Readme update

This commit is contained in:
Ahmed Allam
2026-06-29 19:00:46 -07:00
committed by GitHub
parent 777005a42b
commit 60d68d85f3
+39 -38
View File
@@ -8,7 +8,7 @@
# Strix # Strix
### Open-source AI hackers to find and fix your apps vulnerabilities. ### The open-source AI pentesting tool. Autonomous AI hackers that find and fix your apps vulnerabilities.
<br/> <br/>
@@ -40,15 +40,15 @@
## Strix Overview ## Strix Overview
Strix are autonomous AI agents that act just like real hackers - they run your code dynamically, find vulnerabilities, and validate them through actual proof-of-concepts. Built for developers and security teams who need fast, accurate security testing without the overhead of manual pentesting or the false positives of static analysis tools. Strix are autonomous AI penetration testing agents that act just like real hackers - they run your code dynamically, find vulnerabilities, and validate them through actual proof-of-concepts. Built for developers and security teams who need fast, accurate security testing without the overhead of manual pentesting or the false positives of static analysis tools.
**Key Capabilities:** **Key Capabilities:**
- **Full hacker toolkit** out of the box - **Full pentesting toolkit** — reconnaissance, exploitation, and validation out of the box
- **Teams of agents** that collaborate and scale - **Multi-agent orchestration** — teams of AI pentesters that collaborate and scale
- **Real validation** with PoCs, not false positives - **Real exploit validation** - working PoCs, not false positives like legacy vulnerability scanners
- **Developerfirst** CLI with actionable reports - **Developerfirst CLI** — actionable findings with remediation guidance
- **Autofix & reporting** to accelerate remediation - **Autofix & reporting** — generate patches and compliance-ready pentest reports
<br> <br>
@@ -95,13 +95,13 @@ strix --target ./app-directory
## ☁️ Strix Platform ## ☁️ Strix Platform
Try the Strix full-stack security platform at **[app.strix.ai](https://app.strix.ai)** — sign up for free, connect your repos and domains, and launch a pentest in minutes. Try the Strix full-stack penetration testing platform at **[app.strix.ai](https://app.strix.ai)** — sign up for free, connect your repos and domains, and launch a pentest in minutes.
- **Validated findings with PoCs** and reproduction steps - **Validated findings with PoCs** — every vulnerability includes a working proof-of-concept exploit and reproduction steps
- **One-click autofix** as ready-to-merge pull requests - **One-click autofix** — AI-generated security patches as ready-to-merge pull requests
- **Continuous monitoring** across code, cloud, and infrastructure - **Continuous pentesting** — always-on vulnerability scanning that keeps pace with your deployments
- **Integrations** with GitHub, Slack, Jira, Linear, and CI/CD pipelines - **DevSecOps integrations** GitHub, GitLab, Bitbucket, Slack, Jira, Linear, and CI/CD pipelines
- **Continuous learning** that builds on past findings and remediations - **Continuous learning** — AI that builds on past findings, adapts to your codebase, and reduces false positives over time
[**Start your first pentest →**](https://app.strix.ai) [**Start your first pentest →**](https://app.strix.ai)
@@ -109,37 +109,38 @@ Try the Strix full-stack security platform at **[app.strix.ai](https://app.strix
## ✨ Features ## ✨ Features
### Agentic Security Tools ### Agentic Pentesting Tools
Strix agents come equipped with a comprehensive security testing toolkit: Strix agents come equipped with a comprehensive offensive security toolkit — the same tools used by professional penetration testers and ethical hackers:
- **Full HTTP Proxy** - Full request/response manipulation and analysis - **HTTP Interception Proxy** Full request/response manipulation and analysis with Caido
- **Browser Automation** - Multi-tab browser for testing of XSS, CSRF, auth flows - **Browser Exploitation** — Automated browser for testing XSS, CSRF, clickjacking, and auth bypass flows
