Use instructions to provide context, credentials, or focus areas for your scan.
Inline Instructions
strix --target https://app.com --instruction "Focus on authentication vulnerabilities"
File-Based Instructions
For complex instructions, use a file:
strix --target https://app.com --instruction-file ./pentest-instructions.md
Common Use Cases
Authenticated Testing
strix --target https://app.com \
--instruction "Login with email: [email protected], password: TestPass123"
Focused Scope
strix --target https://api.example.com \
--instruction "Focus on IDOR vulnerabilities in the /api/users endpoints"
Exclusions
strix --target https://app.com \
--instruction "Do not test /admin or /internal endpoints"
API Testing
strix --target https://api.example.com \
--instruction "Use API key header: X-API-Key: abc123. Focus on rate limiting bypass."
Instruction File Example
# Penetration Test Instructions
## Credentials
- Admin: [email protected] / AdminPass123
- User: [email protected] / UserPass123
## Focus Areas
1. IDOR in user profile endpoints
2. Privilege escalation between roles
3. JWT token manipulation
## Out of Scope
- /health endpoints
- Third-party integrations
Be specific. Good instructions help Strix prioritize the most valuable attack paths.