docs: add documentation to main repository
This commit is contained in:
0xallam
58
docs/usage/cli.mdx
Normal file
58
docs/usage/cli.mdx
Normal file
@@ -0,0 +1,58 @@
|
||||
---
|
||||
title: "CLI Reference"
|
||||
description: "Command-line options for Strix"
|
||||
---
|
||||
|
||||
## Basic Usage
|
||||
|
||||
```bash
|
||||
strix --target <target> [options]
|
||||
```
|
||||
|
||||
## Options
|
||||
|
||||
<ParamField path="--target, -t" type="string" required>
|
||||
Target to test. Accepts URLs, repositories, local directories, domains, or IP addresses. Can be specified multiple times.
|
||||
</ParamField>
|
||||
|
||||
<ParamField path="--instruction" type="string">
|
||||
Custom instructions for the scan. Use for credentials, focus areas, or specific testing approaches.
|
||||
</ParamField>
|
||||
|
||||
<ParamField path="--instruction-file" type="string">
|
||||
Path to a file containing detailed instructions.
|
||||
</ParamField>
|
||||
|
||||
<ParamField path="--scan-mode, -m" type="string" default="deep">
|
||||
Scan depth: `quick`, `standard`, or `deep`.
|
||||
</ParamField>
|
||||
|
||||
<ParamField path="--non-interactive, -n" type="boolean">
|
||||
Run in headless mode without TUI. Ideal for CI/CD.
|
||||
</ParamField>
|
||||
|
||||
## Examples
|
||||
|
||||
```bash
|
||||
# Basic scan
|
||||
strix --target https://example.com
|
||||
|
||||
# Authenticated testing
|
||||
strix --target https://app.com --instruction "Use credentials: user:pass"
|
||||
|
||||
# Focused testing
|
||||
strix --target api.example.com --instruction "Focus on IDOR and auth bypass"
|
||||
|
||||
# CI/CD mode
|
||||
strix -n --target ./ --scan-mode quick
|
||||
|
||||
# Multi-target white-box testing
|
||||
strix -t https://github.com/org/app -t https://staging.example.com
|
||||
```
|
||||
|
||||
## Exit Codes
|
||||
|
||||
| Code | Meaning |
|
||||
|------|---------|
|
||||
| 0 | Scan completed, no vulnerabilities found |
|
||||
| 2 | Vulnerabilities found (headless mode only) |
|
||||
73
docs/usage/instructions.mdx
Normal file
73
docs/usage/instructions.mdx
Normal file
@@ -0,0 +1,73 @@
|
||||
---
|
||||
title: "Custom Instructions"
|
||||
description: "Guide Strix with custom testing instructions"
|
||||
---
|
||||
|
||||
Use instructions to provide context, credentials, or focus areas for your scan.
|
||||
|
||||
## Inline Instructions
|
||||
|
||||
```bash
|
||||
strix --target https://app.com --instruction "Focus on authentication vulnerabilities"
|
||||
```
|
||||
|
||||
## File-Based Instructions
|
||||
|
||||
For complex instructions, use a file:
|
||||
|
||||
```bash
|
||||
strix --target https://app.com --instruction-file ./pentest-instructions.md
|
||||
```
|
||||
|
||||
## Common Use Cases
|
||||
|
||||
### Authenticated Testing
|
||||
|
||||
```bash
|
||||
strix --target https://app.com \
|
||||
--instruction "Login with email: test@example.com, password: TestPass123"
|
||||
```
|
||||
|
||||
### Focused Scope
|
||||
|
||||
```bash
|
||||
strix --target https://api.example.com \
|
||||
--instruction "Focus on IDOR vulnerabilities in the /api/users endpoints"
|
||||
```
|
||||
|
||||
### Exclusions
|
||||
|
||||
```bash
|
||||
strix --target https://app.com \
|
||||
--instruction "Do not test /admin or /internal endpoints"
|
||||
```
|
||||
|
||||
### API Testing
|
||||
|
||||
```bash
|
||||
strix --target https://api.example.com \
|
||||
--instruction "Use API key header: X-API-Key: abc123. Focus on rate limiting bypass."
|
||||
```
|
||||
|
||||
## Instruction File Example
|
||||
|
||||
```markdown instructions.md
|
||||
# Penetration Test Instructions
|
||||
|
||||
## Credentials
|
||||
- Admin: admin@example.com / AdminPass123
|
||||
- User: user@example.com / UserPass123
|
||||
|
||||
## Focus Areas
|
||||
1. IDOR in user profile endpoints
|
||||
2. Privilege escalation between roles
|
||||
3. JWT token manipulation
|
||||
|
||||
## Out of Scope
|
||||
- /health endpoints
|
||||
- Third-party integrations
|
||||
```
|
||||
|
||||
<Tip>
|
||||
Be specific. Good instructions help Strix prioritize the most valuable attack paths.
|
||||
</Tip>
|
||||
58
docs/usage/scan-modes.mdx
Normal file
58
docs/usage/scan-modes.mdx
Normal file
@@ -0,0 +1,58 @@
|
||||
---
|
||||
title: "Scan Modes"
|
||||
description: "Choose the right scan depth for your use case"
|
||||
---
|
||||
|
||||
Strix offers three scan modes to balance speed and thoroughness.
|
||||
|
||||
## Quick
|
||||
|
||||
```bash
|
||||
strix --target ./app --scan-mode quick
|
||||
```
|
||||
|
||||
Fast checks for obvious vulnerabilities. Best for:
|
||||
- CI/CD pipelines
|
||||
- Pull request validation
|
||||
- Rapid smoke tests
|
||||
|
||||
**Duration**: Minutes
|
||||
|
||||
## Standard
|
||||
|
||||
```bash
|
||||
strix --target ./app --scan-mode standard
|
||||
```
|
||||
|
||||
Balanced testing for routine security reviews. Best for:
|
||||
- Regular security assessments
|
||||
- Pre-release validation
|
||||
- Development milestones
|
||||
|
||||
**Duration**: 30 minutes to 1 hour
|
||||
|
||||
## Deep
|
||||
|
||||
```bash
|
||||
strix --target ./app --scan-mode deep
|
||||
```
|
||||
|
||||
Thorough penetration testing. Best for:
|
||||
- Comprehensive security audits
|
||||
- Pre-production reviews
|
||||
- Critical application assessments
|
||||
|
||||
**Duration**: 1-4 hours depending on target complexity
|
||||
|
||||
<Note>
|
||||
Deep mode is the default. It explores edge cases, chained vulnerabilities, and complex attack paths.
|
||||
</Note>
|
||||
|
||||
## Choosing a Mode
|
||||
|
||||
| Scenario | Recommended Mode |
|
||||
|----------|------------------|
|
||||
| Every PR | Quick |
|
||||
| Weekly scans | Standard |
|
||||
| Before major release | Deep |
|
||||
| Bug bounty hunting | Deep |
|
||||
Reference in New Issue
Block a user