salvacybersec/strix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs: add documentation to main repository

Browse Source
This commit is contained in:
0xallam
2026-01-20 21:08:29 -08:00
committed by Ahmed Allam
parent b456a4ed8c
commit 25ac2f1e08
29 changed files with 1579 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
docs/README.md Normal file
View File

@@ -0,0 +1,10 @@
# Strix Documentation
Documentation source files for Strix, powered by [Mintlify](https://mintlify.com).
## Local Preview
```bash
npm i -g mintlify
cd docs && mintlify dev
```

88
docs/advanced/configuration.mdx Normal file
View File

@@ -0,0 +1,88 @@
---
title: "Configuration"
description: "Environment variables for Strix"
---
Configure Strix using environment variables.
## LLM Configuration
<ParamField path="STRIX_LLM" type="string" required>
Model name in LiteLLM format (e.g., `openai/gpt-5`, `anthropic/claude-sonnet-4-5`).
</ParamField>
<ParamField path="LLM_API_KEY" type="string">
API key for your LLM provider. Not required for local models or cloud provider auth (Vertex AI, AWS Bedrock).
</ParamField>
<ParamField path="LLM_API_BASE" type="string">
Custom API base URL. Also accepts `OPENAI_API_BASE`, `LITELLM_BASE_URL`, or `OLLAMA_API_BASE`.
</ParamField>
<ParamField path="LLM_TIMEOUT" default="300" type="integer">
Request timeout in seconds for LLM calls.
</ParamField>
<ParamField path="LLM_RATE_LIMIT_DELAY" type="float">
Delay in seconds between LLM requests for rate limiting.
</ParamField>
<ParamField path="LLM_RATE_LIMIT_CONCURRENT" type="integer">
Maximum concurrent LLM requests.
</ParamField>
<ParamField path="STRIX_REASONING_EFFORT" default="high" type="string">
Control thinking effort for reasoning models. Valid values: `none`, `minimal`, `low`, `medium`, `high`, `xhigh`. Defaults to `medium` for quick scan mode.
</ParamField>
## Optional Features
<ParamField path="PERPLEXITY_API_KEY" type="string">
API key for Perplexity AI. Enables real-time web search during scans for OSINT and vulnerability research.
</ParamField>
## Docker Configuration
<ParamField path="STRIX_IMAGE" default="ghcr.io/usestrix/strix-sandbox:0.1.10" type="string">
Docker image to use for the sandbox container.
</ParamField>
<ParamField path="DOCKER_HOST" type="string">
Docker daemon socket path. Use for remote Docker hosts or custom configurations.
</ParamField>
<ParamField path="STRIX_RUNTIME_BACKEND" default="docker" type="string">
Runtime backend for the sandbox environment.
</ParamField>
## Sandbox Configuration
<ParamField path="STRIX_SANDBOX_EXECUTION_TIMEOUT" default="500" type="float">
Maximum execution time in seconds for sandbox operations.
</ParamField>
<ParamField path="STRIX_SANDBOX_CONNECT_TIMEOUT" default="10" type="float">
Timeout in seconds for connecting to the sandbox container.
</ParamField>
<ParamField path="STRIX_DISABLE_BROWSER" default="false" type="boolean">
Disable browser tool.
</ParamField>
## Example Setup
```bash
# Required
export STRIX_LLM="openai/gpt-5"
export LLM_API_KEY="sk-..."
# Optional: Enable web search
export PERPLEXITY_API_KEY="pplx-..."
# Optional: Custom timeouts
export LLM_TIMEOUT="600"
export STRIX_SANDBOX_EXECUTION_TIMEOUT="1000"
# Optional: Use custom Docker image
export STRIX_IMAGE="ghcr.io/usestrix/strix-sandbox:latest"
```

