Strix are autonomous AI agents that act just like real hackers - they run your code dynamically, find vulnerabilities, and validate them through actual exploitation. Built for developers and security teams who need fast, accurate security testing without the overhead of manual pentesting or the false positives of static analysis tools.

# Install
pipx install strix-agent

# Configure AI provider (Local Ollama - Default)
# No configuration needed - uses local Ollama models by default

# Or use external AI provider
export STRIX_USE_EXTERNAL_LLM="true"
export STRIX_LLM="openai/gpt-5"
export LLM_API_KEY="your-api-key"

# Run security assessment
strix --target ./app-directory

# or if invoking from code folder; cd to strix folder
python -m strix.cli.main --target vulnweb.com

• Full Hacker Arsenal - All the tools a professional hacker needs, built into the agents
• Real Validation - Dynamic testing and actual exploitation, thus much fewer false positives
• Developer-First - Seamlessly integrates into existing development workflows
• Auto-Fix & Reporting - Automated patching with detailed remediation and security reports

• 🔌 Full HTTP Proxy - Full request/response manipulation and analysis
• 🌐 Browser Automation - Multi-tab browser for testing of XSS, CSRF, auth flows
• 💻 Terminal Environments - Interactive shells for command execution and testing
• 🐍 Python Runtime - Custom exploit development and validation
• 🔍 Reconnaissance - Automated OSINT and attack surface mapping
• 📁 Code Analysis - Static and dynamic analysis capabilities
• 📝 Knowledge Management - Structured findings and attack documentation

• Access Control - IDOR, privilege escalation, auth bypass
• Injection Attacks - SQL, NoSQL, command injection
• Server-Side - SSRF, XXE, deserialization flaws
• Client-Side - XSS, prototype pollution, DOM vulnerabilities
• Business Logic - Race conditions, workflow manipulation
• Authentication - JWT vulnerabilities, session management
• Infrastructure - Misconfigurations, exposed services

• Distributed Workflows - Specialized agents for different attacks and assets
• Scalable Testing - Parallel execution for fast comprehensive coverage
• Dynamic Coordination - Agents collaborate and share discoveries

# Local codebase analysis
strix --target ./app-directory

# Repository security review
strix --target https://github.com/org/repo
strix --target [email protected]:usestrix/strix.git

# Web application assessment
strix --target https://your-app.com

# Focused testing
strix --target api.your-app.com --instruction "Prioritize authentication and authorization testing"

# Local LLM Configuration (Default)
# Uses local Ollama models - no additional configuration needed
# Make sure Ollama is running with qwen2.5:7b model available

# External LLM Configuration (Optional)
export STRIX_USE_EXTERNAL_LLM="true"
export STRIX_LLM="openai/gpt-5"
export LLM_API_KEY="your-api-key"

# Recommended for external LLM
export PERPLEXITY_API_KEY="your-api-key"

# Docker Configuration (if using Rancher Desktop or custom Docker setup)
export DOCKER_SOCKET="/Users/$(whoami)/.rd/docker.sock"  # For Rancher Desktop

📚 View supported AI models

Strix supports multiple Docker implementations:

• Docker Desktop (default)
• Rancher Desktop - Set DOCKER_SOCKET="/Users/$(whoami)/.rd/docker.sock"
• Colima - Set DOCKER_SOCKET="/Users/$(whoami)/.colima/default/docker.sock"
• Custom Docker socket - Set DOCKER_SOCKET="/path/to/your/docker.sock"

If you encounter Docker connection issues, Strix will automatically try multiple connection methods and provide detailed troubleshooting information.

Our managed platform provides:

• 📈 Executive Dashboards
• 🧠 Custom Fine-Tuned Models
• ⚙️ CI/CD Integration
• 🔍 Large-Scale Scanning
• 🔌 Third-Party Integrations
• 🎯 Enterprise Support

Get Enterprise Demo →

• Container Isolation - All testing in sandboxed Docker environments
• Local Processing - Testing runs locally, no data sent to external services

Love Strix? Give us a ⭐ on GitHub!

Have questions? Found a bug? Want to contribute? Join our Discord!