Compare commits
2 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 639ce5b31a | |||
| 5ee34481fe |
@@ -11,7 +11,7 @@ repos:
|
||||
|
||||
# MyPy for static type checking
|
||||
- repo: https://github.com/pre-commit/mirrors-mypy
|
||||
rev: v1.16.0
|
||||
rev: v1.17.1
|
||||
hooks:
|
||||
- id: mypy
|
||||
additional_dependencies: [
|
||||
|
||||
@@ -275,5 +275,3 @@ Strix builds on the incredible work of open-source projects like [LiteLLM](https
|
||||
> Only test apps you own or have permission to test. You are responsible for using Strix ethically and legally.
|
||||
|
||||
</div>
|
||||
|
||||

|
||||
|
||||
@@ -3,10 +3,6 @@ title: "Configuration"
|
||||
description: "Environment variables for Strix"
|
||||
---
|
||||
|
||||
import { ScarfPixel } from "/snippets/scarf-pixel.mdx";
|
||||
|
||||
<ScarfPixel />
|
||||
|
||||
Configure Strix using environment variables or a config file.
|
||||
|
||||
## LLM Configuration
|
||||
|
||||
@@ -3,10 +3,6 @@ title: "Skills"
|
||||
description: "Specialized knowledge packages that enhance agent capabilities"
|
||||
---
|
||||
|
||||
import { ScarfPixel } from "/snippets/scarf-pixel.mdx";
|
||||
|
||||
<ScarfPixel />
|
||||
|
||||
Skills are structured knowledge packages that give Strix agents deep expertise in specific vulnerability types, technologies, and testing methodologies.
|
||||
|
||||
## The Idea
|
||||
|
||||
@@ -3,10 +3,6 @@ title: "Introduction"
|
||||
description: "Managed security testing without local setup"
|
||||
---
|
||||
|
||||
import { ScarfPixel } from "/snippets/scarf-pixel.mdx";
|
||||
|
||||
<ScarfPixel />
|
||||
|
||||
Skip the setup. Run Strix in the cloud at [app.strix.ai](https://app.strix.ai).
|
||||
|
||||
## Features
|
||||
|
||||
@@ -3,10 +3,6 @@ title: "Contributing"
|
||||
description: "Contribute to Strix development"
|
||||
---
|
||||
|
||||
import { ScarfPixel } from "/snippets/scarf-pixel.mdx";
|
||||
|
||||
<ScarfPixel />
|
||||
|
||||
## Development Setup
|
||||
|
||||
### Prerequisites
|
||||
|
||||
@@ -3,10 +3,6 @@ title: "Introduction"
|
||||
description: "Open-source AI hackers to secure your apps"
|
||||
---
|
||||
|
||||
import { ScarfPixel } from "/snippets/scarf-pixel.mdx";
|
||||
|
||||
<ScarfPixel />
|
||||
|
||||
Strix are autonomous AI agents that act like real hackers—they run your code dynamically, find vulnerabilities, and validate them with proof-of-concepts. Built for developers and security teams who need fast, accurate security testing without the overhead of manual pentesting or the false positives of static analysis tools.
|
||||
|
||||
<Frame>
|
||||
|
||||
@@ -3,10 +3,6 @@ title: "CI/CD Integration"
|
||||
description: "Run Strix in any CI/CD pipeline"
|
||||
---
|
||||
|
||||
import { ScarfPixel } from "/snippets/scarf-pixel.mdx";
|
||||
|
||||
<ScarfPixel />
|
||||
|
||||
Strix runs in headless mode for automated pipelines.
|
||||
|
||||
## Headless Mode
|
||||
|
||||
@@ -3,10 +3,6 @@ title: "GitHub Actions"
|
||||
description: "Run Strix security scans on every pull request"
|
||||
---
|
||||
|
||||
import { ScarfPixel } from "/snippets/scarf-pixel.mdx";
|
||||
|
||||
<ScarfPixel />
|
||||
|
||||
Integrate Strix into your GitHub workflow to catch vulnerabilities before they reach production.
