From 60d68d85f3f728ba261bc7a82ba950fc079742d9 Mon Sep 17 00:00:00 2001 From: Ahmed Allam <49919286+0xallam@users.noreply.github.com> Date: Mon, 29 Jun 2026 19:00:46 -0700 Subject: [PATCH] Readme update --- README.md | 77 ++++++++++++++++++++++++++++--------------------------- 1 file changed, 39 insertions(+), 38 deletions(-) diff --git a/README.md b/README.md index 61ef8a3..1e2f611 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,7 @@ # Strix -### Open-source AI hackers to find and fix your app’s vulnerabilities. +### The open-source AI pentesting tool. Autonomous AI hackers that find and fix your app’s vulnerabilities.
@@ -40,15 +40,15 @@ ## Strix Overview -Strix are autonomous AI agents that act just like real hackers - they run your code dynamically, find vulnerabilities, and validate them through actual proof-of-concepts. Built for developers and security teams who need fast, accurate security testing without the overhead of manual pentesting or the false positives of static analysis tools. +Strix are autonomous AI penetration testing agents that act just like real hackers - they run your code dynamically, find vulnerabilities, and validate them through actual proof-of-concepts. Built for developers and security teams who need fast, accurate security testing without the overhead of manual pentesting or the false positives of static analysis tools. **Key Capabilities:** -- **Full hacker toolkit** out of the box -- **Teams of agents** that collaborate and scale -- **Real validation** with PoCs, not false positives -- **Developer‑first** CLI with actionable reports -- **Auto‑fix & reporting** to accelerate remediation +- **Full pentesting toolkit** — reconnaissance, exploitation, and validation out of the box +- **Multi-agent orchestration** — teams of AI pentesters that collaborate and scale +- **Real exploit validation** - working PoCs, not false positives like legacy vulnerability scanners +- **Developer‑first CLI** — actionable findings with remediation guidance +- **Auto‑fix & reporting** — generate patches and compliance-ready pentest reports
@@ -95,13 +95,13 @@ strix --target ./app-directory ## ☁️ Strix Platform -Try the Strix full-stack security platform at **[app.strix.ai](https://app.strix.ai)** — sign up for free, connect your repos and domains, and launch a pentest in minutes. +Try the Strix full-stack penetration testing platform at **[app.strix.ai](https://app.strix.ai)** — sign up for free, connect your repos and domains, and launch a pentest in minutes. -- **Validated findings with PoCs** and reproduction steps -- **One-click autofix** as ready-to-merge pull requests -- **Continuous monitoring** across code, cloud, and infrastructure -- **Integrations** with GitHub, Slack, Jira, Linear, and CI/CD pipelines -- **Continuous learning** that builds on past findings and remediations +- **Validated findings with PoCs** — every vulnerability includes a working proof-of-concept exploit and reproduction steps +- **One-click autofix** — AI-generated security patches as ready-to-merge pull requests +- **Continuous pentesting** — always-on vulnerability scanning that keeps pace with your deployments +- **DevSecOps integrations** — GitHub, GitLab, Bitbucket, Slack, Jira, Linear, and CI/CD pipelines +- **Continuous learning** — AI that builds on past findings, adapts to your codebase, and reduces false positives over time [**Start your first pentest →**](https://app.strix.ai) @@ -109,37 +109,38 @@ Try the Strix full-stack security platform at **[app.strix.ai](https://app.strix ## ✨ Features -### Agentic Security Tools +### Agentic Pentesting Tools -Strix agents come equipped with a comprehensive security testing toolkit: +Strix agents come equipped with a comprehensive offensive security toolkit — the same tools used by professional penetration testers and ethical hackers: -- **Full HTTP Proxy** - Full request/response manipulation and analysis -- **Browser Automation** - Multi-tab browser for testing of XSS, CSRF, auth flows -- **Terminal Environments** - Interactive shells for command execution and testing -- **Python Runtime** - Custom exploit