98 lines
3.4 KiB
Plaintext
98 lines
3.4 KiB
Plaintext
---
|
|
title: "Introduction"
|
|
description: "Open-source AI hackers to secure your apps"
|
|
---
|
|
|
|
Strix are autonomous AI agents that act like real hackers—they run your code dynamically, find vulnerabilities, and validate them with proof-of-concepts. Built for developers and security teams who need fast, accurate security testing without the overhead of manual pentesting or the false positives of static analysis tools.
|
|
|
|
<CardGroup cols={2}>
|
|
<Card title="Quick Start" icon="rocket" href="/quickstart">
|
|
Install and run your first scan in minutes.
|
|
</Card>
|
|
<Card title="CLI Reference" icon="terminal" href="/usage/cli">
|
|
Learn all command-line options.
|
|
</Card>
|
|
<Card title="Tools" icon="wrench" href="/tools/overview">
|
|
Explore the security testing toolkit.
|
|
</Card>
|
|
<Card title="GitHub Actions" icon="github" href="/integrations/github-actions">
|
|
Integrate into your CI/CD pipeline.
|
|
</Card>
|
|
</CardGroup>
|
|
|
|
## Use Cases
|
|
|
|
- **Application Security Testing** — Detect and validate critical vulnerabilities in your applications
|
|
- **Rapid Penetration Testing** — Get penetration tests done in hours, not weeks
|
|
- **Bug Bounty Automation** — Automate research and generate PoCs for faster reporting
|
|
- **CI/CD Integration** — Block vulnerabilities before they reach production
|
|
|
|
## Key Capabilities
|
|
|
|
- **Full hacker toolkit** — Browser automation, HTTP proxy, terminal, Python runtime
|
|
- **Real validation** — PoCs, not false positives
|
|
- **Multi-agent orchestration** — Specialized agents collaborate on complex targets
|
|
- **Developer-first CLI** — Interactive TUI or headless mode for automation
|
|
|
|
## Security Tools
|
|
|
|
Strix agents come equipped with a comprehensive toolkit:
|
|
|
|
| Tool | Purpose |
|
|
|------|---------|
|
|
| HTTP Proxy | Full request/response manipulation and analysis |
|
|
| Browser Automation | Multi-tab browser for XSS, CSRF, auth flow testing |
|
|
| Terminal | Interactive shells for command execution |
|
|
| Python Runtime | Custom exploit development and validation |
|
|
| Reconnaissance | Automated OSINT and attack surface mapping |
|
|
| Code Analysis | Static and dynamic analysis capabilities |
|
|
|
|
## Vulnerability Coverage
|
|
|
|
| Category | Examples |
|
|
|----------|----------|
|
|
| Access Control | IDOR, privilege escalation, auth bypass |
|
|
| Injection | SQL, NoSQL, command injection |
|
|
| Server-Side | SSRF, XXE, deserialization |
|
|
| Client-Side | XSS, prototype pollution, DOM vulnerabilities |
|
|
| Business Logic | Race conditions, workflow manipulation |
|
|
| Authentication | JWT vulnerabilities, session management |
|
|
| Infrastructure | Misconfigurations, exposed services |
|
|
|
|
## Multi-Agent Architecture
|
|
|
|
Strix uses a graph of specialized agents for comprehensive security testing:
|
|
|
|
- **Distributed Workflows** — Specialized agents for different attacks and assets
|
|
- **Scalable Testing** — Parallel execution for fast comprehensive coverage
|
|
- **Dynamic Coordination** — Agents collaborate and share discoveries
|
|
|
|
## Quick Example
|
|
|
|
```bash
|
|
# Install
|
|
curl -sSL https://strix.ai/install | bash
|
|
|
|
# Configure
|
|
export STRIX_LLM="openai/gpt-5"
|
|
export LLM_API_KEY="your-api-key"
|
|
|
|
# Scan
|
|
strix --target ./your-app
|
|
```
|
|
|
|
## Community
|
|
|
|
<CardGroup cols={2}>
|
|
<Card title="Discord" icon="discord" href="https://discord.gg/strix-ai">
|
|
Join the community for help and discussion.
|
|
</Card>
|
|
<Card title="GitHub" icon="github" href="https://github.com/usestrix/strix">
|
|
Star the repo and contribute.
|
|
</Card>
|
|
</CardGroup>
|
|
|
|
<Warning>
|
|
Only test applications you own or have explicit permission to test.
|
|
</Warning>
|