119
docs/advanced/skills.mdx Normal file
View File

@@ -0,0 +1,119 @@
---
title: "Skills"
description: "Specialized knowledge packages that enhance agent capabilities"
---
Skills are structured knowledge packages that give Strix agents deep expertise in specific vulnerability types, technologies, and testing methodologies.
## The Idea
LLMs have broad but shallow security knowledge. They know _about_ SQL injection, but lack the nuanced techniques that experienced pentesters use—parser quirks, bypass methods, validation tricks, and chain attacks.
Skills inject this deep, specialized knowledge directly into the agent's context, transforming it from a generalist into a specialist for the task at hand.
## How They Work
When Strix spawns an agent for a specific task, it selects up to 5 relevant skills based on the context:
```python
# Agent created for JWT testing automatically loads relevant skills
create_agent(
task="Test authentication mechanisms",
skills=["authentication_jwt", "business_logic"]
)
```
The skills are injected into the agent's system prompt, giving it access to:
- **Advanced techniques** — Non-obvious methods beyond standard testing
- **Working payloads** — Practical examples with variations
- **Validation methods** — How to confirm findings and avoid false positives
## Skill Categories
### Vulnerabilities
Core vulnerability classes with deep exploitation techniques.
| Skill | Coverage |
| ------------------------------------- | ------------------------------------------------------ |
| `authentication_jwt` | JWT attacks, algorithm confusion, claim tampering |
| `idor` | Object reference attacks, horizontal/vertical access |
| `sql_injection` | SQL injection variants, WAF bypasses, blind techniques |
| `xss` | XSS types, filter bypasses, DOM exploitation |
| `ssrf` | Server-side request forgery, protocol handlers |
| `csrf` | Cross-site request forgery, token bypasses |
| `xxe` | XML external entities, OOB exfiltration |
| `rce` | Remote code execution vectors |
| `business_logic` | Logic flaws, state manipulation, race conditions |
| `race_conditions` | TOCTOU, parallel request attacks |
| `path_traversal_lfi_rfi` | File inclusion, path traversal |
| `open_redirect` | Redirect bypasses, URL parsing tricks |
| `mass_assignment` | Attribute injection, hidden parameter pollution |
| `insecure_file_uploads` | Upload bypasses, extension tricks |
| `information_disclosure` | Data leakage, error-based enumeration |
| `subdomain_takeover` | Dangling DNS, cloud resource claims |
| `broken_function_level_authorization` | Privilege escalation, role bypasses |
### Frameworks
Framework-specific testing patterns.
| Skill | Coverage |
| --------- | -------------------------------------------- |
| `fastapi` | FastAPI security patterns, Pydantic bypasses |
| `nextjs` | Next.js SSR/SSG issues, API route security |
### Technologies
Third-party service and platform security.
| Skill | Coverage |
| -------------------- | ---------------------------------- |
| `supabase` | Supabase RLS bypasses, auth issues |
| `firebase_firestore` | Firestore rules, Firebase auth |
### Protocols
Protocol-specific testing techniques.
| Skill | Coverage |
| --------- | ------------------------------------------------ |
| `graphql` | GraphQL introspection, batching, resolver issues |
## Skill Structure
Each skill uses XML-style tags for structure:
```xml
<vulnerability_guide>
<title>NAME</title>
<critical>Key insight about this vulnerability</critical>
<scope>What this skill covers</scope>
<methodology>Step-by-step testing approach</methodology>
<discovery_techniques>How to find it</discovery_techniques>
<exploitation_techniques>How to exploit it</exploitation_techniques>
<bypass_techniques>How to bypass protections</bypass_techniques>
<validation>How to confirm findings</validation>
<false_positives>What to watch out for</false_positives>
<pro_tips>Additional Expert advice</pro_tips>
</vulnerability_guide>
```
## Contributing Skills
Community contributions are welcome. Good skills include:
1. **Real-world techniques** — Methods that work in practice
2. **Practical payloads** — Working examples with variations
3. **Validation steps** — How to confirm without false positives
4. **Context awareness** — Version/environment-specific behavior

40
docs/cloud/overview.mdx Normal file
View File

@@ -0,0 +1,40 @@
---
title: "Introduction"
description: "Managed security testing without local setup"
---
Skip the setup. Run Strix in the cloud at [app.usestrix.com](https://app.usestrix.com).
## Features
<CardGroup cols={2}>
<Card title="No Setup Required" icon="cloud">
No Docker, API keys, or local installation needed.
</Card>
<Card title="Full Reports" icon="file-lines">
Detailed findings with remediation guidance.
</Card>
<Card title="Team Dashboards" icon="users">
Track vulnerabilities and fixes over time.
</Card>
<Card title="GitHub Integration" icon="github">
Automatic scans on pull requests.
</Card>
</CardGroup>
## What You Get
- **Penetration test reports** — Validated findings with PoCs
- **Shareable dashboards** — Collaborate with your team
- **CI/CD integration** — Block risky changes automatically
- **Continuous monitoring** — Catch new vulnerabilities quickly
## Getting Started
1. Sign up at [app.usestrix.com](https://app.usestrix.com)
2. Connect your repository or enter a target URL
3. Launch your first scan
<Card title="Try Strix Cloud" icon="rocket" href="https://app.usestrix.com">
Run your first pentest in minutes.
</Card>

96
docs/contributing.mdx Normal file
View File

@@ -0,0 +1,96 @@
---
title: "Contributing"
description: "Contribute to Strix development"
---
## Development Setup
### Prerequisites
- Python 3.12+
- Docker (running)
- Poetry
- Git
### Local Development
<Steps>
<Step title="Clone the repository">
```bash
git clone https://github.com/usestrix/strix.git
cd strix
```
</Step>
<Step title="Install dependencies">
```bash
make setup-dev
# or manually:
poetry install --with=dev
poetry run pre-commit install
```
</Step>
<Step title="Configure LLM">
```bash
export STRIX_LLM="openai/gpt-5"
export LLM_API_KEY="your-api-key"
```
</Step>
<Step title="Run Strix">
```bash
poetry run strix --target https://example.com
```
</Step>
</Steps>
## Contributing Skills
Skills are specialized knowledge packages that enhance agent capabilities. They live in `strix/skills/`
### Creating a Skill
1. Choose the right category
2. Create a `.jinja` file with your skill content
3. Include practical examples—working payloads, commands, test cases
4. Provide validation methods to confirm findings
5. Submit via PR
## Contributing Code
### Pull Request Process
1. **Create an issue first** — Describe the problem or feature
2. **Fork and branch** — Work from `main`
3. **Make changes** — Follow existing code style
4. **Write tests** — Ensure coverage for new features
5. **Run checks** — `make check-all` should pass
6. **Submit PR** — Link to issue and provide context
### Code Style
- PEP 8 with 100-character line limit
- Type hints for all functions
- Docstrings for public methods
- Small, focused functions
- Meaningful variable names
## Reporting Issues
Include:
- Python version and OS
- Strix version (`strix --version`)
- LLM being used
- Full error traceback
- Steps to reproduce
## Community
<CardGroup cols={2}>
<Card title="Discord" icon="discord" href="https://discord.gg/YjKFvEZSdZ">
Join the community for help and discussion.
</Card>
<Card title="GitHub Issues" icon="github" href="https://github.com/usestrix/strix/issues">
Report bugs and request features.
</Card>
</CardGroup>

