4PDqYdfa^HKXeaw*yV1j`O}i1XWeE|oJ_tjp>+WA0;=y}JxEySlmt z$(ztH#=)#jX*_mLcJ_A(hr+6Q{QUgB6^*oq8KB+rnG^!S6qC3`5k9cZ(X1VawSmZX8)k^68PO-`>E7#NVXALaF&Hmt{qhf#bsxg)fAtZwqbXa^pT zzb1;vWREa8THUS>17bptHC$(S6_nh#T$bK%4Yax;s6?asw*HQwNwZLYhXyVeF;SCH zymwE=6{k?g`-;~2`8WkEF?gYS@3< z{YXpx`i=3QB%C?p8Rm-%Tj5TP(!`efxasXQ%{g3Fic~f+fn4eSDs^uIk|I4-)#H={ z1gt^`7wB)i74s9I>Y*=eSD|cJ4|ZRxKrp~H-k#V!o!lWb2OLcP6YjT{Q4eoMB1&cY z$>q*jL2#7TEIteIrOj)gQ+-r*5TWr^{+#PB-N9g}R`&CO?=C~3d2fVOfm06BDlacj zXny)EmAVlP-9LG`jEnfnoORU;M-*W>V##CawCpAnsbwpDGW%kAX1J?d*1p%O#F3ui ze}}_kPx~U1iS1!kvc=h(WnJNlp-lzqaAH+@M#eyDf%|rl2YLNndpo;~eg|`d{(%}& z1uLUp2QX(){C62v+E0q_knD@_=(xICCgnjNKoo(PoIqsEyiWtVT|2le7LTn5HeFpW zoT{&KN%{V(#l$Hxx2~>klsEq74K3&B#v5{#xELD15!pMM6;s$FJQizDMcf2Nyu4Xb z^?iVIJ&)(h5lN*|6aO{v5+2(q6I*HV@X^zK7b}K=(c>NSKmNFlch;N|9X%8s3e0|c z!-C>`m2?8F71*hWwFFa2?a&#o=xlxhF6Cz zO?ySM9u3}>t7Hi0FzZ5)q|*3JXdvtHh=?=7%PtOfXR+Rl-IXjYOn1r-T=5ImX$D2a zG-*Lt`h8zLZRYi}iert-OYsUbz+tPcls)npJlL+tnX?%swGfl+6!&K+wQb7rV^!04x8PpxkeJJj|OxmPU$@yU4k9$;Ic<@Kz-t7FuiE0 zdAVuqM`W%82GhvnJ(t6m8zbnFwHSV)H-SnfPd&&BFDyG-K#3s`KxE6pO(++mg*9Ud zjxibz{KZm6;^K^`o5(c~o(GL==$T?ZVSK~|&~iiE^r?{1=h`pY=cL-(+NS&8`S5wo zvykKXBv2C-hcYzIM-VYmISDg+jP)hV_UK$x0fqD5-Hx6emVBF}gsEU5| z@uhjKQ<2BZ_657AXY?I0F)?ul6Sy@I;#0ZY7F)b(eLq)+-vO4NyX$W);hz4cA;$#r zV)6^r2Rp0b>eM2LMknPQ2VCE3Mxvuq?}RX$fJolm~(^VxVSiO z&*||+g9fSGa7u5*xRC|!xLP_5+*;nFfBEX#UR+jCCJSt!>yAHrUfUq=?CjjLXOAf_ zn=Vm>=_Qw6>CR=FgJ^n<#*iVNY{rwGp5sxi&R{~R-7p`>I$mk><;BknJ0Wxa>YTZj zY3%OX#}XwcpfMUFLZ7xSG)OB8qr%cK{Tsk&zM5RV)r= zrL6hUC!+iF->#UD{Fg6-6fnNQHUV-!4nfm=@y_~{vg`jUrBWe|NlRPM&b74@ zpaF^s2#%mR@YdSZgFK4>jVp_ + + ```bash + curl -sSL https://strix.ai/install | bash + ``` + + + ```bash + pipx install strix-agent + ``` + + + +## Configuration + +Set your LLM provider: + +```bash +export STRIX_LLM="openai/gpt-5" +export LLM_API_KEY="your-api-key" +``` + + +For best results, use `openai/gpt-5`, `anthropic/claude-sonnet-4-5`, or `vertex_ai/gemini-3-pro-preview`. + + +## Run Your First Scan + +```bash +strix --target ./your-app +``` + + +First run pulls the Docker sandbox image automatically. Results are saved to `strix_runs/`. + + +## Target Types + +Strix accepts multiple target types: + +```bash +# Local codebase +strix --target ./app-directory + +# GitHub repository +strix --target https://github.com/org/repo + +# Live web application +strix --target https://your-app.com + +# Multiple targets (white-box testing) +strix -t https://github.com/org/repo -t https://your-app.com +``` + +## Next Steps + + + + Explore all command-line options. + + + Choose the right scan depth. + + diff --git a/docs/tools/browser.mdx b/docs/tools/browser.mdx new file mode 100644 index 0000000..7220d9c --- /dev/null +++ b/docs/tools/browser.mdx @@ -0,0 +1,34 @@ +--- +title: "Browser" +description: "Playwright-powered Chrome for web application testing" +--- + +Strix uses a headless Chrome browser via Playwright to interact with web applications exactly like a real user would. + +## How It Works + +All browser traffic is automatically routed through the Caido proxy, giving Strix full visibility into every request and response. This enables: + +- Testing client-side vulnerabilities (XSS, DOM manipulation) +- Navigating authenticated flows (login, OAuth, MFA) +- Triggering JavaScript-heavy functionality +- Capturing dynamically generated requests + +## Capabilities + +| Action | Description | +| ---------- | ------------------------------------------- | +| Navigate | Go to URLs, follow links, handle redirects | +| Click | Interact with buttons, links, form elements | +| Type | Fill in forms, search boxes, input fields | +| Execute JS | Run custom JavaScript in the page