74 lines
1.5 KiB
Plaintext
74 lines
1.5 KiB
Plaintext
---
|
|
title: "Custom Instructions"
|
|
description: "Guide Strix with custom testing instructions"
|
|
---
|
|
|
|
Use instructions to provide context, credentials, or focus areas for your scan.
|
|
|
|
## Inline Instructions
|
|
|
|
```bash
|
|
strix --target https://app.com --instruction "Focus on authentication vulnerabilities"
|
|
```
|
|
|
|
## File-Based Instructions
|
|
|
|
For complex instructions, use a file:
|
|
|
|
```bash
|
|
strix --target https://app.com --instruction-file ./pentest-instructions.md
|
|
```
|
|
|
|
## Common Use Cases
|
|
|
|
### Authenticated Testing
|
|
|
|
```bash
|
|
strix --target https://app.com \
|
|
--instruction "Login with email: test@example.com, password: TestPass123"
|
|
```
|
|
|
|
### Focused Scope
|
|
|
|
```bash
|
|
strix --target https://api.example.com \
|
|
--instruction "Focus on IDOR vulnerabilities in the /api/users endpoints"
|
|
```
|
|
|
|
### Exclusions
|
|
|
|
```bash
|
|
strix --target https://app.com \
|
|
--instruction "Do not test /admin or /internal endpoints"
|
|
```
|
|
|
|
### API Testing
|
|
|
|
```bash
|
|
strix --target https://api.example.com \
|
|
--instruction "Use API key header: X-API-Key: abc123. Focus on rate limiting bypass."
|
|
```
|
|
|
|
## Instruction File Example
|
|
|
|
```markdown instructions.md
|
|
# Penetration Test Instructions
|
|
|
|
## Credentials
|
|
- Admin: admin@example.com / AdminPass123
|
|
- User: user@example.com / UserPass123
|
|
|
|
## Focus Areas
|
|
1. IDOR in user profile endpoints
|
|
2. Privilege escalation between roles
|
|
3. JWT token manipulation
|
|
|
|
## Out of Scope
|
|
- /health endpoints
|
|
- Third-party integrations
|
|
```
|
|
|
|
<Tip>
|
|
Be specific. Good instructions help Strix prioritize the most valuable attack paths.
|
|
</Tip>
|