129
docs/docs.json Normal file
View File

@@ -0,0 +1,129 @@
{
"$schema": "https://mintlify.com/docs.json",
"theme": "maple",
"name": "Strix",
"colors": {
"primary": "#000000",
"light": "#ffffff",
"dark": "#000000"
},
"favicon": "/images/favicon-48.ico",
"navigation": {
"tabs": [
{
"tab": "Documentation",
"groups": [
{
"group": "Getting Started",
"pages": [
"index",
"quickstart"
]
},
{
"group": "Usage",
"pages": [
"usage/cli",
"usage/scan-modes",
"usage/instructions"
]
},
{
"group": "LLM Providers",
"pages": [
"llm-providers/overview",
"llm-providers/openai",
"llm-providers/anthropic",
"llm-providers/openrouter",
"llm-providers/vertex",
"llm-providers/bedrock",
"llm-providers/azure",
"llm-providers/local"
]
},
{
"group": "Integrations",
"pages": [
"integrations/github-actions",
"integrations/ci-cd"
]
},
{
"group": "Tools",
"pages": [
"tools/overview",
"tools/browser",
"tools/proxy",
"tools/terminal",
"tools/sandbox"
]
},
{
"group": "Advanced",
"pages": [
"advanced/configuration",
"advanced/skills",
"contributing"
]
}
]
},
{
"tab": "Cloud",
"groups": [
{
"group": "Strix Cloud",
"pages": [
"cloud/overview"
]
}
]
}
],
"global": {
"anchors": [
{
"anchor": "GitHub",
"href": "https://github.com/usestrix/strix",
"icon": "github"
},
{
"anchor": "Discord",
"href": "https://discord.gg/YjKFvEZSdZ",
"icon": "discord"
}
]
}
},
"navbar": {
"links": [],
"primary": {
"type": "button",
"label": "Try Strix Cloud",
"href": "https://app.usestrix.com"
}
},
"footer": {
"socials": {
"x": "https://x.com/strix_ai",
"github": "https://github.com/usestrix",
"discord": "https://discord.gg/YjKFvEZSdZ"
}
},
"fonts": {
"family": "Geist",
"heading": {
"family": "Geist"
},
"body": {
"family": "Geist"
}
},
"appearance": {
"default": "dark"
},
"description": "Open-source AI Hackers to secure your Apps",
"background": {
"decoration": "grid"
}
}

BIN
docs/images/favicon-48.ico Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 9.4 KiB

BIN
docs/images/logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 3.7 KiB

45
docs/index.mdx Normal file
View File

@@ -0,0 +1,45 @@
---
title: "Introduction"
description: "Open-source AI hackers to secure your apps"
---
Strix are autonomous AI agents that act like real hackers—they run your code dynamically, find vulnerabilities, and validate them with proof-of-concepts.
<CardGroup cols={2}>
<Card title="Quick Start" icon="rocket" href="/quickstart">
Install and run your first scan in minutes.
</Card>
<Card title="CLI Reference" icon="terminal" href="/usage/cli">
Learn all command-line options.
</Card>
<Card title="Tools" icon="wrench" href="/tools/overview">
Explore the security testing toolkit.
</Card>
<Card title="GitHub Actions" icon="github" href="/integrations/github-actions">
Integrate into your CI/CD pipeline.
</Card>
</CardGroup>
## Key Capabilities
- **Full hacker toolkit** — Browser automation, HTTP proxy, terminal, Python runtime
- **Real validation** — PoCs, not false positives
- **Multi-agent orchestration** — Specialized agents collaborate on complex targets
- **Developer-first CLI** — Interactive TUI or headless mode for automation
## Vulnerability Coverage
Strix can identify and validate:
| Category | Examples |
|----------|----------|
| Access Control | IDOR, privilege escalation, auth bypass |
| Injection | SQL, NoSQL, command injection |
| Server-Side | SSRF, XXE, deserialization |
| Client-Side | XSS, prototype pollution, DOM vulnerabilities |
| Business Logic | Race conditions, workflow manipulation |
| Authentication | JWT vulnerabilities, session management |
<Warning>
Only test applications you own or have explicit permission to test.
</Warning>

80
docs/integrations/ci-cd.mdx Normal file
View File

@@ -0,0 +1,80 @@
---
title: "CI/CD Integration"
description: "Run Strix in any CI/CD pipeline"
---
Strix runs in headless mode for automated pipelines.
## Headless Mode
Use the `-n` or `--non-interactive` flag:
```bash
strix -n --target ./app --scan-mode quick
```
## Exit Codes
| Code | Meaning |
|------|---------|
| 0 | No vulnerabilities found |
| 1 | Execution error |
| 2 | Vulnerabilities found |
## GitLab CI
```yaml .gitlab-ci.yml
security-scan:
image: docker:latest
services:
- docker:dind
variables:
STRIX_LLM: $STRIX_LLM
LLM_API_KEY: $LLM_API_KEY
script:
- curl -sSL https://strix.ai/install | bash
- strix -n -t ./ --scan-mode quick
```
## Jenkins
```groovy Jenkinsfile
pipeline {
agent any
environment {
STRIX_LLM = credentials('strix-llm')
LLM_API_KEY = credentials('llm-api-key')
}
stages {
stage('Security Scan') {
steps {
sh 'curl -sSL https://strix.ai/install | bash'
sh 'strix -n -t ./ --scan-mode quick'
}
}
}
}
```
## CircleCI
```yaml .circleci/config.yml
version: 2.1
jobs:
security-scan:
docker:
- image: cimg/base:current
steps:
- checkout
- setup_remote_docker
- run:
name: Install Strix
command: curl -sSL https://strix.ai/install | bash
- run:
name: Run Scan
command: strix -n -t ./ --scan-mode quick
```
<Note>
All CI platforms require Docker access. Ensure your runner has Docker available.
</Note>

