<div align="center">
# Strix
### Open-source AI hackers for your apps
[](LICENSE)
[](https://vercel.com/ai-accelerator)
[](https://github.com/usestrix/strix)
[](https://discord.gg/yduEyduBsp)
**β‘ Use it to hack your apps before the bad guys do β‘**
</div>
<div align="center">
<img src=".github/screenshot.png" alt="Strix Demo" width="800" style="border-radius: 16px; box-shadow: 0 20px 40px rgba(0, 0, 0, 0.3), 0 0 0 1px rgba(255, 255, 255, 0.1), inset 0 1px 0 rgba(255, 255, 255, 0.2); transform: perspective(1000px) rotateX(2deg); transition: transform 0.3s ease;">
</div>
---
## π¨ The AI Security Crisis
Everyone's shipping code faster than ever. Cursor, Windsurf, and Claude made coding easy - but QA and security testing are now the real bottlenecks.
> **Number of security vulnerabilities doubled post-AI.**
Traditional security tools weren't designed for this. SAST was a temporary fix when manual pentesting cost $10k+ and took weeks. Now, Strix delivers real security testing rapidly.
**The solution:** Enable developers to use AI coding at full speed, without compromising on security.
## π¦ Strix Overview
Strix are autonomous AI agents that act just like real hackers - they run your code dynamically, find vulnerabilities, and validate them through actual exploitation. Built for developers and security teams who need fast, accurate security testing without the overhead of manual pentesting or the false positives of static analysis tools.
### π Quick Start
```bash
# Install
pipx install strix-agent
# Configure AI provider
export STRIX_LLM="anthropic/claude-sonnet-4-20250514"
export LLM_API_KEY="your-api-key"
# Run security assessment
strix --target ./app-directory
```
## Why Use Strix
- **Full Hacker Arsenal** - All the tools a professional hacker needs, built into the agents
- **Real Validation** - Dynamic testing and actual exploitation, thus much fewer false positives
- **Developer-First** - Seamlessly integrates into existing development workflows
- **Auto-Fix & Reporting** - Automated patching with detailed remediation and security reports
## β¨ Features
### π οΈ Agentic Security Tools
- **π Full HTTP Proxy** - Full request/response manipulation and analysis
- **π Browser Automation** - Multi-tab browser for testing of XSS, CSRF, auth flows
- **π» Terminal Environments** - Interactive shells for command execution and testing
- **π Python Runtime** - Custom exploit development and validation
- **π Reconnaissance** - Automated OSINT and attack surface mapping
- **π Code Analysis** - Static and dynamic analysis capabilities
- **π Knowledge Management** - Structured findings and attack documentation
### π― Comprehensive Vulnerability Detection
- **Access Control** - IDOR, privilege escalation, auth bypass
- **Injection Attacks** - SQL, NoSQL, command injection
- **Server-Side** - SSRF, XXE, deserialization flaws
- **Client-Side** - XSS, prototype pollution, DOM vulnerabilities
- **Business Logic** - Race conditions, workflow manipulation
- **Authentication** - JWT vulnerabilities, session management
- **Infrastructure** - Misconfigurations, exposed services
### πΈοΈ Graph of Agents
- **Distributed Workflows** - Specialized agents for different attacks and assets
- **Scalable Testing** - Parallel execution for fast comprehensive coverage
- **Dynamic Coordination** - Agents collaborate and share discoveries
## π» Usage Examples
```bash
# Local codebase analysis
strix --target ./app-directory
# Repository security review
strix --target https://github.com/org/repo
# Web application assessment
strix --target https://your-app.com
# Focused testing
strix --target api.your-app.com --instruction "Prioritize authentication and authorization testing"
```
### βοΈ Configuration
```bash
# Required
export STRIX_LLM="anthropic/claude-sonnet-4-20250514"
export LLM_API_KEY="your-api-key"
# Recommended
export PERPLEXITY_API_KEY="your-api-key"
```
[π View supported AI models](https://docs.litellm.ai/docs/providers)
## π Enterprise Platform
Our managed platform provides:
- **π Executive Dashboards**
- **π§ Custom Fine-Tuned Models**
- **βοΈ CI/CD Integration**
- **π Large-Scale Scanning**
- **π Third-Party Integrations**
- **π― Enterprise Support**
[**Get Enterprise Demo β**](https://form.typeform.com/to/ljtvl6X0)
## π Security Architecture
- **Container Isolation** - All testing in sandboxed Docker environments
- **Local Processing** - Testing runs locally, no data sent to external services
> [!NOTE]
> Strix is currently in Alpha. Expect rapid updates and improvements.
> [!WARNING]
> Only test systems you own or have permission to test. You are responsible for using Strix ethically and legally.
