strix
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
Chinesestrix - AI-Driven Application Security Testing
strix - AI驱动的应用安全测试
Keyword:·strix·ai pentest·vulnerability scan clistrix ciOnly use Strix against systems you own or are explicitly authorized to test.
Strix is an AI-driven application security CLI. It runs scans inside a Docker-backed sandbox, uses an LLM provider for reasoning, and can assess local directories, GitHub repositories, live URLs, domains, and multi-target combinations.
关键词:·strix·ai pentest·vulnerability scan clistrix ci仅可对你拥有所有权或获得明确授权测试的系统使用Strix。
Strix是一款AI驱动的应用安全CLI工具,它在Docker支持的沙箱内运行扫描,使用LLM提供商提供的能力进行推理,可评估本地目录、GitHub仓库、线上URL、域名以及多目标组合场景。
When to use this skill
何时使用本技能
- Install Strix and verify Docker plus sandbox readiness
- Configure ,
STRIX_LLM, optionalLLM_API_KEY, and related runtime settingsLLM_API_BASE - Run local white-box scans against a repository or directory
- Run black-box or grey-box scans against staging or production-like URLs you are authorized to test
- Pass credentials, scope, or rules of engagement with or
--instruction--instruction-file - Choose the right scan depth: ,
quick, orstandarddeep - Run Strix headlessly in CI/CD and interpret exit codes
- Understand Strix's internal security "skills" and how they differ from this repo's skills
- 安装Strix并验证Docker和沙箱就绪状态
- 配置、
STRIX_LLM、可选配置LLM_API_KEY及相关运行时设置LLM_API_BASE - 对仓库或目录运行本地白盒扫描
- 对你获得授权测试的预发环境或类生产环境URL运行黑盒或灰盒扫描
- 通过或
--instruction传递凭证、测试范围或测试规则--instruction-file - 选择合适的扫描深度:(快速)、
quick(标准)或standard(深度)deep - 在CI/CD中无头运行Strix并解读退出码
- 了解Strix内部安全"技能"与本仓库技能的区别
Instructions
使用说明
Step 1: Install and preflight
步骤1:安装与预检
- Run
bash scripts/install.sh - Confirm succeeds
strix --version - Ensure Docker is installed and the daemon is running
- Let the installer pull the sandbox image on first setup unless you intentionally skip it
- For manual installation alternatives and direct commands, see references/commands.md
- 运行
bash scripts/install.sh - 确认执行成功
strix --version - 确保已安装Docker且守护进程正在运行
- 首次设置时让安装程序拉取沙箱镜像,除非你有意跳过该步骤
- 手动安装替代方案和直接命令可参考 references/commands.md
Step 2: Configure the model provider
步骤2:配置模型提供商
Set the minimum required environment variables before running a scan:
bash
export STRIX_LLM="openai/gpt-5.4"
export LLM_API_KEY="your-api-key"Optional runtime variables:
- for OpenAI-compatible proxies or local endpoints
LLM_API_BASE - for web search during scans
PERPLEXITY_API_KEY - to tune model effort
STRIX_REASONING_EFFORT - when UI automation is unnecessary
STRIX_DISABLE_BROWSER=true - to disable telemetry defaults
STRIX_TELEMETRY=0
Provider examples, config-file format, and optional environment variables are in references/providers-and-config.md.
运行扫描前先设置最低要求的环境变量:
bash
export STRIX_LLM="openai/gpt-5.4"
export LLM_API_KEY="your-api-key"可选运行时变量:
- 用于兼容OpenAI的代理或本地端点
LLM_API_BASE - 用于扫描过程中的网页搜索
PERPLEXITY_API_KEY - 用于调整模型推理投入程度
STRIX_REASONING_EFFORT - 当不需要UI自动化时设置
STRIX_DISABLE_BROWSER=true - 用于禁用默认遥测功能
STRIX_TELEMETRY=0
提供商示例、配置文件格式和可选环境变量可参考 references/providers-and-config.md。
Step 3: Pick the target and scan mode
步骤3:选择目标和扫描模式
Strix accepts these target types:
- Local directory:
./app - GitHub repository URL:
https://github.com/org/repo - Live web app URL:
https://staging.example.com - Domain or IP
- Multi-target scans via repeated or
--target-t
Scan modes:
- : PR checks, smoke tests, fast CI feedback
quick - : routine security reviews
standard - : default full assessment and longer bug-bounty-style exploration
deep
Detailed mode and CI guidance lives in references/scan-modes-and-ci.md.