60
docs/integrations/github-actions.mdx Normal file
View File

@@ -0,0 +1,60 @@
---
title: "GitHub Actions"
description: "Run Strix security scans on every pull request"
---
Integrate Strix into your GitHub workflow to catch vulnerabilities before they reach production.
## Basic Workflow
```yaml .github/workflows/security.yml
name: Security Scan
on:
pull_request:
jobs:
strix-scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install Strix
run: curl -sSL https://strix.ai/install | bash
- name: Run Security Scan
env:
STRIX_LLM: ${{ secrets.STRIX_LLM }}
LLM_API_KEY: ${{ secrets.LLM_API_KEY }}
run: strix -n -t ./ --scan-mode quick
```
## Required Secrets
Add these secrets to your repository:
| Secret | Description |
|--------|-------------|
| `STRIX_LLM` | Model name (e.g., `openai/gpt-5`) |
| `LLM_API_KEY` | API key for your LLM provider |
## Exit Codes
The workflow fails when vulnerabilities are found:
| Code | Result |
|------|--------|
| 0 | Pass — No vulnerabilities |
| 2 | Fail — Vulnerabilities found |
## Scan Modes for CI
| Mode | Duration | Use Case |
|------|----------|----------|
| `quick` | Minutes | Every PR |
| `standard` | ~30 min | Nightly builds |
| `deep` | 1-4 hours | Release candidates |
<Tip>
Use `quick` mode for PRs to keep feedback fast. Schedule `deep` scans nightly.
</Tip>

24
docs/llm-providers/anthropic.mdx Normal file
View File

@@ -0,0 +1,24 @@
---
title: "Anthropic"
description: "Configure Strix with Claude models"
---
## Setup
```bash
export STRIX_LLM="anthropic/claude-sonnet-4-5"
export LLM_API_KEY="sk-ant-..."
```
## Available Models
| Model | Description |
|-------|-------------|
| `anthropic/claude-sonnet-4-5` | Best balance of intelligence and speed (recommended) |
| `anthropic/claude-opus-4-5` | Maximum capability for deep analysis |
## Get API Key
1. Go to [console.anthropic.com](https://console.anthropic.com)
2. Navigate to API Keys
3. Create a new key

37
docs/llm-providers/azure.mdx Normal file
View File

@@ -0,0 +1,37 @@
---
title: "Azure OpenAI"
description: "Configure Strix with OpenAI models via Azure"
---
## Setup
```bash
export STRIX_LLM="azure/your-gpt5-deployment"
export AZURE_API_KEY="your-azure-api-key"
export AZURE_API_BASE="https://your-resource.openai.azure.com"
export AZURE_API_VERSION="2025-11-01-preview"
```
## Configuration
| Variable | Description |
|----------|-------------|
| `STRIX_LLM` | `azure/<your-deployment-name>` |
| `AZURE_API_KEY` | Your Azure OpenAI API key |
| `AZURE_API_BASE` | Your Azure OpenAI endpoint URL |
| `AZURE_API_VERSION` | API version (e.g., `2025-11-01-preview`) |
## Example
```bash
export STRIX_LLM="azure/gpt-5-deployment"
export AZURE_API_KEY="abc123..."
export AZURE_API_BASE="https://mycompany.openai.azure.com"
export AZURE_API_VERSION="2025-11-01-preview"
```
## Prerequisites
1. Create an Azure OpenAI resource
2. Deploy a model (e.g., GPT-5)
3. Get the endpoint URL and API key from the Azure portal

47
docs/llm-providers/bedrock.mdx Normal file
View File

@@ -0,0 +1,47 @@
---
title: "AWS Bedrock"
description: "Configure Strix with models via AWS Bedrock"
---
## Setup
```bash
export STRIX_LLM="bedrock/anthropic.claude-4-5-sonnet-20251022-v1:0"
```
No API key required—uses AWS credentials from environment.
## Authentication
### Option 1: AWS CLI Profile
```bash
export AWS_PROFILE="your-profile"
export AWS_REGION="us-east-1"
```
### Option 2: Access Keys
```bash
export AWS_ACCESS_KEY_ID="AKIA..."
export AWS_SECRET_ACCESS_KEY="..."
export AWS_REGION="us-east-1"
```
### Option 3: IAM Role (EC2/ECS)
Automatically uses instance role credentials.
## Available Models
| Model | Description |
|-------|-------------|
| `bedrock/anthropic.claude-4-5-sonnet-20251022-v1:0` | Claude 4.5 Sonnet |
| `bedrock/anthropic.claude-4-5-opus-20251022-v1:0` | Claude 4.5 Opus |
| `bedrock/anthropic.claude-4-5-haiku-20251022-v1:0` | Claude 4.5 Haiku |
| `bedrock/amazon.titan-text-premier-v2:0` | Amazon Titan Premier v2 |
## Prerequisites
1. Enable model access in the AWS Bedrock console
2. Ensure your IAM role/user has `bedrock:InvokeModel` permission