|
||||
|
||||
## Basic Workflow
|
||||
|
||||
@@ -3,10 +3,6 @@ title: "Anthropic"
|
||||
description: "Configure Strix with Claude models"
|
||||
---
|
||||
|
||||
import { ScarfPixel } from "/snippets/scarf-pixel.mdx";
|
||||
|
||||
<ScarfPixel />
|
||||
|
||||
## Setup
|
||||
|
||||
```bash
|
||||
|
||||
@@ -3,10 +3,6 @@ title: "Azure OpenAI"
|
||||
description: "Configure Strix with OpenAI models via Azure"
|
||||
---
|
||||
|
||||
import { ScarfPixel } from "/snippets/scarf-pixel.mdx";
|
||||
|
||||
<ScarfPixel />
|
||||
|
||||
## Setup
|
||||
|
||||
```bash
|
||||
|
||||
@@ -3,10 +3,6 @@ title: "AWS Bedrock"
|
||||
description: "Configure Strix with models via AWS Bedrock"
|
||||
---
|
||||
|
||||
import { ScarfPixel } from "/snippets/scarf-pixel.mdx";
|
||||
|
||||
<ScarfPixel />
|
||||
|
||||
## Setup
|
||||
|
||||
```bash
|
||||
|
||||
@@ -3,10 +3,6 @@ title: "Local Models"
|
||||
description: "Run Strix with self-hosted LLMs for privacy and air-gapped testing"
|
||||
---
|
||||
|
||||
import { ScarfPixel } from "/snippets/scarf-pixel.mdx";
|
||||
|
||||
<ScarfPixel />
|
||||
|
||||
Running Strix with local models allows for completely offline, privacy-first security assessments. Data never leaves your machine, making this ideal for sensitive internal networks or air-gapped environments.
|
||||
|
||||
## Privacy vs Performance
|
||||
|
||||
@@ -3,10 +3,6 @@ title: "Novita AI"
|
||||
description: "Configure Strix with Novita AI models"
|
||||
---
|
||||
|
||||
import { ScarfPixel } from "/snippets/scarf-pixel.mdx";
|
||||
|
||||
<ScarfPixel />
|
||||
|
||||
[Novita AI](https://novita.ai) provides fast, cost-efficient inference for open-source models via an OpenAI-compatible API.
|
||||
|
||||
## Setup
|
||||
|
||||
@@ -3,10 +3,6 @@ title: "OpenAI"
|
||||
description: "Configure Strix with OpenAI models"
|
||||
---
|
||||
|
||||
import { ScarfPixel } from "/snippets/scarf-pixel.mdx";
|
||||
|
||||
<ScarfPixel />
|
||||
|
||||
## Setup
|
||||
|
||||
```bash
|
||||
|
||||
@@ -3,10 +3,6 @@ title: "OpenRouter"
|
||||
description: "Configure Strix with models via OpenRouter"
|
||||
---
|
||||
|
||||
import { ScarfPixel } from "/snippets/scarf-pixel.mdx";
|
||||
|
||||
<ScarfPixel />
|
||||
|
||||
[OpenRouter](https://openrouter.ai) provides access to 100+ models from multiple providers through a single API.
|
||||
|
||||
## Setup
|
||||
|
||||
@@ -3,10 +3,6 @@ title: "Overview"
|
||||
description: "Configure your AI model for Strix"
|
||||
---
|
||||
|
||||
import { ScarfPixel } from "/snippets/scarf-pixel.mdx";
|
||||
|
||||
<ScarfPixel />
|
||||
|
||||
Strix uses [LiteLLM](https://docs.litellm.ai/docs/providers) for model compatibility, supporting 100+ LLM providers.