## π Support the Project
**Love Strix?** Give us a β on GitHub!
## π₯ Join Our Community
Have questions? Found a bug? Want to contribute? **[Join our Discord!](https://discord.gg/yduEyduBsp)**
---
<div align="center">
### About β’ Links
**[OmniSecure Inc.](https://omnisecure.ai)** β’ Applied AI Research Lab
[Discord Community](https://discord.gg/yduEyduBsp) β’ [Enterprise Solutions](https://form.typeform.com/to/ljtvl6X0) β’ [Report Issues](https://github.com/usestrix/strix/issues)
</div>
Raw data
{
"_id": null,
"home_page": null,
"name": "strix-agent",
"maintainer": null,
"docs_url": null,
"requires_python": "<4.0,>=3.12",
"maintainer_email": null,
"keywords": "cybersecurity, security, vulnerability, scanner, pentest, agent, ai, cli",
"author": "Strix",
"author_email": "hi@usestrix.com",
"download_url": "https://files.pythonhosted.org/packages/29/4a/b3ce8780197325a6e0c0223f9b4455b3cdafa48a904fd7bcd354741b8bf2/strix_agent-0.1.5.tar.gz",
"platform": null,
"description": "<div align=\"center\">\n\n# Strix\n\n### Open-source AI hackers for your apps\n\n[](LICENSE)\n[](https://vercel.com/ai-accelerator)\n[](https://github.com/usestrix/strix)\n[](https://discord.gg/yduEyduBsp)\n\n**\u26a1 Use it to hack your apps before the bad guys do \u26a1**\n\n</div>\n\n<div align=\"center\">\n<img src=\".github/screenshot.png\" alt=\"Strix Demo\" width=\"800\" style=\"border-radius: 16px; box-shadow: 0 20px 40px rgba(0, 0, 0, 0.3), 0 0 0 1px rgba(255, 255, 255, 0.1), inset 0 1px 0 rgba(255, 255, 255, 0.2); transform: perspective(1000px) rotateX(2deg); transition: transform 0.3s ease;\">\n</div>\n\n---\n\n## \ud83d\udea8 The AI Security Crisis\n\nEveryone's shipping code faster than ever. Cursor, Windsurf, and Claude made coding easy - but QA and security testing are now the real bottlenecks.\n\n> **Number of security vulnerabilities doubled post-AI.**\n\nTraditional security tools weren't designed for this. SAST was a temporary fix when manual pentesting cost $10k+ and took weeks. Now, Strix delivers real security testing rapidly.\n\n**The solution:** Enable developers to use AI coding at full speed, without compromising on security.\n\n## \ud83e\udd89 Strix Overview\n\nStrix are autonomous AI agents that act just like real hackers - they run your code dynamically, find vulnerabilities, and validate them through actual exploitation. Built for developers and security teams who need fast, accurate security testing without the overhead of manual pentesting or the false positives of static analysis tools.\n\n### \ud83d\ude80 Quick Start\n\n```bash\n# Install\npipx install strix-agent\n\n# Configure AI provider\nexport STRIX_LLM=\"anthropic/claude-sonnet-4-20250514\"\nexport LLM_API_KEY=\"your-api-key\"\n\n# Run security assessment\nstrix --target ./app-directory\n```\n\n## Why Use Strix\n\n- **Full Hacker Arsenal** - All the tools a professional hacker needs, built into the agents\n- **Real Validation** - Dynamic testing and actual exploitation, thus much fewer false positives\n- **Developer-First** - Seamlessly integrates into existing development workflows\n- **Auto-Fix & Reporting** - Automated patching with detailed remediation and security reports\n\n## \u2728 Features\n\n### \ud83d\udee0\ufe0f Agentic Security Tools\n\n- **\ud83d\udd0c Full HTTP Proxy** - Full request/response manipulation and analysis\n- **\ud83c\udf10 Browser Automation** - Multi-tab browser for testing of XSS, CSRF, auth flows\n- **\ud83d\udcbb Terminal Environments** - Interactive shells for command execution and testing\n- **\ud83d\udc0d Python Runtime** - Custom exploit development and validation\n- **\ud83d\udd0d Reconnaissance** - Automated OSINT and attack surface mapping\n- **\ud83d\udcc1 Code Analysis** - Static and dynamic analysis capabilities\n- **\ud83d\udcdd Knowledge Management** - Structured findings and attack documentation\n\n### \ud83c\udfaf Comprehensive Vulnerability Detection\n\n- **Access Control** - IDOR, privilege escalation, auth bypass\n- **Injection Attacks** - SQL, NoSQL, command injection\n- **Server-Side** - SSRF, XXE, deserialization flaws\n- **Client-Side** - XSS, prototype pollution, DOM vulnerabilities\n- **Business Logic** - Race conditions, workflow manipulation\n- **Authentication** - JWT