context | +| Screenshot | Capture visual state for reports | +| Multi-tab | Test across multiple browser tabs | + +## Example Flow + +1. Agent launches browser and navigates to login page +2. Fills in credentials and submits form +3. Proxy captures the authentication request +4. Agent navigates to protected areas +5. Tests for IDOR by replaying requests with modified IDs diff --git a/docs/tools/overview.mdx b/docs/tools/overview.mdx new file mode 100644 index 0000000..4a5db0a --- /dev/null +++ b/docs/tools/overview.mdx @@ -0,0 +1,33 @@ +--- +title: "Agent Tools" +description: "How Strix agents interact with targets" +--- + +Strix agents use specialized tools to test your applications like a real penetration tester would. + +## Core Tools + + + + Playwright-powered Chrome for interacting with web UIs. + + + Caido-powered proxy for intercepting and replaying requests. + + + Bash shell for running commands and security tools. + + + Pre-installed security tools: Nuclei, ffuf, and more. + + + +## Additional Tools + +| Tool | Purpose | +| -------------- | ---------------------------------------- | +| Python Runtime | Write and execute custom exploit scripts | +| File Editor | Read and modify source code | +| Web Search | Real-time OSINT via Perplexity | +| Notes | Document findings during the scan | +| Reporting | Generate vulnerability reports with PoCs | diff --git a/docs/tools/proxy.mdx b/docs/tools/proxy.mdx new file mode 100644 index 0000000..f870bad --- /dev/null +++ b/docs/tools/proxy.mdx @@ -0,0 +1,90 @@ +--- +title: "HTTP Proxy" +description: "Caido-powered proxy for request interception and replay" +--- + +Strix includes [Caido](https://caido.io), a modern HTTP proxy built for security testing. All browser traffic flows through Caido, giving the agent full control over requests and responses. + +## Capabilities + +| Feature | Description | +| ---------------- | -------------------------------------------- | +| Request Capture | Log all HTTP/HTTPS traffic automatically | +| Request Replay | Repeat any request with modifications | +| HTTPQL | Query captured traffic with powerful filters | +| Scope Management | Focus on specific domains or paths | +| Sitemap | Visualize the discovered attack surface | + +## HTTPQL Filtering + +Query captured requests using Caido's HTTPQL syntax + +## Request Replay + +The agent can take any captured request and replay it with modifications: + +- Change path parameters (test for IDOR) +- Modify request body (test for injection) +- Add/remove headers (test for auth bypass) +- Alter cookies (test for session issues) + +## Python Integration + +All proxy functions are automatically available in Python sessions. This enables powerful scripted security testing: + +```python +# List recent POST requests +post_requests = list_requests( + httpql_filter='req.method.eq:"POST"', + page_size=20 +) + +# View a specific request +request_details = view_request("req_123", part="request") + +# Replay with modified payload +response = repeat_request("req_123", { + "body": '{"user_id": "admin"}' +}) +print(f"Status: {response['status_code']}") +``` + +### Available Functions + +| Function | Description | +| ---------------------- | ------------------------------------------ | +| `list_requests()` | Query captured traffic with HTTPQL filters | +| `view_request()` | Get full request/response details | +| `repeat_request()` | Replay a request with modifications | +| `send_request()` | Send a new HTTP request | +| `scope_rules()` | Manage proxy scope (allowlist/denylist) | +| `list_sitemap()` | View discovered endpoints | +| `view_sitemap_entry()` | Get details for a sitemap