56
docs/llm-providers/local.mdx Normal file
View File

@@ -0,0 +1,56 @@
---
title: "Local Models"
description: "Run Strix with self-hosted LLMs for privacy and air-gapped testing"
---
Running Strix with local models allows for completely offline, privacy-first security assessments. Data never leaves your machine, making this ideal for sensitive internal networks or air-gapped environments.
## Privacy vs Performance
| Feature | Local Models | Cloud Models (GPT-5/Claude 4.5) |
|---------|--------------|--------------------------------|
| **Privacy** | 🔒 Data stays local | Data sent to provider |
| **Cost** | Free (hardware only) | Pay-per-token |
| **Reasoning** | Lower (struggles with agents) | State-of-the-art |
| **Setup** | Complex (GPU required) | Instant |
<Warning>
**Compatibility Note**: Strix relies on advanced agentic capabilities (tool use, multi-step planning, self-correction). Most local models, especially those under 70B parameters, struggle with these complex tasks.
For critical assessments, we strongly recommend using state-of-the-art cloud models like **Claude 4.5 Sonnet** or **GPT-5**. Use local models only when privacy is the absolute priority.
</Warning>
## Ollama
[Ollama](https://ollama.ai) is the easiest way to run local models on macOS, Linux, and Windows.
### Setup
1. Install Ollama from [ollama.ai](https://ollama.ai)
2. Pull a high-performance model:
```bash
ollama pull qwen3-vl
```
3. Configure Strix:
```bash
export STRIX_LLM="ollama/qwen3-vl"
export LLM_API_BASE="http://localhost:11434"
```
### Recommended Models
We recommend these models for the best balance of reasoning and tool use:
**Recommended models:**
- **Qwen3 VL** (`ollama pull qwen3-vl`)
- **DeepSeek V3.1** (`ollama pull deepseek-v3.1`)
- **Devstral 2** (`ollama pull devstral-2`)
## LM Studio / OpenAI Compatible
If you use LM Studio, vLLM, or other runners:
```bash
export STRIX_LLM="openai/local-model"
export LLM_API_BASE="http://localhost:1234/v1" # Adjust port as needed
```

31
docs/llm-providers/openai.mdx Normal file
View File

@@ -0,0 +1,31 @@
---
title: "OpenAI"
description: "Configure Strix with OpenAI models"
---
## Setup
```bash
export STRIX_LLM="openai/gpt-5"
export LLM_API_KEY="sk-..."
```
## Available Models
See [OpenAI Models Documentation](https://platform.openai.com/docs/models) for the full list of available models.
## Get API Key
1. Go to [platform.openai.com](https://platform.openai.com)
2. Navigate to API Keys
3. Create a new secret key
## Custom Base URL
For OpenAI-compatible APIs:
```bash
export STRIX_LLM="openai/gpt-5"
export LLM_API_KEY="your-key"
export LLM_API_BASE="https://your-proxy.com/v1"
```

37
docs/llm-providers/openrouter.mdx Normal file
View File

@@ -0,0 +1,37 @@
---
title: "OpenRouter"
description: "Configure Strix with models via OpenRouter"
---
[OpenRouter](https://openrouter.ai) provides access to 100+ models from multiple providers through a single API.
## Setup
```bash
export STRIX_LLM="openrouter/openai/gpt-5"
export LLM_API_KEY="sk-or-..."
```
## Available Models
Access any model on OpenRouter using the format `openrouter/<provider>/<model>`:
| Model | Configuration |
|-------|---------------|
| GPT-5 | `openrouter/openai/gpt-5` |
| Claude 4.5 Sonnet | `openrouter/anthropic/claude-sonnet-4.5` |
| Gemini 3 Pro | `openrouter/google/gemini-3-pro-preview` |
| GLM-4.7 | `openrouter/z-ai/glm-4.7` |
## Get API Key
1. Go to [openrouter.ai](https://openrouter.ai)
2. Sign in and navigate to Keys
3. Create a new API key
## Benefits
- **Single API** — Access models from OpenAI, Anthropic, Google, Meta, and more
- **Fallback routing** — Automatic failover between providers
- **Cost tracking** — Monitor usage across all models
- **Higher rate limits** — OpenRouter handles provider limits for you

61
docs/llm-providers/overview.mdx Normal file
View File

@@ -0,0 +1,61 @@
---
title: "Overview"
description: "Configure your AI model for Strix"
---
Strix uses [LiteLLM](https://docs.litellm.ai/docs/providers) for model compatibility, supporting 100+ LLM providers.
## Recommended Models
For best results, use one of these models:
| Model | Provider | Configuration |
| ----------------- | ------------- | -------------------------------- |
| GPT-5 | OpenAI | `openai/gpt-5` |
| Claude 4.5 Sonnet | Anthropic | `anthropic/claude-sonnet-4-5` |
| Gemini 3 Pro | Google Vertex | `vertex_ai/gemini-3-pro-preview` |
## Quick Setup
```bash
export STRIX_LLM="openai/gpt-5"
export LLM_API_KEY="your-api-key"
```
## Provider Guides
<CardGroup cols={2}>
<Card title="OpenAI" href="/llm-providers/openai">
GPT-5 and Codex models.
</Card>
<Card title="Anthropic" href="/llm-providers/anthropic">
Claude 4.5 Sonnet, Opus, and Haiku.
</Card>
<Card title="OpenRouter" href="/llm-providers/openrouter">
Access 100+ models through a single API.
</Card>
<Card title="Google Vertex AI" href="/llm-providers/vertex">
Gemini 3 models via Google Cloud.
</Card>
<Card title="AWS Bedrock" href="/llm-providers/bedrock">
Claude 4.5 and Titan models via AWS.
</Card>
<Card title="Azure OpenAI" href="/llm-providers/azure">
GPT-5 via Azure.
</Card>
<Card title="Local Models" href="/llm-providers/local">
Llama 4, Mistral, and self-hosted models.
</Card>
</CardGroup>
## Model Format
Use LiteLLM's `provider/model-name` format:
```
openai/gpt-5
anthropic/claude-sonnet-4-5
vertex_ai/gemini-3-pro-preview
bedrock/anthropic.claude-4-5-sonnet-20251022-v1:0
ollama/llama4
```

