Sandbox Tools

Strix runs inside a Kali Linux-based Docker container with a comprehensive set of security tools pre-installed. The agent can use any of these tools through the terminal.

Reconnaissance

Tool	Description
Subfinder	Subdomain discovery
Naabu	Fast port scanner
httpx	HTTP probing and analysis
Katana	Web crawling and spidering
ffuf	Fast web fuzzer
Nmap	Network scanning and service detection

Web Testing

Tool	Description
Arjun	HTTP parameter discovery
Dirsearch	Directory and file brute-forcing
wafw00f	WAF fingerprinting
GoSpider	Web spider for link extraction

Automated Scanners

Tool	Description
Nuclei	Template-based vulnerability scanner
SQLMap	Automatic SQL injection detection and exploitation
Wapiti	Web application vulnerability scanner
ZAP	OWASP Zed Attack Proxy

JavaScript Analysis

Tool	Description
JS-Snooper	JavaScript reconnaissance
jsniper	JavaScript file analysis
Retire.js	Detect vulnerable JS libraries
ESLint	JavaScript static analysis
js-beautify	JavaScript deobfuscation
JSHint	JavaScript code quality tool

Secret Detection

Tool	Description
TruffleHog	Find secrets in code and history
Semgrep	Static analysis for security patterns
Bandit	Python security linter

Authentication Testing

Tool	Description
jwt_tool	JWT token testing and exploitation
Interactsh	Out-of-band interaction detection

Container & Supply Chain

Tool	Description
Trivy	Container and dependency vulnerability scanner

HTTP Proxy

Tool	Description
Caido	Modern HTTP proxy for interception and replay

Browser

Tool	Description
Playwright	Headless browser automation

All tools are pre-configured and ready to use. The agent selects the appropriate tool based on the vulnerability being tested.

Getting Started

Usage

LLM Providers

Integrations

Tools

Advanced

Sandbox Tools

Reconnaissance

Web Testing

Automated Scanners

JavaScript Analysis

Secret Detection

Authentication Testing

Container & Supply Chain

HTTP Proxy

Browser

Getting Started

Usage

LLM Providers

Integrations

Tools

Advanced

​Reconnaissance

​Web Testing

​Automated Scanners

​JavaScript Analysis

​Secret Detection

​Authentication Testing

​Container & Supply Chain

​HTTP Proxy

​Browser

Reconnaissance

Web Testing

Automated Scanners

JavaScript Analysis

Secret Detection

Authentication Testing

Container & Supply Chain

HTTP Proxy

Browser