|
||||
|
||||
## Configuration
|
||||
|
||||
@@ -3,10 +3,6 @@ title: "Google Vertex AI"
|
||||
description: "Configure Strix with Gemini models via Google Cloud"
|
||||
---
|
||||
|
||||
import { ScarfPixel } from "/snippets/scarf-pixel.mdx";
|
||||
|
||||
<ScarfPixel />
|
||||
|
||||
## Installation
|
||||
|
||||
Vertex AI requires the Google Cloud dependency. Install Strix with the vertex extra:
|
||||
|
||||
@@ -3,10 +3,6 @@ title: "Quick Start"
|
||||
description: "Install Strix and run your first security scan"
|
||||
---
|
||||
|
||||
import { ScarfPixel } from "/snippets/scarf-pixel.mdx";
|
||||
|
||||
<ScarfPixel />
|
||||
|
||||
## Prerequisites
|
||||
|
||||
- Docker (running)
|
||||
|
||||
@@ -1,10 +0,0 @@
|
||||
export const ScarfPixel = () => (
|
||||
<img
|
||||
referrerPolicy="no-referrer-when-downgrade"
|
||||
src="https://static.scarf.sh/a.png?x-pxid=a0ba15dd-a205-4a54-95d6-7814e9ae6b61"
|
||||
alt=""
|
||||
width="1"
|
||||
height="1"
|
||||
style={{ position: "absolute", width: 0, height: 0, opacity: 0, pointerEvents: "none" }}
|
||||
/>
|
||||
);
|
||||
@@ -1,34 +0,0 @@
|
||||
agentic
|
||||
Caido
|
||||
deobfuscation
|
||||
deserialization
|
||||
Devstral
|
||||
[Dd]ocstrings
|
||||
exfiltration
|
||||
failover
|
||||
ffuf
|
||||
Firestore
|
||||
frontmatter
|
||||
fuzzer
|
||||
gcloud
|
||||
hardcoded
|
||||
Kimi
|
||||
Langfuse
|
||||
LLMs?
|
||||
[Mm]isconfigurations?
|
||||
Novita
|
||||
Ollama
|
||||
pentest(ers|ing)?
|
||||
pipx
|
||||
pull_request
|
||||
Pydantic
|
||||
spidering
|
||||
SQLi
|
||||
[Ss]trix
|
||||
Supabase
|
||||
traceback
|
||||
UIs
|
||||
untrusted
|
||||
uv
|
||||
vulns
|
||||
[Ww]ordlist
|
||||
@@ -3,10 +3,6 @@ title: "Browser"
|
||||
description: "Playwright-powered Chrome for web application testing"
|
||||
---
|
||||
|
||||
import { ScarfPixel } from "/snippets/scarf-pixel.mdx";
|
||||
|
||||
<ScarfPixel />
|
||||
|
||||
Strix uses a headless Chrome browser via Playwright to interact with web applications exactly like a real user would.
|
||||
|
||||
## How It Works
|
||||
|
||||
@@ -3,10 +3,6 @@ title: "Agent Tools"
|
||||
description: "How Strix agents interact with targets"
|
||||
---
|
||||
|
||||
import { ScarfPixel } from "/snippets/scarf-pixel.mdx";
|
||||
|
||||
<ScarfPixel />
|
||||
|
||||
Strix agents use specialized tools to test your applications like a real penetration tester would.
|
||||
|
||||
## Core Tools
|
||||
|
||||
@@ -3,10 +3,6 @@ title: "HTTP Proxy"
|
||||
description: "Caido-powered proxy for request interception and replay"
|
||||
---
|
||||
|
||||
import { ScarfPixel } from "/snippets/scarf-pixel.mdx";
|
||||
|
||||
<ScarfPixel />
|
||||
|
||||
Strix includes [Caido](https://caido.io), a modern HTTP proxy built for security testing. All browser traffic flows through Caido, giving the agent full control over requests and responses.
|
||||
|
||||
## Capabilities
|
||||
|
||||
@@ -3,10 +3,6 @@ title: "Sandbox Tools"
|
||||
description: "Pre-installed security tools in the Strix container"
|
||||
---
|
||||
|
||||
import { ScarfPixel } from "/snippets/scarf-pixel.mdx";
|
||||
|
||||
<ScarfPixel />
|
||||
|
||||
Strix runs inside a Kali Linux-based Docker container with a comprehensive set of security tools pre-installed. The agent can use any of these tools through the [terminal](/tools/terminal).
|
||||
|
||||
## Reconnaissance
|
||||
|
||||
@@ -3,10 +3,6 @@ title: "Terminal"
|
||||
description: "Bash shell for running commands and security tools"
|
||||
---
|
||||
|
||||
import { ScarfPixel } from "/snippets/scarf-pixel.mdx";
|
||||
|
||||
<ScarfPixel />
|
||||
|
||||
Strix has access to a persistent bash terminal running inside the Docker sandbox. This gives the agent access to all [pre-installed security tools](/tools/sandbox).