Strix支持以下目标类型:
- 本地目录:
./app - GitHub仓库URL:
https://github.com/org/repo - 线上Web应用URL:
https://staging.example.com - 域名或IP
- 通过重复使用或
--target参数实现多目标扫描-t
扫描模式:
- (快速):PR检查、冒烟测试、快速CI反馈
quick - (标准):日常安全评审
standard - (深度):默认完整评估和更长时间的漏洞赏金式探索
deep
模式详情和CI指引可参考 references/scan-modes-and-ci.md。
Step 4: Run the scan
步骤4:运行扫描
Use for a repeatable wrapper or call directly.
bash scripts/run-scan.shstrixCommon direct commands:
bash
strix --target ./app
strix --target https://github.com/org/repo
strix --target https://staging.example.com --instruction-file ./instruction.md
strix -t https://github.com/org/repo -t https://staging.example.comWhen authenticated or scoped testing matters, prefer over long inline prompts so credentials, exclusions, and rules of engagement stay explicit and reviewable.
--instruction-file你可以使用作为可复用的封装脚本,也可以直接调用命令。
bash scripts/run-scan.shstrix常用直接命令:
bash
strix --target ./app
strix --target https://github.com/org/repo
strix --target https://staging.example.com --instruction-file ./instruction.md
strix -t https://github.com/org/repo -t https://staging.example.com当需要进行身份验证或限定范围的测试时,优先使用而非长行内提示,这样凭证、排除项和测试规则会保持明确且可审核。
--instruction-fileStep 5: Review outputs and iterate
步骤5:查看输出并迭代
Strix stores results under .
strix_runs/<run-name>Exit codes to remember:
- : completed without findings
0 - : execution or environment error
1 - : vulnerabilities found in headless mode
2
Use the run artifacts to confirm what Strix tested, what it found, and what needs revalidation after fixes.
Strix将结果存储在目录下。
strix_runs/<run-name>需要记住的退出码:
- :执行完成未发现问题
0 - :执行或环境错误
1 - :无头模式下发现漏洞
2
使用运行产物确认Strix测试的内容、发现的问题,以及修复后需要重新验证的内容。
Step 6: Automate in CI/CD
步骤6:在CI/CD中自动化
Use headless mode in automation:
bash
strix -n --target ./ --scan-mode quickCI runners need Docker access. For pull requests, default to ; reserve or for scheduled or release-stage jobs. See references/scan-modes-and-ci.md and .
quickstandarddeepscripts/ci-scan.sh在自动化场景中使用无头模式:
bash
strix -n --target ./ --scan-mode quickCI运行器需要有Docker访问权限。对于拉取请求,默认使用模式;将或模式预留用于定时任务或发布阶段任务。可参考 references/scan-modes-and-ci.md 和 。
quickstandarddeepscripts/ci-scan.shStep 7: Understand Strix internal skills
步骤7:了解Strix内部技能
Strix has its own internal security knowledge packs under . They are not the same as this repo's agent skills.
strix/skills/- Strix auto-selects up to 5 relevant internal skills per task
- Categories include vulnerabilities, frameworks, technologies, protocols, and tooling
- These internal skills enrich Strix agent behavior during the scan itself
See references/built-in-skills.md before assuming "skill" means the same thing across both ecosystems.
