{"id":30940721,"url":"https://github.com/usestrix/strix","last_synced_at":"2026-02-24T04:12:17.864Z","repository":{"id":308433264,"uuid":"1032808806","full_name":"usestrix/strix","owner":"usestrix","description":"Open-source AI hackers to find and fix your app’s vulnerabilities.","archived":false,"fork":false,"pushed_at":"2026-02-16T01:41:10.000Z","size":4663,"stargazers_count":20060,"open_issues_count":48,"forks_count":2105,"subscribers_count":108,"default_branch":"main","last_synced_at":"2026-02-16T08:20:45.767Z","etag":null,"topics":["agents","artificial-intelligence","cybersecurity","generative-ai","llm","penetration-testing"],"latest_commit_sha":null,"homepage":"https://strix.ai","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/usestrix.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-08-05T21:28:30.000Z","updated_at":"2026-02-16T04:16:24.000Z","dependencies_parsed_at":null,"dependency_job_id":"9b548c32-9151-46b6-88d8-e331552e56dc","html_url":"https://github.com/usestrix/strix","commit_stats":null,"previous_names":["usestrix/strix"],"tags_count":8,"template":false,"template_full_name":null,"purl":"pkg:github/usestrix/strix","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/usestrix%2Fstrix","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/usestrix%2Fstrix/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/usestrix%2Fstrix/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/usestrix%2Fstrix/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/usestrix","download_url":"https://codeload.github.com/usestrix/strix/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/usestrix%2Fstrix/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29637400,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-19T22:32:43.237Z","status":"ssl_error","status_checked_at":"2026-02-19T22:32:38.330Z","response_time":117,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["agents","artificial-intelligence","cybersecurity","generative-ai","llm","penetration-testing"],"created_at":"2025-09-10T21:01:31.391Z","updated_at":"2026-02-24T04:12:17.855Z","avatar_url":"https://github.com/usestrix.png","language":"Python","readme":"\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://strix.ai/\"\u003e\n    \u003cimg src=\"https://github.com/usestrix/.github/raw/main/imgs/cover.png\" alt=\"Strix Banner\" width=\"100%\"\u003e\n  \u003c/a\u003e\n\u003c/p\u003e\n\n\u003cdiv align=\"center\"\u003e\n\n# Strix\n\n### Open-source AI hackers to find and fix your app’s vulnerabilities.\n\n\u003cbr/\u003e\n\n\n\u003ca href=\"https://docs.strix.ai\"\u003e\u003cimg src=\"https://img.shields.io/badge/Docs-docs.strix.ai-2b9246?style=for-the-badge\u0026logo=gitbook\u0026logoColor=white\" alt=\"Docs\"\u003e\u003c/a\u003e\n\u003ca href=\"https://strix.ai\"\u003e\u003cimg src=\"https://img.shields.io/badge/Website-strix.ai-f0f0f0?style=for-the-badge\u0026logoColor=000000\" alt=\"Website\"\u003e\u003c/a\u003e\n[![](https://dcbadge.limes.pink/api/server/strix-ai)](https://discord.gg/strix-ai)\n\n\u003ca href=\"https://deepwiki.com/usestrix/strix\"\u003e\u003cimg src=\"https://deepwiki.com/badge.svg\" alt=\"Ask DeepWiki\"\u003e\u003c/a\u003e\n\u003ca href=\"https://github.com/usestrix/strix\"\u003e\u003cimg src=\"https://img.shields.io/github/stars/usestrix/strix?style=flat-square\" alt=\"GitHub Stars\"\u003e\u003c/a\u003e\n\u003ca href=\"LICENSE\"\u003e\u003cimg src=\"https://img.shields.io/badge/License-Apache%202.0-3b82f6?style=flat-square\" alt=\"License\"\u003e\u003c/a\u003e\n\u003ca href=\"https://pypi.org/project/strix-agent/\"\u003e\u003cimg src=\"https://img.shields.io/pypi/v/strix-agent?style=flat-square\" alt=\"PyPI Version\"\u003e\u003c/a\u003e\n\n\n\u003ca href=\"https://discord.gg/strix-ai\"\u003e\u003cimg src=\"https://github.com/usestrix/.github/raw/main/imgs/Discord.png\" height=\"40\" alt=\"Join Discord\"\u003e\u003c/a\u003e\n\u003ca href=\"https://x.com/strix_ai\"\u003e\u003cimg src=\"https://github.com/usestrix/.github/raw/main/imgs/X.png\" height=\"40\" alt=\"Follow on X\"\u003e\u003c/a\u003e\n\n\n\u003ca href=\"https://trendshift.io/repositories/15362\" target=\"_blank\"\u003e\u003cimg src=\"https://trendshift.io/api/badge/repositories/15362\" alt=\"usestrix/strix | Trendshift\" width=\"250\" height=\"55\"/\u003e\u003c/a\u003e\n\n\u003c/div\u003e\n\n\n\u003e [!TIP]\n\u003e **New!