entry | + +### Example: Automated IDOR Testing + +```python +# Get all requests to user endpoints +user_requests = list_requests( + httpql_filter='req.path.cont:"/users/"' +) + +for req in user_requests.get('requests', []): + # Try accessing with different user IDs + for test_id in ['1', '2', 'admin', '../admin']: + response = repeat_request(req['id'], { + 'url': req['path'].replace('/users/1', f'/users/{test_id}') + }) + + if response['status_code'] == 200: + print(f"Potential IDOR: {test_id} returned 200") +``` + +## Scope + +Create scopes to filter traffic to relevant domains: + +``` +Allowlist: ["api.example.com", "*.example.com"] +Denylist: ["*.gif", "*.jpg", "*.png", "*.css", "*.js"] +``` diff --git a/docs/tools/sandbox.mdx b/docs/tools/sandbox.mdx new file mode 100644 index 0000000..c9043b9 --- /dev/null +++ b/docs/tools/sandbox.mdx @@ -0,0 +1,83 @@ +--- +title: "Sandbox Tools" +description: "Pre-installed security tools in the Strix container" +--- + +Strix runs inside a Kali Linux-based Docker container with a comprehensive set of security tools pre-installed. The agent can use any of these tools through the [terminal](/tools/terminal). + +## Reconnaissance + +| Tool | Description | +| ---------------------------------------------------------- | -------------------------------------- | +| [Subfinder](https://github.com/projectdiscovery/subfinder) | Subdomain discovery | +| [Naabu](https://github.com/projectdiscovery/naabu) | Fast port scanner | +| [httpx](https://github.com/projectdiscovery/httpx) | HTTP probing and analysis | +| [Katana](https://github.com/projectdiscovery/katana) | Web crawling and spidering | +| [ffuf](https://github.com/ffuf/ffuf) | Fast web fuzzer | +| [Nmap](https://nmap.org) | Network scanning and service detection | + +## Web Testing + +| Tool | Description | +| ------------------------------------------------------ | -------------------------------- | +| [Arjun](https://github.com/s0md3v/Arjun) | HTTP parameter discovery | +| [Dirsearch](https://github.com/maurosoria/dirsearch) | Directory and file brute-forcing | +| [wafw00f](https://github.com/EnableSecurity/wafw00f) | WAF fingerprinting | +| [GoSpider](https://github.com/jaeles-project/gospider) | Web spider for link extraction | + +## Automated Scanners + +| Tool | Description | +| ---------------------------------------------------- | -------------------------------------------------- | +| [Nuclei](https://github.com/projectdiscovery/nuclei) | Template-based vulnerability scanner | +| [SQLMap](https://sqlmap.org) | Automatic SQL injection detection and exploitation | +| [Wapiti](https://wapiti-scanner.github.io) | Web application vulnerability scanner | +| [ZAP](https://zaproxy.org) | OWASP Zed Attack Proxy | + +## JavaScript Analysis + +| Tool | Description | +| -------------------------------------------------------- | ------------------------------ | +| [JS-Snooper](https://github.com/aravind0x7/JS-Snooper) | JavaScript reconnaissance | +| [jsniper](https://github.com/xchopath/jsniper.sh) | JavaScript file analysis | +| [Retire.js](https://retirejs.github.io/retire.js) | Detect vulnerable JS libraries | +| [ESLint](https://eslint.org) | JavaScript static analysis | +| [js-beautify](https://github.com/beautifier/js-beautify) | JavaScript deobfuscation | +| [JSHint](https://jshint.com) | JavaScript code quality tool | + +## Secret Detection + +| Tool | Description | +| ----------------------------------------------------------- | ------------------------------------- | +| [TruffleHog](https://github.com/trufflesecurity/trufflehog) | Find secrets in code and history | +| [Semgrep](https://github.com/semgrep/semgrep) | Static