53
docs/llm-providers/vertex.mdx Normal file
View File

@@ -0,0 +1,53 @@
---
title: "Google Vertex AI"
description: "Configure Strix with Gemini models via Google Cloud"
---
## Installation
Vertex AI requires the Google Cloud dependency. Install Strix with the vertex extra:
```bash
pipx install "strix-agent[vertex]"
```
## Setup
```bash
export STRIX_LLM="vertex_ai/gemini-3-pro-preview"
```
No API key required—uses Google Cloud Application Default Credentials.
## Authentication
### Option 1: gcloud CLI
```bash
gcloud auth application-default login
```
### Option 2: Service Account
```bash
export GOOGLE_APPLICATION_CREDENTIALS="/path/to/service-account.json"
```
## Available Models
| Model | Description |
|-------|-------------|
| `vertex_ai/gemini-3-pro-preview` | Best overall performance for security testing |
| `vertex_ai/gemini-3-flash-preview` | Faster and cheaper |
## Project Configuration
```bash
export VERTEXAI_PROJECT="your-project-id"
export VERTEXAI_LOCATION="us-central1"
```
## Prerequisites
1. Enable the Vertex AI API in your Google Cloud project
2. Ensure your account has the `Vertex AI User` role

BIN
docs/logo/strix.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 3.7 KiB

76
docs/quickstart.mdx Normal file
View File

@@ -0,0 +1,76 @@
---
title: "Quick Start"
description: "Install Strix and run your first security scan"
---
## Prerequisites
- Docker (running)
- An LLM provider API key (OpenAI, Anthropic, or local model)
## Installation
<Tabs>
<Tab title="curl">
```bash
curl -sSL https://strix.ai/install | bash
```
</Tab>
<Tab title="pipx">
```bash
pipx install strix-agent
```
</Tab>
</Tabs>
## Configuration
Set your LLM provider:
```bash
export STRIX_LLM="openai/gpt-5"
export LLM_API_KEY="your-api-key"
```
<Tip>
For best results, use `openai/gpt-5`, `anthropic/claude-sonnet-4-5`, or `vertex_ai/gemini-3-pro-preview`.
</Tip>
## Run Your First Scan
```bash
strix --target ./your-app
```
<Note>
First run pulls the Docker sandbox image automatically. Results are saved to `strix_runs/<run-name>`.
</Note>
## Target Types
Strix accepts multiple target types:
```bash
# Local codebase
strix --target ./app-directory
# GitHub repository
strix --target https://github.com/org/repo
# Live web application
strix --target https://your-app.com
# Multiple targets (white-box testing)
strix -t https://github.com/org/repo -t https://your-app.com
```
## Next Steps
<CardGroup cols={2}>
<Card title="CLI Options" icon="terminal" href="/usage/cli">
Explore all command-line options.
</Card>
<Card title="Scan Modes" icon="gauge" href="/usage/scan-modes">
Choose the right scan depth.
</Card>
</CardGroup>

34
docs/tools/browser.mdx Normal file
View File

@@ -0,0 +1,34 @@
---
title: "Browser"
description: "Playwright-powered Chrome for web application testing"
---
Strix uses a headless Chrome browser via Playwright to interact with web applications exactly like a real user would.
## How It Works
All browser traffic is automatically routed through the Caido proxy, giving Strix full visibility into every request and response. This enables:
- Testing client-side vulnerabilities (XSS, DOM manipulation)
- Navigating authenticated flows (login, OAuth, MFA)
- Triggering JavaScript-heavy functionality
- Capturing dynamically generated requests
## Capabilities
| Action | Description |
| ---------- | ------------------------------------------- |
| Navigate | Go to URLs, follow links, handle redirects |
| Click | Interact with buttons, links, form elements |
| Type | Fill in forms, search boxes, input fields |
| Execute JS | Run custom JavaScript in the page context |
| Screenshot | Capture visual state for reports |
| Multi-tab | Test across multiple browser tabs |
## Example Flow
1. Agent launches browser and navigates to login page
2. Fills in credentials and submits form
3. Proxy captures the authentication request
4. Agent navigates to protected areas
5. Tests for IDOR by replaying requests with modified IDs

33
docs/tools/overview.mdx Normal file
View File

@@ -0,0 +1,33 @@
---
title: "Agent Tools"
description: "How Strix agents interact with targets"
---
Strix agents use specialized tools to test your applications like a real penetration tester would.
## Core Tools
<CardGroup cols={2}>
<Card title="Browser" icon="globe" href="/tools/browser">
Playwright-powered Chrome for interacting with web UIs.
</Card>
<Card title="HTTP Proxy" icon="network-wired" href="/tools/proxy">
Caido-powered proxy for intercepting and replaying requests.
</Card>
<Card title="Terminal" icon="terminal" href="/tools/terminal">
Bash shell for running commands and security tools.
</Card>
<Card title="Sandbox Tools" icon="toolbox" href="/tools/sandbox">
Pre-installed security tools: Nuclei, ffuf, and more.
</Card>
</CardGroup>
## Additional Tools
| Tool | Purpose |
| -------------- | ---------------------------------------- |
| Python Runtime | Write and execute custom exploit scripts |
| File Editor | Read and modify source code |
| Web Search | Real-time OSINT via Perplexity |
| Notes | Document findings during the scan |
| Reporting | Generate vulnerability reports with PoCs |