** Strix integrates seamlessly with GitHub Actions and CI/CD pipelines. Automatically scan for vulnerabilities on every pull request and block insecure code before it reaches production!\n\n---\n\n\n## Strix Overview\n\nStrix are autonomous AI agents that act just like real hackers - they run your code dynamically, find vulnerabilities, and validate them through actual proof-of-concepts. Built for developers and security teams who need fast, accurate security testing without the overhead of manual pentesting or the false positives of static analysis tools.\n\n**Key Capabilities:**\n\n- **Full hacker toolkit** out of the box\n- **Teams of agents** that collaborate and scale\n- **Real validation** with PoCs, not false positives\n- **Developer‑first** CLI with actionable reports\n- **Auto‑fix \u0026 reporting** to accelerate remediation\n\n\n\u003cbr\u003e\n\n\n\u003cdiv align=\"center\"\u003e\n  \u003ca href=\"https://strix.ai\"\u003e\n    \u003cimg src=\".github/screenshot.png\" alt=\"Strix Demo\" width=\"1000\" style=\"border-radius: 16px;\"\u003e\n  \u003c/a\u003e\n\u003c/div\u003e\n\n\n## Use Cases\n\n- **Application Security Testing** - Detect and validate critical vulnerabilities in your applications\n- **Rapid Penetration Testing** - Get penetration tests done in hours, not weeks, with compliance reports\n- **Bug Bounty Automation** - Automate bug bounty research and generate PoCs for faster reporting\n- **CI/CD Integration** - Run tests in CI/CD to block vulnerabilities before reaching production\n\n## 🚀 Quick Start\n\n**Prerequisites:**\n- Docker (running)\n- An LLM API key:\n  - Any [supported provider](https://docs.strix.ai/llm-providers/overview) (OpenAI, Anthropic, Google, etc.)\n  - Or [Strix Router](https://models.strix.ai) — single API key for multiple providers with $10 free credit on signup\n\n### Installation \u0026 First Scan\n\n```bash\n# Install Strix\ncurl -sSL https://strix.ai/install | bash\n\n# Configure your AI provider\nexport STRIX_LLM=\"openai/gpt-5\"  # or \"strix/gpt-5\" via Strix Router (https://models.strix.ai)\nexport LLM_API_KEY=\"your-api-key\"\n\n# Run your first security assessment\nstrix --target ./app-directory\n```\n\n\u003e [!NOTE]\n\u003e First run automatically pulls the sandbox Docker image. Results are saved to `strix_runs/\u003crun-name\u003e`\n\n---\n\n## ✨ Features\n\n### Agentic Security Tools\n\nStrix agents come equipped with a comprehensive security testing toolkit:\n\n- **Full HTTP Proxy** - Full request/response manipulation and analysis\n- **Browser Automation** - Multi-tab browser for testing of XSS, CSRF, auth flows\n- **Terminal Environments** - Interactive shells for command execution and testing\n- **Python Runtime** - Custom exploit development and validation\n- **Reconnaissance** - Automated OSINT and attack surface mapping\n- **Code Analysis** - Static and dynamic analysis capabilities\n- **Knowledge Management** - Structured findings and attack documentation\n\n### Comprehensive Vulnerability Detection\n\nStrix can identify and validate a wide range of security vulnerabilities:\n\n- **Access Control** - IDOR, privilege escalation, auth bypass\n- **Injection Attacks** - SQL, NoSQL, command injection\n- **Server-Side** - SSRF, XXE, deserialization flaws\n- **Client-Side** - XSS, prototype pollution, DOM vulnerabilities\n- **Business Logic** - Race conditions, workflow manipulation\n- **Authentication** - JWT vulnerabilities, session management\n- **Infrastructure** - Misconfigurations, exposed services\n\n### Graph of Agents\n\nAdvanced multi-agent orchestration for comprehensive security testing:\n\n- **Distributed Workflows** - Specialized agents for different attacks and assets\n- **Scalable Testing** - Parallel execution for fast comprehensive coverage\n- **Dynamic Coordination** - Agents collaborate and share discoveries\n\n---\n\n## Usage Examples\n\n### Basic Usage\n\n```bash\n# Scan a local codebase\nstrix --target ./app-directory\n\n# Security review of a GitHub repository\nstrix --target https://github.com/org/repo\n\n# Black-box web application assessment\nstrix --target https://your-app.com\n```\n\n### Advanced Testing Scenarios\n\n```bash\n# Grey-box authenticated testing\nstrix --target