- **Terminal Environments** - Interactive shells for command execution and testing - **Shell & Command Execution** Interactive terminal for exploit development and post-exploitation
- **Python Runtime** - Custom exploit development and validation - **Custom Exploit Runtime** — Python sandbox for writing and validating proof-of-concept exploits
- **Reconnaissance** - Automated OSINT and attack surface mapping - **Reconnaissance & OSINT** Automated attack surface mapping, subdomain enumeration, and fingerprinting
- **Code Analysis** - Static and dynamic analysis capabilities - **Static & Dynamic Code Analysis** SAST + DAST capabilities for comprehensive application security testing
- **Knowledge Management** - Structured findings and attack documentation - **Vulnerability Knowledge Base** Structured findings with CVSS scoring and OWASP classification
### Comprehensive Vulnerability Detection ### Comprehensive Vulnerability Scanner
Strix can identify and validate a wide range of security vulnerabilities: Strix identifies, validates, and exploits a wide range of security vulnerabilities across the OWASP Top 10 and beyond:
- **Access Control** - IDOR, privilege escalation, auth bypass - **Broken Access Control** IDOR, privilege escalation, auth bypass
- **Injection Attacks** - SQL, NoSQL, command injection - **Injection Attacks** SQL injection, NoSQL injection, OS command injection, SSTI
- **Server-Side** - SSRF, XXE, deserialization flaws - **Server-Side Vulnerabilities** SSRF, XXE, insecure deserialization, RCE
- **Client-Side** - XSS, prototype pollution, DOM vulnerabilities - **Client-Side Attacks** XSS (stored/reflected/DOM), prototype pollution, CSRF
- **Business Logic** - Race conditions, workflow manipulation - **Business Logic Flaws** Race conditions, payment manipulation, workflow bypass
- **Authentication** - JWT vulnerabilities, session management - **Authentication & Session** JWT attacks, session fixation, credential stuffing vectors
- **Infrastructure** - Misconfigurations, exposed services - **Infrastructure & Cloud** Misconfigurations, exposed services, cloud security issues
- **API Security** — Broken authentication, mass assignment, rate limiting bypass
### Graph of Agents ### Graph of Agents (Multi-Agent Pentesting)
Advanced multi-agent orchestration for comprehensive security testing: Advanced multi-agent orchestration for comprehensive automated penetration testing:
- **Distributed Workflows** - Specialized agents for different attacks and assets - **Distributed Pentesting** Specialized AI agents for recon, exploitation, and post-exploitation
- **Scalable Testing** - Parallel execution for fast comprehensive coverage - **Scalable Security Testing** Parallel execution across multiple targets for fast, comprehensive coverage
- **Dynamic Coordination** - Agents collaborate and share discoveries - **Dynamic Coordination** Agents share discoveries, chain vulnerabilities, and collaborate like a red team
--- ---
@@ -245,9 +246,9 @@ export STRIX_REASONING_EFFORT="high" # control thinking effort (default: high,
See the [LLM Providers documentation](https://docs.strix.ai/llm-providers/overview) for all supported providers including Vertex AI, Bedrock, Azure, and local models. See the [LLM Providers documentation](https://docs.strix.ai/llm-providers/overview) for all supported providers including Vertex AI, Bedrock, Azure, and local models.
## Enterprise ## Enterprise Pentesting
Get the same Strix experience with [enterprise-grade](https://strix.ai/demo) controls: SSO (SAML/OIDC), custom compliance reports, dedicated support & SLA, custom deployment options (VPC/self-hosted), BYOK model support, and tailored agents optimized for your environment. [Learn more](https://strix.ai/demo). Get the same Strix experience with [enterprise-grade](https://strix.ai/demo) controls: SSO (SAML/OIDC), custom compliance-ready penetration testing reports (SOC 2, ISO 27001, PCI DSS), dedicated support & SLA, custom deployment options (VPC/self-hosted), BYOK model support, and tailored AI pentesting agents optimized for your environment. [Learn more](https://strix.ai/demo).
## Documentation ## Documentation