90
docs/tools/proxy.mdx Normal file
View File

@@ -0,0 +1,90 @@
---
title: "HTTP Proxy"
description: "Caido-powered proxy for request interception and replay"
---
Strix includes [Caido](https://caido.io), a modern HTTP proxy built for security testing. All browser traffic flows through Caido, giving the agent full control over requests and responses.
## Capabilities
| Feature | Description |
| ---------------- | -------------------------------------------- |
| Request Capture | Log all HTTP/HTTPS traffic automatically |
| Request Replay | Repeat any request with modifications |
| HTTPQL | Query captured traffic with powerful filters |
| Scope Management | Focus on specific domains or paths |
| Sitemap | Visualize the discovered attack surface |
## HTTPQL Filtering
Query captured requests using Caido's HTTPQL syntax
## Request Replay
The agent can take any captured request and replay it with modifications:
- Change path parameters (test for IDOR)
- Modify request body (test for injection)
- Add/remove headers (test for auth bypass)
- Alter cookies (test for session issues)
## Python Integration
All proxy functions are automatically available in Python sessions. This enables powerful scripted security testing:
```python
# List recent POST requests
post_requests = list_requests(
httpql_filter='req.method.eq:"POST"',
page_size=20
)
# View a specific request
request_details = view_request("req_123", part="request")
# Replay with modified payload
response = repeat_request("req_123", {
"body": '{"user_id": "admin"}'
})
print(f"Status: {response['status_code']}")
```
### Available Functions
| Function | Description |
| ---------------------- | ------------------------------------------ |
| `list_requests()` | Query captured traffic with HTTPQL filters |
| `view_request()` | Get full request/response details |
| `repeat_request()` | Replay a request with modifications |
| `send_request()` | Send a new HTTP request |
| `scope_rules()` | Manage proxy scope (allowlist/denylist) |
| `list_sitemap()` | View discovered endpoints |
| `view_sitemap_entry()` | Get details for a sitemap entry |
### Example: Automated IDOR Testing
```python
# Get all requests to user endpoints
user_requests = list_requests(
httpql_filter='req.path.cont:"/users/"'
)
for req in user_requests.get('requests', []):
# Try accessing with different user IDs
for test_id in ['1', '2', 'admin', '../admin']:
response = repeat_request(req['id'], {
'url': req['path'].replace('/users/1', f'/users/{test_id}')
})
if response['status_code'] == 200:
print(f"Potential IDOR: {test_id} returned 200")
```
## Scope
Create scopes to filter traffic to relevant domains:
```
Allowlist: ["api.example.com", "*.example.com"]
Denylist: ["*.gif", "*.jpg", "*.png", "*.css", "*.js"]
```

83
docs/tools/sandbox.mdx Normal file
View File

@@ -0,0 +1,83 @@
---
title: "Sandbox Tools"
description: "Pre-installed security tools in the Strix container"
---
Strix runs inside a Kali Linux-based Docker container with a comprehensive set of security tools pre-installed. The agent can use any of these tools through the [terminal](/tools/terminal).
## Reconnaissance
| Tool | Description |
| ---------------------------------------------------------- | -------------------------------------- |
| [Subfinder](https://github.com/projectdiscovery/subfinder) | Subdomain discovery |
| [Naabu](https://github.com/projectdiscovery/naabu) | Fast port scanner |
| [httpx](https://github.com/projectdiscovery/httpx) | HTTP probing and analysis |
| [Katana](https://github.com/projectdiscovery/katana) | Web crawling and spidering |
| [ffuf](https://github.com/ffuf/ffuf) | Fast web fuzzer |
| [Nmap](https://nmap.org) | Network scanning and service detection |
## Web Testing
| Tool | Description |
| ------------------------------------------------------ | -------------------------------- |
| [Arjun](https://github.com/s0md3v/Arjun) | HTTP parameter discovery |
| [Dirsearch](https://github.com/maurosoria/dirsearch) | Directory and file brute-forcing |
| [wafw00f](https://github.com/EnableSecurity/wafw00f) | WAF fingerprinting |
| [GoSpider](https://github.com/jaeles-project/gospider) | Web spider for link extraction |
## Automated Scanners
| Tool | Description |
| ---------------------------------------------------- | -------------------------------------------------- |
| [Nuclei](https://github.com/projectdiscovery/nuclei) | Template-based vulnerability scanner |
| [SQLMap](https://sqlmap.org) | Automatic SQL injection detection and exploitation |
| [Wapiti](https://wapiti-scanner.github.io) | Web application vulnerability scanner |
| [ZAP](https://zaproxy.org) | OWASP Zed Attack Proxy |
## JavaScript Analysis
| Tool | Description |
| -------------------------------------------------------- | ------------------------------ |
| [JS-Snooper](https://github.com/aravind0x7/JS-Snooper) | JavaScript reconnaissance |
| [jsniper](https://github.com/xchopath/jsniper.sh) | JavaScript file analysis |
| [Retire.js](https://retirejs.github.io/retire.js) | Detect vulnerable JS libraries |
| [ESLint](https://eslint.org) | JavaScript static analysis |
| [js-beautify](https://github.com/beautifier/js-beautify) | JavaScript deobfuscation |
| [JSHint](https://jshint.com) | JavaScript code quality tool |
## Secret Detection
| Tool | Description |
| ----------------------------------------------------------- | ------------------------------------- |
| [TruffleHog](https://github.com/trufflesecurity/trufflehog) | Find secrets in code and history |
| [Semgrep](https://github.com/semgrep/semgrep) | Static analysis for security patterns |
| [Bandit](https://bandit.readthedocs.io) | Python security linter |
## Authentication Testing
| Tool | Description |
| ------------------------------------------------------------ | ---------------------------------- |
| [jwt_tool](https://github.com/ticarpi/jwt_tool) | JWT token testing and exploitation |
| [Interactsh](https://github.com/projectdiscovery/interactsh) | Out-of-band interaction detection |
## Container & Supply Chain
| Tool | Description |
| -------------------------- | ---------------------------------------------- |
| [Trivy](https://trivy.dev) | Container and dependency vulnerability scanner |
## HTTP Proxy
| Tool | Description |
| ------------------------- | --------------------------------------------- |
| [Caido](https://caido.io) | Modern HTTP proxy for interception and replay |
## Browser
| Tool | Description |
| ------------------------------------ | --------------------------- |
| [Playwright](https://playwright.dev) | Headless browser automation |
<Note>
All tools are pre-configured and ready to use. The agent selects the appropriate tool based on the vulnerability being tested.
</Note>