https://your-app.com --instruction \"Perform authenticated testing using credentials: user:pass\"\n\n# Multi-target testing (source code + deployed app)\nstrix -t https://github.com/org/app -t https://your-app.com\n\n# Focused testing with custom instructions\nstrix --target api.your-app.com --instruction \"Focus on business logic flaws and IDOR vulnerabilities\"\n\n# Provide detailed instructions through file (e.g., rules of engagement, scope, exclusions)\nstrix --target api.your-app.com --instruction-file ./instruction.md\n```\n\n### Headless Mode\n\nRun Strix programmatically without interactive UI using the `-n/--non-interactive` flag—perfect for servers and automated jobs. The CLI prints real-time vulnerability findings, and the final report before exiting. Exits with non-zero code when vulnerabilities are found.\n\n```bash\nstrix -n --target https://your-app.com\n```\n\n### CI/CD (GitHub Actions)\n\nStrix can be added to your pipeline to run a security test on pull requests with a lightweight GitHub Actions workflow:\n\n```yaml\nname: strix-penetration-test\n\non:\n  pull_request:\n\njobs:\n  security-scan:\n    runs-on: ubuntu-latest\n    steps:\n      - uses: actions/checkout@v6\n\n      - name: Install Strix\n        run: curl -sSL https://strix.ai/install | bash\n\n      - name: Run Strix\n        env:\n          STRIX_LLM: ${{ secrets.STRIX_LLM }}\n          LLM_API_KEY: ${{ secrets.LLM_API_KEY }}\n\n        run: strix -n -t ./ --scan-mode quick\n```\n\n### Configuration\n\n```bash\nexport STRIX_LLM=\"openai/gpt-5\"\nexport LLM_API_KEY=\"your-api-key\"\n\n# Optional\nexport LLM_API_BASE=\"your-api-base-url\"  # if using a local model, e.g. Ollama, LMStudio\nexport PERPLEXITY_API_KEY=\"your-api-key\"  # for search capabilities\nexport STRIX_REASONING_EFFORT=\"high\"  # control thinking effort (default: high, quick scan: medium)\n```\n\n\u003e [!NOTE]\n\u003e Strix automatically saves your configuration to `~/.strix/cli-config.json`, so you don't have to re-enter it on every run.\n\n**Recommended models for best results:**\n\n- [OpenAI GPT-5](https://openai.com/api/) — `openai/gpt-5`\n- [Anthropic Claude Sonnet 4.6](https://claude.com/platform/api) — `anthropic/claude-sonnet-4-6`\n- [Google Gemini 3 Pro Preview](https://cloud.google.com/vertex-ai) — `vertex_ai/gemini-3-pro-preview`\n\nSee the [LLM Providers documentation](https://docs.strix.ai/llm-providers/overview) for all supported providers including Vertex AI, Bedrock, Azure, and local models.\n\n## Documentation\n\nFull documentation is available at **[docs.strix.ai](https://docs.strix.ai)** — including detailed guides for usage, CI/CD integrations, skills, and advanced configuration.\n\n## Contributing\n\nWe welcome contributions of code, docs, and new skills - check out our [Contributing Guide](https://docs.strix.ai/contributing) to get started or open a [pull request](https://github.com/usestrix/strix/pulls)/[issue](https://github.com/usestrix/strix/issues).\n\n## Join Our Community\n\nHave questions? Found a bug? Want to contribute? **[Join our Discord!](https://discord.gg/strix-ai)**\n\n## Support the Project\n\n**Love Strix?** Give us a ⭐ on GitHub!\n\n## Acknowledgements\n\nStrix builds on the incredible work of open-source projects like [LiteLLM](https://github.com/BerriAI/litellm), [Caido](https://github.com/caido/caido), [Nuclei](https://github.com/projectdiscovery/nuclei), [Playwright](https://github.com/microsoft/playwright), and [Textual](https://github.com/Textualize/textual). Huge thanks to their maintainers!\n\n\n\u003e [!WARNING]\n\u003e Only test apps you own or have permission to test. You are responsible for using Strix ethically and legally.\n\n\u003c/div\u003e\n","funding_links":[],"categories":["LLM Agents \u0026 Frameworks","⚔️ Red Teaming \u0026 Vulnerability Scanners","Python","artificial-intelligence","Repos","Testing \u0026 Security","App","Attack Techniques \u0026 Red Teaming","Personal Assistants \u0026 Conversational Agents"],"sub_categories":["Strix","Other IDEs","AI-Assisted Offensive Security","Chatbots"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fusestrix%2Fstrix","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fusestrix%2Fstrix","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fusestrix%2Fstrix/lists"}