salvacybersec/strix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix/ Long text instruction causes crash (#184)

Browse Source
This commit is contained in:
Alexander De Battista Kvamme
2025-12-08 20:23:51 +01:00
committed by GitHub
parent 1edd8eda01
commit 9fedcf1551
2 changed files with 24 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@@ -161,7 +161,7 @@ strix -t https://github.com/org/app -t https://your-app.com
strix --target api.your-app.com --instruction "Focus on business logic flaws and IDOR vulnerabilities" strix --target api.your-app.com --instruction "Focus on business logic flaws and IDOR vulnerabilities"
# Provide detailed instructions through file (e.g., rules of engagement, scope, exclusions) # Provide detailed instructions through file (e.g., rules of engagement, scope, exclusions)
strix --target api.your-app.com --instruction ./instruction.md strix --target api.your-app.com --instruction-file ./instruction.md
``` ```
### 🤖 Headless Mode ### 🤖 Headless Mode

26
strix/interface/main.py
View File

@@ -263,8 +263,8 @@ Examples:
strix --target example.com --instruction "Focus on authentication vulnerabilities" strix --target example.com --instruction "Focus on authentication vulnerabilities"
# Custom instructions (from file) # Custom instructions (from file)
strix --target example.com --instruction ./instructions.txt strix --target example.com --instruction-file ./instructions.txt
strix --target https://app.com --instruction /path/to/detailed_instructions.md strix --target https://app.com --instruction-file /path/to/detailed_instructions.md
""", """,
) )
@@ -285,9 +285,15 @@ Examples:
"testing approaches (e.g., 'Perform thorough authentication testing'), " "testing approaches (e.g., 'Perform thorough authentication testing'), "
"test credentials (e.g., 'Use the following credentials to access the app: " "test credentials (e.g., 'Use the following credentials to access the app: "
"admin:password123'), " "admin:password123'), "
"or areas of interest (e.g., 'Check login API endpoint for security issues'). " "or areas of interest (e.g., 'Check login API endpoint for security issues').",
"You can also provide a path to a file containing detailed instructions " )
"(e.g., '--instruction ./instructions.txt').",
parser.add_argument(
"--instruction-file",
type=str,
help="Path to a file containing detailed custom instructions for the penetration test. "
"Use this option when you have lengthy or complex instructions saved in a file "
"(e.g., '--instruction-file ./detailed_instructions.txt').",
) )
parser.add_argument( parser.add_argument(
@@ -308,15 +314,17 @@ Examples:
args = parser.parse_args() args = parser.parse_args()
if args.instruction: if args.instruction and args.instruction_file:
instruction_path = Path(args.instruction) parser.error("Cannot specify both --instruction and --instruction-file. Use one or the other.")
if instruction_path.exists() and instruction_path.is_file():
if args.instruction_file:
instruction_path = Path(args.instruction_file)
try: try:
with instruction_path.open(encoding="utf-8") as f: with instruction_path.open(encoding="utf-8") as f:
args.instruction = f.read().strip() args.instruction = f.read().strip()
if not args.instruction: if not args.instruction:
parser.error(f"Instruction file '{instruction_path}' is empty") parser.error(f"Instruction file '{instruction_path}' is empty")
except Exception as e: # noqa: BLE001 except Exception as e:
parser.error(f"Failed to read instruction file '{instruction_path}': {e}") parser.error(f"Failed to read instruction file '{instruction_path}': {e}")
args.targets_info = [] args.targets_info = []