ContextQMD
Back to Strix

Introduction

docs/index.mdx

0.8.33.4 KB
Original Source

Strix are autonomous AI agents that act like real hackers—they run your code dynamically, find vulnerabilities, and validate them with proof-of-concepts. Built for developers and security teams who need fast, accurate security testing without the overhead of manual pentesting or the false positives of static analysis tools.

<Frame> </Frame> <CardGroup cols={2}> <Card title="Quick Start" icon="rocket" href="/quickstart"> Install and run your first scan in minutes. </Card> <Card title="CLI Reference" icon="terminal" href="/usage/cli"> Learn all command-line options. </Card> <Card title="Tools" icon="wrench" href="/tools/overview"> Explore the security testing toolkit. </Card> <Card title="GitHub Actions" icon="github" href="/integrations/github-actions"> Integrate into your CI/CD pipeline. </Card> </CardGroup>

Use Cases

  • Application Security Testing — Detect and validate critical vulnerabilities in your applications
  • Rapid Penetration Testing — Get penetration tests done in hours, not weeks
  • Bug Bounty Automation — Automate research and generate PoCs for faster reporting
  • CI/CD Integration — Block vulnerabilities before they reach production

Key Capabilities

  • Full hacker toolkit — Browser automation, HTTP proxy, terminal, Python runtime
  • Real validation — PoCs, not false positives
  • Multi-agent orchestration — Specialized agents collaborate on complex targets
  • Developer-first CLI — Interactive TUI or headless mode for automation

Security Tools

Strix agents come equipped with a comprehensive toolkit:

ToolPurpose
HTTP ProxyFull request/response manipulation and analysis
Browser AutomationMulti-tab browser for XSS, CSRF, auth flow testing
TerminalInteractive shells for command execution
Python RuntimeCustom exploit development and validation
ReconnaissanceAutomated OSINT and attack surface mapping
Code AnalysisStatic and dynamic analysis capabilities

Vulnerability Coverage

CategoryExamples
Access ControlIDOR, privilege escalation, auth bypass
InjectionSQL, NoSQL, command injection
Server-SideSSRF, XXE, deserialization
Client-SideXSS, prototype pollution, DOM vulnerabilities
Business LogicRace conditions, workflow manipulation
AuthenticationJWT vulnerabilities, session management
InfrastructureMisconfigurations, exposed services

Multi-Agent Architecture

Strix uses a graph of specialized agents for comprehensive security testing:

  • Distributed Workflows — Specialized agents for different attacks and assets
  • Scalable Testing — Parallel execution for fast comprehensive coverage
  • Dynamic Coordination — Agents collaborate and share discoveries

Quick Example

bash
# Install
curl -sSL https://strix.ai/install | bash

# Configure
export STRIX_LLM="openai/gpt-5.4"
export LLM_API_KEY="your-api-key"

# Scan
strix --target ./your-app

Community

<CardGroup cols={2}> <Card title="Discord" icon="discord" href="https://discord.gg/strix-ai"> Join the community for help and discussion. </Card> <Card title="GitHub" icon="github" href="https://github.com/usestrix/strix"> Star the repo and contribute. </Card> </CardGroup> <Warning> Only test applications you own or have explicit permission to test. </Warning>