Skip to main content

Basic Usage

strix --target <target> [options]

Options

--target, -t
string
required
Target to test. Accepts URLs, repositories, local directories, domains, or IP addresses. Can be specified multiple times.
--instruction
string
Custom instructions for the scan. Use for credentials, focus areas, or specific testing approaches.
--instruction-file
string
Path to a file containing detailed instructions.
--scan-mode, -m
string
default:"deep"
Scan depth: quick, standard, or deep.
--scope-mode
string
default:"auto"
Code scope mode: auto (enable PR diff-scope in CI/headless runs), diff (force changed-files scope), or full (disable diff-scope).
--diff-base
string
Target branch or commit to compare against (e.g., origin/main). Defaults to the repository’s default branch.
--non-interactive, -n
boolean
Run in headless mode without TUI. Ideal for CI/CD.
--config
string
Path to a custom config file (JSON) to use instead of ~/.strix/cli-config.json.

Examples

# Basic scan
strix --target https://example.com

# Authenticated testing
strix --target https://app.com --instruction "Use credentials: user:pass"

# Focused testing
strix --target api.example.com --instruction "Focus on IDOR and auth bypass"

# CI/CD mode
strix -n --target ./ --scan-mode quick

# Force diff-scope against a specific base ref
strix -n --target ./ --scan-mode quick --scope-mode diff --diff-base origin/main

# Multi-target white-box testing
strix -t https://github.com/org/app -t https://staging.example.com

Exit Codes

CodeMeaning
0Scan completed, no vulnerabilities found
2Vulnerabilities found (headless mode only)