Strix在目录下有自己的内部安全知识包,它们与本仓库的Agent技能不同。
strix/skills/- Strix会为每个任务自动选择最多5个相关的内部技能
- 分类包括漏洞、框架、技术、协议和工具
- 这些内部技能会在扫描过程中丰富Strix Agent的行为
在假设两个生态中的"skill"含义相同之前,请先参考 references/built-in-skills.md。
Examples
示例
Example 1: Quick PR scan of a local repository
示例1:本地仓库的快速PR扫描
bash
export STRIX_LLM="openai/gpt-5.4"
export LLM_API_KEY="your-api-key"
strix -n --target ./ --scan-mode quickbash
export STRIX_LLM="openai/gpt-5.4"
export LLM_API_KEY="your-api-key"
strix -n --target ./ --scan-mode quickExample 2: Standard scan of a GitHub repository
示例2:GitHub仓库的标准扫描
bash
strix --target https://github.com/acme/payments --scan-mode standardbash
strix --target https://github.com/acme/payments --scan-mode standardExample 3: Grey-box scan of a staging URL
示例3:预发环境URL的灰盒扫描
bash
strix --target https://staging.example.com \
--instruction-file ./instruction.md \
--scan-mode deepbash
strix --target https://staging.example.com \
--instruction-file ./instruction.md \
--scan-mode deepExample 4: Combined repo plus live target
示例4:仓库加线上目标的组合扫描
bash
strix -t https://github.com/acme/payments \
-t https://staging.example.com \
--instruction "Correlate source paths with exposed runtime issues"bash
strix -t https://github.com/acme/payments \
-t https://staging.example.com \
--instruction "Correlate source paths with exposed runtime issues"Example 5: Browser-disabled API-focused scan
示例5:禁用浏览器的API聚焦扫描
bash
STRIX_DISABLE_BROWSER=true \
strix --target https://api.example.com --scan-mode standardbash
STRIX_DISABLE_BROWSER=true \
strix --target https://api.example.com --scan-mode standardExample 6: Scripted run wrapper
示例6:脚本化运行封装
bash
bash scripts/run-scan.sh \
--target ./app \
--scan-mode quick \
--non-interactivebash
bash scripts/run-scan.sh \
--target ./app \
--scan-mode quick \
--non-interactiveBest practices
最佳实践
- Only test assets you own or are explicitly permitted to assess.
- Start with in CI and widen depth only when signal justifies the extra runtime.
quick - Keep secrets in environment variables, secret stores, or instruction files under your control instead of scattering them inline.
- Use both source and live targets together when you need better reproduction and remediation context.
- Expect the first run to be slower because Strix may pull its sandbox image.
- Treat as evidence: archive useful runs, especially when findings are heading into triage or remediation.
strix_runs/ - Be explicit about scope, exclusions, credentials, and rate limits so Strix does not waste time exploring irrelevant surfaces.
- Distinguish this repo's skill from Strix internal skills to avoid instruction confusion.
strix
- 仅测试你拥有所有权或获得明确许可评估的资产。
- 在CI中先从模式开始,只有当信号证明额外运行时间有价值时再提升扫描深度。
quick - 将密钥保存在环境变量、密钥存储或你可控的指令文件中,不要散落在行内命令中。
- 当你需要更好的复现和修复上下文时,同时使用源代码和线上目标进行扫描。
- 首次运行速度会较慢,因为Strix可能需要拉取其沙箱镜像。
- 将目录下的内容视为证据:归档有用的运行结果,尤其是当发现的问题进入分类或修复阶段时。
strix_runs/ - 明确指定扫描范围、排除项、凭证和速率限制,避免Strix在无关表面浪费时间。
- 区分本仓库的技能和Strix内部技能,避免指令混淆。
strix
References
参考链接
- references/commands.md
- references/providers-and-config.md
- references/scan-modes-and-ci.md
- references/built-in-skills.md
- scripts/install.sh
- scripts/run-scan.sh
- scripts/ci-scan.sh
- Strix GitHub Repository
- Strix Documentation
- references/commands.md
- references/providers-and-config.md
- references/scan-modes-and-ci.md
- references/built-in-skills.md
- scripts/install.sh
- scripts/run-scan.sh
- scripts/ci-scan.sh
- Strix GitHub Repository
- Strix Documentation