development and validation -- **Reconnaissance** - Automated OSINT and attack surface mapping -- **Code Analysis** - Static and dynamic analysis capabilities -- **Knowledge Management** - Structured findings and attack documentation +- **HTTP Interception Proxy** — Full request/response manipulation and analysis with Caido +- **Browser Exploitation** — Automated browser for testing XSS, CSRF, clickjacking, and auth bypass flows +- **Shell & Command Execution** — Interactive terminal for exploit development and post-exploitation +- **Custom Exploit Runtime** — Python sandbox for writing and validating proof-of-concept exploits +- **Reconnaissance & OSINT** — Automated attack surface mapping, subdomain enumeration, and fingerprinting +- **Static & Dynamic Code Analysis** — SAST + DAST capabilities for comprehensive application security testing +- **Vulnerability Knowledge Base** — Structured findings with CVSS scoring and OWASP classification -### Comprehensive Vulnerability Detection +### Comprehensive Vulnerability Scanner -Strix can identify and validate a wide range of security vulnerabilities: +Strix identifies, validates, and exploits a wide range of security vulnerabilities across the OWASP Top 10 and beyond: -- **Access Control** - IDOR, privilege escalation, auth bypass -- **Injection Attacks** - SQL, NoSQL, command injection -- **Server-Side** - SSRF, XXE, deserialization flaws -- **Client-Side** - XSS, prototype pollution, DOM vulnerabilities -- **Business Logic** - Race conditions, workflow manipulation -- **Authentication** - JWT vulnerabilities, session management -- **Infrastructure** - Misconfigurations, exposed services +- **Broken Access Control** — IDOR, privilege escalation, auth bypass +- **Injection Attacks** — SQL injection, NoSQL injection, OS command injection, SSTI +- **Server-Side Vulnerabilities** — SSRF, XXE, insecure deserialization, RCE +- **Client-Side Attacks** — XSS (stored/reflected/DOM), prototype pollution, CSRF +- **Business Logic Flaws** — Race conditions, payment manipulation, workflow bypass +- **Authentication & Session** — JWT attacks, session fixation, credential stuffing vectors +- **Infrastructure & Cloud** — Misconfigurations, exposed services, cloud security issues +- **API Security** — Broken authentication, mass assignment, rate limiting bypass -### Graph of Agents +### Graph of Agents (Multi-Agent Pentesting) -Advanced multi-agent orchestration for comprehensive security testing: +Advanced multi-agent orchestration for comprehensive automated penetration testing: -- **Distributed Workflows** - Specialized agents for different attacks and assets -- **Scalable Testing** - Parallel execution for fast comprehensive coverage -- **Dynamic Coordination** - Agents collaborate and share discoveries +- **Distributed Pentesting** — Specialized AI agents for recon, exploitation, and post-exploitation +- **Scalable Security Testing** — Parallel execution across multiple targets for fast, comprehensive coverage +- **Dynamic Coordination** — Agents share discoveries, chain vulnerabilities, and collaborate like a red team --- @@ -245,9 +246,9 @@ export STRIX_REASONING_EFFORT="high" # control thinking effort (default: high, See the [LLM Providers documentation](https://docs.strix.ai/llm-providers/overview) for all supported providers including Vertex AI, Bedrock, Azure, and local models. -## Enterprise +## Enterprise Pentesting -Get the same Strix experience with [enterprise-grade](https://strix.ai/demo) controls: SSO (SAML/OIDC), custom compliance reports, dedicated support & SLA, custom deployment options (VPC/self-hosted), BYOK model support, and tailored agents optimized for your environment. [Learn more](https://strix.ai/demo). +Get the same Strix experience with [enterprise-grade](https://strix.ai/demo) controls: SSO (SAML/OIDC), custom compliance-ready penetration testing reports (SOC 2, ISO 27001, PCI DSS), dedicated support & SLA, custom deployment options (VPC/self-hosted), BYOK model support, and tailored AI pentesting agents optimized for your environment. [Learn more](https://strix.ai/demo). ## Documentation