analysis for security patterns | +| [Bandit](https://bandit.readthedocs.io) | Python security linter | + +## Authentication Testing + +| Tool | Description | +| ------------------------------------------------------------ | ---------------------------------- | +| [jwt_tool](https://github.com/ticarpi/jwt_tool) | JWT token testing and exploitation | +| [Interactsh](https://github.com/projectdiscovery/interactsh) | Out-of-band interaction detection | + +## Container & Supply Chain + +| Tool | Description | +| -------------------------- | ---------------------------------------------- | +| [Trivy](https://trivy.dev) | Container and dependency vulnerability scanner | + +## HTTP Proxy + +| Tool | Description | +| ------------------------- | --------------------------------------------- | +| [Caido](https://caido.io) | Modern HTTP proxy for interception and replay | + +## Browser + +| Tool | Description | +| ------------------------------------ | --------------------------- | +| [Playwright](https://playwright.dev) | Headless browser automation | + + + All tools are pre-configured and ready to use. The agent selects the appropriate tool based on the vulnerability being tested. + diff --git a/docs/tools/terminal.mdx b/docs/tools/terminal.mdx new file mode 100644 index 0000000..4b28bc7 --- /dev/null +++ b/docs/tools/terminal.mdx @@ -0,0 +1,61 @@ +--- +title: "Terminal" +description: "Bash shell for running commands and security tools" +--- + +Strix has access to a persistent bash terminal running inside the Docker sandbox. This gives the agent access to all [pre-installed security tools](/tools/sandbox). + +## Capabilities + +| Feature | Description | +| ----------------- | ---------------------------------------------------------- | +| Persistent state | Working directory and environment persist between commands | +| Multiple sessions | Run parallel terminals for concurrent operations | +| Background jobs | Start long-running processes without blocking | +| Interactive | Respond to prompts and control running processes | + +## Common Uses + +### Running Security Tools + +```bash +# Subdomain enumeration +subfinder -d example.com + +# Vulnerability scanning +nuclei -u https://example.com + +# SQL injection testing +sqlmap -u "https://example.com/page?id=1" +``` + +### Code Analysis + +```bash +# Search for secrets +trufflehog filesystem ./ + +# Static analysis +semgrep --config auto ./src + +# Grep for patterns +grep -r "password" ./ +``` + +### Custom Scripts + +```bash +# Run Python exploits +python3 exploit.py + +# Execute shell scripts +./test_auth_bypass.sh +``` + +## Session Management + +The agent can run multiple terminal sessions concurrently, for example: + +- Main session for primary testing +- Secondary session for monitoring +- Background processes for servers or watchers diff --git a/docs/usage/cli.mdx b/docs/usage/cli.mdx new file mode 100644 index 0000000..75d935c --- /dev/null +++ b/docs/usage/cli.mdx @@ -0,0 +1,58 @@ +--- +title: "CLI Reference" +description: "Command-line options for Strix" +--- + +## Basic Usage + +```bash +strix --target [options] +``` + +## Options + + + Target to test. Accepts URLs, repositories, local directories, domains, or IP addresses. Can be specified multiple times. + + + + Custom instructions for the scan. Use for credentials, focus areas, or specific testing approaches. + + + + Path to a file containing detailed instructions. + + + + Scan depth: `quick`, `standard`, or `deep`. + + + + Run in headless mode without TUI. Ideal for CI/CD. + + +## Examples + +```bash +# Basic scan +strix --target https://example.com + +# Authenticated