vulnerabilities, session management\n- **Infrastructure** - Misconfigurations, exposed services\n\n### \ud83d\udd78\ufe0f Graph of Agents\n\n- **Distributed Workflows** - Specialized agents for different attacks and assets\n- **Scalable Testing** - Parallel execution for fast comprehensive coverage\n- **Dynamic Coordination** - Agents collaborate and share discoveries\n\n\n## \ud83d\udcbb Usage Examples\n\n```bash\n# Local codebase analysis\nstrix --target ./app-directory\n\n# Repository security review\nstrix --target https://github.com/org/repo\n\n# Web application assessment\nstrix --target https://your-app.com\n\n# Focused testing\nstrix --target api.your-app.com --instruction \"Prioritize authentication and authorization testing\"\n```\n\n### \u2699\ufe0f Configuration\n\n```bash\n# Required\nexport STRIX_LLM=\"anthropic/claude-sonnet-4-20250514\"\nexport LLM_API_KEY=\"your-api-key\"\n\n# Recommended\nexport PERPLEXITY_API_KEY=\"your-api-key\"\n```\n\n[\ud83d\udcda View supported AI models](https://docs.litellm.ai/docs/providers)\n\n## \ud83c\udfc6 Enterprise Platform\n\nOur managed platform provides:\n\n- **\ud83d\udcc8 Executive Dashboards**\n- **\ud83e\udde0 Custom Fine-Tuned Models**\n- **\u2699\ufe0f CI/CD Integration**\n- **\ud83d\udd0d Large-Scale Scanning**\n- **\ud83d\udd0c Third-Party Integrations**\n- **\ud83c\udfaf Enterprise Support**\n\n[**Get Enterprise Demo \u2192**](https://form.typeform.com/to/ljtvl6X0)\n\n## \ud83d\udd12 Security Architecture\n\n- **Container Isolation** - All testing in sandboxed Docker environments\n- **Local Processing** - Testing runs locally, no data sent to external services\n\n> [!NOTE]\n> Strix is currently in Alpha. Expect rapid updates and improvements.\n\n> [!WARNING]\n> Only test systems you own or have permission to test. You are responsible for using Strix ethically and legally.\n\n## \ud83c\udf1f Support the Project\n\n**Love Strix?** Give us a \u2b50 on GitHub!\n\n## \ud83d\udc65 Join Our Community\n\nHave questions? Found a bug? Want to contribute? **[Join our Discord!](https://discord.gg/yduEyduBsp)**\n\n---\n\n<div align=\"center\">\n\n### About \u2022 Links\n\n**[OmniSecure Inc.](https://omnisecure.ai)** \u2022 Applied AI Research Lab\n\n[Discord Community](https://discord.gg/yduEyduBsp) \u2022 [Enterprise Solutions](https://form.typeform.com/to/ljtvl6X0) \u2022 [Report Issues](https://github.com/usestrix/strix/issues)\n\n</div>\n",
"bugtrack_url": null,
"license": "Apache-2.0",
"summary": "Open-source AI Hackers for your apps",
"version": "0.1.5",
"project_urls": null,
"split_keywords": [
"cybersecurity",
" security",
" vulnerability",
" scanner",
" pentest",
" agent",
" ai",
" cli"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "786cda3a9b9c70ac5c3c0d2f55152c5e9281794390b0732a189c8132ac794fb9",
"md5": "b44c3a5ad8b53ffc350167c523704397",
"sha256": "a717515c572410262c49d5fd2d0320f8495f6721ca9e9ccc4217d20d51c7b11a"
},
"downloads": -1,
"filename": "strix_agent-0.1.5-py3-none-any.whl",
"has_sig": false,
"md5_digest": "b44c3a5ad8b53ffc350167c523704397",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": "<4.0,>=3.12",
"size": 167194,
"upload_time": "2025-08-10T01:24:53",
"upload_time_iso_8601": "2025-08-10T01:24:53.193240Z",
"url": "https://files.pythonhosted.org/packages/78/6c/da3a9b9c70ac5c3c0d2f55152c5e9281794390b0732a189c8132ac794fb9/strix_agent-0.1.5-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "294ab3ce8780197325a6e0c0223f9b4455b3cdafa48a904fd7bcd354741b8bf2",
"md5": "1add9e2a5ea892fb80258d228f8d7420",
"sha256": "2e8926e891b34c44dba02b6d1c485f41577c43cf4651199a88923e96eb906c8c"
},
"downloads": -1,
"filename": "strix_agent-0.1.5.tar.gz",
"has_sig": false,
"md5_digest": "1add9e2a5ea892fb80258d228f8d7420",
"packagetype": "sdist",
"python_version": "source",
"requires_python": "<4.0,>=3.12",
"size": 132674,
"upload_time": "2025-08-10T01:24:54",
"upload_time_iso_8601": "2025-08-10T01:24:54.521722Z",
"url": "https://files.pythonhosted.org/packages/29/4a/b3ce8780197325a6e0c0223f9b4455b3cdafa48a904fd7bcd354741b8bf2/strix_agent-0.1.5.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2025-08-10 01:24:54",
"github": false,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"lcname": "strix-agent"
}
JSON