Skip to main content
Strix runs inside a Kali Linux-based Docker container with a comprehensive set of security tools pre-installed. The agent can use any of these tools through the terminal.

Reconnaissance

ToolDescription
SubfinderSubdomain discovery
NaabuFast port scanner
httpxHTTP probing and analysis
KatanaWeb crawling and spidering
ffufFast web fuzzer
NmapNetwork scanning and service detection

Web Testing

ToolDescription
ArjunHTTP parameter discovery
DirsearchDirectory and file brute-forcing
wafw00fWAF fingerprinting
GoSpiderWeb spider for link extraction

Automated Scanners

ToolDescription
NucleiTemplate-based vulnerability scanner
SQLMapAutomatic SQL injection detection and exploitation
WapitiWeb application vulnerability scanner
ZAPOWASP Zed Attack Proxy

JavaScript Analysis

ToolDescription
JS-SnooperJavaScript reconnaissance
jsniperJavaScript file analysis
Retire.jsDetect vulnerable JS libraries
ESLintJavaScript static analysis
js-beautifyJavaScript deobfuscation
JSHintJavaScript code quality tool

Source-Aware Analysis

ToolDescription
SemgrepFast SAST and custom rule matching
ast-grepStructural AST/CST-aware code search (sg)
Tree-sitterSyntax tree parsing and symbol extraction (Java/JS/TS/Python/Go/Bash/JSON/YAML grammars pre-configured)
BanditPython security linter

Secret Detection

ToolDescription
TruffleHogFind secrets in code and history
GitleaksDetect hardcoded secrets in repositories

Authentication Testing

ToolDescription
jwt_toolJWT token testing and exploitation
InteractshOut-of-band interaction detection

Container & Supply Chain

ToolDescription
TrivyFilesystem/container scanning for vulns, misconfigurations, secrets, and licenses

HTTP Proxy

ToolDescription
CaidoModern HTTP proxy for interception and replay

Browser

ToolDescription
PlaywrightHeadless browser automation
All tools are pre-configured and ready to use. The agent selects the appropriate tool based on the vulnerability being tested.