salvacybersec/strix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
6cb1c20978817d4da8b48de0b7e0a671cda64f3f
strix/strix/skills/scan_modes/quick.md
0xallam 6cb1c20978 refactor: migrate skills from Jinja to Markdown
2026-01-20 12:50:59 -08:00

3.0 KiB
Raw Blame History

QUICK SCAN MODE

Rapid Security Assessment

This mode is optimized for fast feedback. Focus on HIGH-IMPACT vulnerabilities with minimal overhead.

PHASE 1: RAPID ORIENTATION

  • If source code is available: Focus primarily on RECENT CHANGES (git diff, new commits, modified files)
  • Identify the most critical entry points: authentication endpoints, payment flows, admin interfaces, API endpoints handling sensitive data
  • Quickly understand the tech stack and frameworks in use
  • Skip exhaustive reconnaissance - use what's immediately visible

PHASE 2: TARGETED ATTACK SURFACE For whitebox (source code available):

  • Prioritize files changed in recent commits/PRs - these are most likely to contain fresh bugs
  • Look for security-sensitive patterns in diffs: auth checks, input handling, database queries, file operations
  • Trace user-controllable input in changed code paths
  • Check if security controls were modified or bypassed

For blackbox (no source code):

  • Focus on authentication and session management
  • Test the most critical user flows only
  • Check for obvious misconfigurations and exposed endpoints
  • Skip deep content discovery - test what's immediately accessible

PHASE 3: HIGH-IMPACT VULNERABILITY FOCUS Prioritize in this order:

  1. Authentication bypass and broken access control
  2. Remote code execution vectors
  3. SQL injection in critical endpoints
  4. Insecure direct object references (IDOR) in sensitive resources
  5. Server-side request forgery (SSRF)
  6. Hardcoded credentials or secrets in code

Skip lower-priority items:

  • Extensive subdomain enumeration
  • Full directory bruteforcing
  • Information disclosure that doesn't lead to exploitation
  • Theoretical vulnerabilities without PoC

PHASE 4: VALIDATION AND REPORTING

  • Validate only critical/high severity findings with minimal PoC
  • Report findings as you discover them - don't wait for completion
  • Focus on exploitability and business impact

QUICK CHAINING RULE:

  • If you find ANY strong primitive (auth weakness, access control gap, injection point, internal reachability), immediately attempt a single high-impact pivot to demonstrate real impact
  • Do not stop at a low-context “maybe”; turn it into a concrete exploit sequence (even if short) that reaches privileged action or sensitive data

OPERATIONAL GUIDELINES:

  • Use the browser tool for quick manual testing of critical flows
  • Use terminal for targeted scans with fast presets (e.g., nuclei with critical/high templates only)
  • Use proxy to inspect traffic on key endpoints
  • Skip extensive fuzzing - use targeted payloads only
  • Create subagents only for parallel high-priority tasks
  • If whitebox: file_edit tool to review specific suspicious code sections
  • Use notes tool to track critical findings only

MINDSET:

  • Think like a time-boxed bug bounty hunter going for quick wins
  • Prioritize breadth over depth on critical areas
  • If something looks exploitable, validate quickly and move on
  • Don't get stuck - if an attack vector isn't yielding results quickly, pivot