61
docs/tools/terminal.mdx Normal file
View File

@@ -0,0 +1,61 @@
---
title: "Terminal"
description: "Bash shell for running commands and security tools"
---
Strix has access to a persistent bash terminal running inside the Docker sandbox. This gives the agent access to all [pre-installed security tools](/tools/sandbox).
## Capabilities
| Feature | Description |
| ----------------- | ---------------------------------------------------------- |
| Persistent state | Working directory and environment persist between commands |
| Multiple sessions | Run parallel terminals for concurrent operations |
| Background jobs | Start long-running processes without blocking |
| Interactive | Respond to prompts and control running processes |
## Common Uses
### Running Security Tools
```bash
# Subdomain enumeration
subfinder -d example.com
# Vulnerability scanning
nuclei -u https://example.com
# SQL injection testing
sqlmap -u "https://example.com/page?id=1"
```
### Code Analysis
```bash
# Search for secrets
trufflehog filesystem ./
# Static analysis
semgrep --config auto ./src
# Grep for patterns
grep -r "password" ./
```
### Custom Scripts
```bash
# Run Python exploits
python3 exploit.py
# Execute shell scripts
./test_auth_bypass.sh
```
## Session Management
The agent can run multiple terminal sessions concurrently, for example:
- Main session for primary testing
- Secondary session for monitoring
- Background processes for servers or watchers

58
docs/usage/cli.mdx Normal file
View File

@@ -0,0 +1,58 @@
---
title: "CLI Reference"
description: "Command-line options for Strix"
---
## Basic Usage
```bash
strix --target <target> [options]
```
## Options
<ParamField path="--target, -t" type="string" required>
Target to test. Accepts URLs, repositories, local directories, domains, or IP addresses. Can be specified multiple times.
</ParamField>
<ParamField path="--instruction" type="string">
Custom instructions for the scan. Use for credentials, focus areas, or specific testing approaches.
</ParamField>
<ParamField path="--instruction-file" type="string">
Path to a file containing detailed instructions.
</ParamField>
<ParamField path="--scan-mode, -m" type="string" default="deep">
Scan depth: `quick`, `standard`, or `deep`.
</ParamField>
<ParamField path="--non-interactive, -n" type="boolean">
Run in headless mode without TUI. Ideal for CI/CD.
</ParamField>
## Examples
```bash
# Basic scan
strix --target https://example.com
# Authenticated testing
strix --target https://app.com --instruction "Use credentials: user:pass"
# Focused testing
strix --target api.example.com --instruction "Focus on IDOR and auth bypass"
# CI/CD mode
strix -n --target ./ --scan-mode quick
# Multi-target white-box testing
strix -t https://github.com/org/app -t https://staging.example.com
```
## Exit Codes
| Code | Meaning |
|------|---------|
| 0 | Scan completed, no vulnerabilities found |
| 2 | Vulnerabilities found (headless mode only) |

73
docs/usage/instructions.mdx Normal file
View File

@@ -0,0 +1,73 @@
---
title: "Custom Instructions"
description: "Guide Strix with custom testing instructions"
---
Use instructions to provide context, credentials, or focus areas for your scan.
## Inline Instructions
```bash
strix --target https://app.com --instruction "Focus on authentication vulnerabilities"
```
## File-Based Instructions
For complex instructions, use a file:
```bash
strix --target https://app.com --instruction-file ./pentest-instructions.md
```
## Common Use Cases
### Authenticated Testing
```bash
strix --target https://app.com \
--instruction "Login with email: test@example.com, password: TestPass123"
```
### Focused Scope
```bash
strix --target https://api.example.com \
--instruction "Focus on IDOR vulnerabilities in the /api/users endpoints"
```
### Exclusions
```bash
strix --target https://app.com \
--instruction "Do not test /admin or /internal endpoints"
```
### API Testing
```bash
strix --target https://api.example.com \
--instruction "Use API key header: X-API-Key: abc123. Focus on rate limiting bypass."
```
## Instruction File Example
```markdown instructions.md
# Penetration Test Instructions
## Credentials
- Admin: admin@example.com / AdminPass123
- User: user@example.com / UserPass123
## Focus Areas
1. IDOR in user profile endpoints
2. Privilege escalation between roles
3. JWT token manipulation
## Out of Scope
- /health endpoints
- Third-party integrations
```
<Tip>
Be specific. Good instructions help Strix prioritize the most valuable attack paths.
</Tip>

58
docs/usage/scan-modes.mdx Normal file
View File

@@ -0,0 +1,58 @@
---
title: "Scan Modes"
description: "Choose the right scan depth for your use case"
---
Strix offers three scan modes to balance speed and thoroughness.
## Quick
```bash
strix --target ./app --scan-mode quick
```
Fast checks for obvious vulnerabilities. Best for:
- CI/CD pipelines
- Pull request validation
- Rapid smoke tests
**Duration**: Minutes
## Standard
```bash
strix --target ./app --scan-mode standard
```
Balanced testing for routine security reviews. Best for:
- Regular security assessments
- Pre-release validation
- Development milestones
**Duration**: 30 minutes to 1 hour
## Deep
```bash
strix --target ./app --scan-mode deep
```
Thorough penetration testing. Best for:
- Comprehensive security audits
- Pre-production reviews
- Critical application assessments
**Duration**: 1-4 hours depending on target complexity
<Note>
Deep mode is the default. It explores edge cases, chained vulnerabilities, and complex attack paths.
</Note>
## Choosing a Mode
| Scenario | Recommended Mode |
|----------|------------------|
| Every PR | Quick |
| Weekly scans | Standard |
| Before major release | Deep |
| Bug bounty hunting | Deep |