testing +strix --target https://app.com --instruction "Use credentials: user:pass" + +# Focused testing +strix --target api.example.com --instruction "Focus on IDOR and auth bypass" + +# CI/CD mode +strix -n --target ./ --scan-mode quick + +# Multi-target white-box testing +strix -t https://github.com/org/app -t https://staging.example.com +``` + +## Exit Codes + +| Code | Meaning | +|------|---------| +| 0 | Scan completed, no vulnerabilities found | +| 2 | Vulnerabilities found (headless mode only) | diff --git a/docs/usage/instructions.mdx b/docs/usage/instructions.mdx new file mode 100644 index 0000000..daac24b --- /dev/null +++ b/docs/usage/instructions.mdx @@ -0,0 +1,73 @@ +--- +title: "Custom Instructions" +description: "Guide Strix with custom testing instructions" +--- + +Use instructions to provide context, credentials, or focus areas for your scan. + +## Inline Instructions + +```bash +strix --target https://app.com --instruction "Focus on authentication vulnerabilities" +``` + +## File-Based Instructions + +For complex instructions, use a file: + +```bash +strix --target https://app.com --instruction-file ./pentest-instructions.md +``` + +## Common Use Cases + +### Authenticated Testing + +```bash +strix --target https://app.com \ + --instruction "Login with email: test@example.com, password: TestPass123" +``` + +### Focused Scope + +```bash +strix --target https://api.example.com \ + --instruction "Focus on IDOR vulnerabilities in the /api/users endpoints" +``` + +### Exclusions + +```bash +strix --target https://app.com \ + --instruction "Do not test /admin or /internal endpoints" +``` + +### API Testing + +```bash +strix --target https://api.example.com \ + --instruction "Use API key header: X-API-Key: abc123. Focus on rate limiting bypass." +``` + +## Instruction File Example + +```markdown instructions.md +# Penetration Test Instructions + +## Credentials +- Admin: admin@example.com / AdminPass123 +- User: user@example.com / UserPass123 + +## Focus Areas +1. IDOR in user profile endpoints +2. Privilege escalation between roles +3. JWT token manipulation + +## Out of Scope +- /health endpoints +- Third-party integrations +``` + + +Be specific. Good instructions help Strix prioritize the most valuable attack paths. + diff --git a/docs/usage/scan-modes.mdx b/docs/usage/scan-modes.mdx new file mode 100644 index 0000000..73ed84d --- /dev/null +++ b/docs/usage/scan-modes.mdx @@ -0,0 +1,58 @@ +--- +title: "Scan Modes" +description: "Choose the right scan depth for your use case" +--- + +Strix offers three scan modes to balance speed and thoroughness. + +## Quick + +```bash +strix --target ./app --scan-mode quick +``` + +Fast checks for obvious vulnerabilities. Best for: +- CI/CD pipelines +- Pull request validation +- Rapid smoke tests + +**Duration**: Minutes + +## Standard + +```bash +strix --target ./app --scan-mode standard +``` + +Balanced testing for routine security reviews. Best for: +- Regular security assessments +- Pre-release validation +- Development milestones + +**Duration**: 30 minutes to 1 hour + +## Deep + +```bash +strix --target ./app --scan-mode deep +``` + +Thorough penetration testing. Best for: +- Comprehensive security audits +- Pre-production reviews +- Critical application assessments + +**Duration**: 1-4 hours depending on target complexity + + +Deep mode is the default. It explores edge cases, chained vulnerabilities, and complex attack paths. + + +## Choosing a Mode + +| Scenario | Recommended Mode | +|----------|------------------| +| Every PR | Quick | +| Weekly scans | Standard | +| Before major release | Deep | +| Bug bounty hunting | Deep |