strix/docs/tools/sandbox.mdx

---
title: "Sandbox Tools"
description: "Pre-installed security tools in the Strix container"
---

Strix runs inside a Kali Linux-based Docker container with a comprehensive set of security tools pre-installed. The agent can use any of these tools through the [terminal](/tools/terminal).

## Reconnaissance

| Tool                                                       | Description                            |
| ---------------------------------------------------------- | -------------------------------------- |
| [Subfinder](https://github.com/projectdiscovery/subfinder) | Subdomain discovery                    |
| [Naabu](https://github.com/projectdiscovery/naabu)         | Fast port scanner                      |
| [httpx](https://github.com/projectdiscovery/httpx)         | HTTP probing and analysis              |
| [Katana](https://github.com/projectdiscovery/katana)       | Web crawling and spidering             |
| [ffuf](https://github.com/ffuf/ffuf)                       | Fast web fuzzer                        |
| [Nmap](https://nmap.org)                                   | Network scanning and service detection |

## Web Testing

| Tool                                                   | Description                      |
| ------------------------------------------------------ | -------------------------------- |
| [Arjun](https://github.com/s0md3v/Arjun)               | HTTP parameter discovery         |
| [Dirsearch](https://github.com/maurosoria/dirsearch)   | Directory and file brute-forcing |
| [wafw00f](https://github.com/EnableSecurity/wafw00f)   | WAF fingerprinting               |
| [GoSpider](https://github.com/jaeles-project/gospider) | Web spider for link extraction   |

## Automated Scanners

| Tool                                                 | Description                                        |
| ---------------------------------------------------- | -------------------------------------------------- |
| [Nuclei](https://github.com/projectdiscovery/nuclei) | Template-based vulnerability scanner               |
| [SQLMap](https://sqlmap.org)                         | Automatic SQL injection detection and exploitation |
| [Wapiti](https://wapiti-scanner.github.io)           | Web application vulnerability scanner              |
| [ZAP](https://zaproxy.org)                           | OWASP Zed Attack Proxy                             |

## JavaScript Analysis

| Tool                                                     | Description                    |
| -------------------------------------------------------- | ------------------------------ |
| [JS-Snooper](https://github.com/aravind0x7/JS-Snooper)   | JavaScript reconnaissance      |
| [jsniper](https://github.com/xchopath/jsniper.sh)        | JavaScript file analysis       |
| [Retire.js](https://retirejs.github.io/retire.js)        | Detect vulnerable JS libraries |
| [ESLint](https://eslint.org)                             | JavaScript static analysis     |
| [js-beautify](https://github.com/beautifier/js-beautify) | JavaScript deobfuscation       |
| [JSHint](https://jshint.com)                             | JavaScript code quality tool   |

## Source-Aware Analysis

| Tool                                                    | Description                                   |
| ------------------------------------------------------- | --------------------------------------------- |
| [Semgrep](https://github.com/semgrep/semgrep)          | Fast SAST and custom rule matching            |
| [ast-grep](https://ast-grep.github.io)                 | Structural AST/CST-aware code search (`sg`)   |
| [Tree-sitter](https://tree-sitter.github.io/tree-sitter/) | Syntax tree parsing and symbol extraction (Java/JS/TS/Python/Go/Bash/JSON/YAML grammars pre-configured) |
| [Bandit](https://bandit.readthedocs.io)                | Python security linter                        |

## Secret Detection

| Tool                                                        | Description                           |
| ----------------------------------------------------------- | ------------------------------------- |
| [TruffleHog](https://github.com/trufflesecurity/trufflehog) | Find secrets in code and history      |
| [Gitleaks](https://github.com/gitleaks/gitleaks)            | Detect hardcoded secrets in repositories |

## Authentication Testing

| Tool                                                         | Description                        |
| ------------------------------------------------------------ | ---------------------------------- |
| [jwt_tool](https://github.com/ticarpi/jwt_tool)              | JWT token testing and exploitation |
| [Interactsh](https://github.com/projectdiscovery/interactsh) | Out-of-band interaction detection  |

## Container & Supply Chain

| Tool                       | Description                                    |
| -------------------------- | ---------------------------------------------- |
| [Trivy](https://trivy.dev) | Filesystem/container scanning for vulns, misconfigurations, secrets, and licenses |

## HTTP Proxy

| Tool                      | Description                                   |
| ------------------------- | --------------------------------------------- |
| [Caido](https://caido.io) | Modern HTTP proxy for interception and replay |

## Browser

| Tool                                 | Description                 |
| ------------------------------------ | --------------------------- |
| [Playwright](https://playwright.dev) | Headless browser automation |

<Note>
  All tools are pre-configured and ready to use. The agent selects the appropriate tool based on the vulnerability being tested.
</Note>