|
||||
|
||||
## Capabilities
|
||||
|
||||
@@ -3,10 +3,6 @@ title: "CLI Reference"
|
||||
description: "Command-line options for Strix"
|
||||
---
|
||||
|
||||
import { ScarfPixel } from "/snippets/scarf-pixel.mdx";
|
||||
|
||||
<ScarfPixel />
|
||||
|
||||
## Basic Usage
|
||||
|
||||
```bash
|
||||
|
||||
@@ -3,10 +3,6 @@ title: "Custom Instructions"
|
||||
description: "Guide Strix with custom testing instructions"
|
||||
---
|
||||
|
||||
import { ScarfPixel } from "/snippets/scarf-pixel.mdx";
|
||||
|
||||
<ScarfPixel />
|
||||
|
||||
Use instructions to provide context, credentials, or focus areas for your scan.
|
||||
|
||||
## Inline Instructions
|
||||
|
||||
@@ -3,10 +3,6 @@ title: "Scan Modes"
|
||||
description: "Choose the right scan depth for your use case"
|
||||
---
|
||||
|
||||
import { ScarfPixel } from "/snippets/scarf-pixel.mdx";
|
||||
|
||||
<ScarfPixel />
|
||||
|
||||
Strix offers three scan modes to balance speed and thoroughness.
|
||||
|
||||
## Quick
|
||||
|
||||
+18
-16
@@ -3,6 +3,7 @@
|
||||
from __future__ import annotations
|
||||
|
||||
import csv
|
||||
import io
|
||||
import json
|
||||
import logging
|
||||
import tempfile
|
||||
@@ -58,9 +59,9 @@ def write_vulnerabilities(
|
||||
new_reports = [r for r in vulnerability_reports if r["id"] not in saved_vuln_ids]
|
||||
|
||||
for report in new_reports:
|
||||
(vuln_dir / f"{report['id']}.md").write_text(
|
||||
_atomic_write_text(
|
||||
vuln_dir / f"{report['id']}.md",
|
||||
render_vulnerability_md(report),
|
||||
encoding="utf-8",
|
||||
)
|
||||
saved_vuln_ids.add(report["id"])
|
||||
|
||||
@@ -69,20 +70,21 @@ def write_vulnerabilities(
|
||||
key=lambda r: (_SEVERITY_ORDER.get(r["severity"], 5), r["timestamp"]),
|
||||
)
|
||||
csv_path = run_dir / "vulnerabilities.csv"
|
||||
with csv_path.open("w", encoding="utf-8", newline="") as f:
|
||||
fieldnames = ["id", "title", "severity", "timestamp", "file"]
|
||||
writer = csv.DictWriter(f, fieldnames=fieldnames)
|
||||
writer.writeheader()
|
||||
for report in sorted_reports:
|
||||
writer.writerow(
|
||||
{
|
||||
"id": report["id"],
|
||||
"title": report["title"],
|
||||
"severity": report["severity"].upper(),
|
||||
"timestamp": report["timestamp"],
|
||||
"file": f"vulnerabilities/{report['id']}.md",
|
||||
},
|
||||
)
|
||||
csv_buf = io.StringIO()
|
||||
fieldnames = ["id", "title", "severity", "timestamp", "file"]
|
||||
csv_writer = csv.DictWriter(csv_buf, fieldnames=fieldnames, lineterminator="\r\n")
|
||||
csv_writer.writeheader()
|
||||
for report in sorted_reports:
|
||||
csv_writer.writerow(
|
||||
{
|
||||
"id": report["id"],
|
||||
"title": report["title"],
|
||||
"severity": report["severity"].upper(),
|
||||
"timestamp": report["timestamp"],
|
||||
"file": f"vulnerabilities/{report['id']}.md",
|
||||
},
|
||||
)
|
||||
_atomic_write_text(csv_path, csv_buf.getvalue())
|
||||
|
||||
_atomic_write_text(
|
||||
run_dir / "vulnerabilities.json",
|
||||
|
||||
Reference in New Issue
Block a user