Skip to main content
Strix are autonomous AI agents that act like real hackers—they run your code dynamically, find vulnerabilities, and validate them with proof-of-concepts. Built for developers and security teams who need fast, accurate security testing without the overhead of manual pentesting or the false positives of static analysis tools.
Strix Demo

Quick Start

Install and run your first scan in minutes.

CLI Reference

Learn all command-line options.

Tools

Explore the security testing toolkit.

GitHub Actions

Integrate into your CI/CD pipeline.

Use Cases

  • Application Security Testing — Detect and validate critical vulnerabilities in your applications
  • Rapid Penetration Testing — Get penetration tests done in hours, not weeks
  • Bug Bounty Automation — Automate research and generate PoCs for faster reporting
  • CI/CD Integration — Block vulnerabilities before they reach production

Key Capabilities

  • Full hacker toolkit — Browser automation, HTTP proxy, terminal, Python runtime
  • Real validation — PoCs, not false positives
  • Multi-agent orchestration — Specialized agents collaborate on complex targets
  • Developer-first CLI — Interactive TUI or headless mode for automation

Security Tools

Strix agents come equipped with a comprehensive toolkit:
ToolPurpose
HTTP ProxyFull request/response manipulation and analysis
Browser AutomationMulti-tab browser for XSS, CSRF, auth flow testing
TerminalInteractive shells for command execution
Python RuntimeCustom exploit development and validation
ReconnaissanceAutomated OSINT and attack surface mapping
Code AnalysisStatic and dynamic analysis capabilities

Vulnerability Coverage

CategoryExamples
Access ControlIDOR, privilege escalation, auth bypass
InjectionSQL, NoSQL, command injection
Server-SideSSRF, XXE, deserialization
Client-SideXSS, prototype pollution, DOM vulnerabilities
Business LogicRace conditions, workflow manipulation
AuthenticationJWT vulnerabilities, session management
InfrastructureMisconfigurations, exposed services

Multi-Agent Architecture

Strix uses a graph of specialized agents for comprehensive security testing:
  • Distributed Workflows — Specialized agents for different attacks and assets
  • Scalable Testing — Parallel execution for fast comprehensive coverage
  • Dynamic Coordination — Agents collaborate and share discoveries

Quick Example

# Install
curl -sSL https://strix.ai/install | bash

# Configure
export STRIX_LLM="openai/gpt-5"
export LLM_API_KEY="your-api-key"

# Scan
strix --target ./your-app

Community

Discord

Join the community for help and discussion.

GitHub

Star the repo and contribute.
Only test applications you own or have explicit permission to test.