<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
    <channel>
        <title>AI Penetration Testing on Producthunt daily</title>
        <link>https://producthunt.programnotes.cn/en/tags/ai-penetration-testing/</link>
        <description>Recent content in AI Penetration Testing on Producthunt daily</description>
        <generator>Hugo -- gohugo.io</generator>
        <language>en</language>
        <lastBuildDate>Thu, 02 Jul 2026 18:19:50 +0800</lastBuildDate><atom:link href="https://producthunt.programnotes.cn/en/tags/ai-penetration-testing/index.xml" rel="self" type="application/rss+xml" /><item>
        <title>strix</title>
        <link>https://producthunt.programnotes.cn/en/p/strix/</link>
        <pubDate>Thu, 02 Jul 2026 18:19:50 +0800</pubDate>
        
        <guid>https://producthunt.programnotes.cn/en/p/strix/</guid>
        <description>&lt;img src="https://images.unsplash.com/photo-1615015456178-ae6bb600b7ef?ixid=M3w0NjAwMjJ8MHwxfHJhbmRvbXx8fHx8fHx8fDE3ODI5ODc1Mzd8&amp;ixlib=rb-4.1.0" alt="Featured image of post strix" /&gt;&lt;h1 id=&#34;usestrixstrix&#34;&gt;&lt;a class=&#34;link&#34; href=&#34;https://github.com/usestrix/strix&#34;  target=&#34;_blank&#34; rel=&#34;noopener&#34;
    &gt;usestrix/strix&lt;/a&gt;
&lt;/h1&gt;&lt;p align=&#34;center&#34;&gt;
  &lt;a href=&#34;https://strix.ai/&#34;&gt;
    &lt;img src=&#34;https://github.com/usestrix/.github/raw/main/imgs/cover.png&#34; alt=&#34;Strix Banner&#34; width=&#34;100%&#34;&gt;
  &lt;/a&gt;
&lt;/p&gt;
&lt;div align=&#34;center&#34;&gt;
&lt;h1 id=&#34;strix&#34;&gt;Strix
&lt;/h1&gt;&lt;h3 id=&#34;the-open-source-ai-pentesting-tool-autonomous-ai-hackers-that-find-and-fix-your-apps-vulnerabilities&#34;&gt;The open-source AI pentesting tool. Autonomous AI hackers that find and fix your app’s vulnerabilities.
&lt;/h3&gt;&lt;br/&gt;
&lt;p&gt;&lt;a href=&#34;https://docs.strix.ai&#34;&gt;&lt;img src=&#34;https://img.shields.io/badge/Docs-docs.strix.ai-2b9246?style=for-the-badge&amp;logo=gitbook&amp;logoColor=white&#34; alt=&#34;Docs&#34;&gt;&lt;/a&gt;
&lt;a href=&#34;https://strix.ai&#34;&gt;&lt;img src=&#34;https://img.shields.io/badge/Website-strix.ai-f0f0f0?style=for-the-badge&amp;logoColor=000000&#34; alt=&#34;Website&#34;&gt;&lt;/a&gt;
&lt;a class=&#34;link&#34; href=&#34;https://discord.gg/strix-ai&#34;  target=&#34;_blank&#34; rel=&#34;noopener&#34;
    &gt;&lt;img src=&#34;https://dcbadge.limes.pink/api/server/strix-ai&#34;
	
	
	
	loading=&#34;lazy&#34;
	
	
&gt;&lt;/a&gt;&lt;/p&gt;
&lt;p&gt;&lt;a href=&#34;https://deepwiki.com/usestrix/strix&#34;&gt;&lt;img src=&#34;https://deepwiki.com/badge.svg&#34; alt=&#34;Ask DeepWiki&#34;&gt;&lt;/a&gt;
&lt;a href=&#34;https://github.com/usestrix/strix&#34;&gt;&lt;img src=&#34;https://img.shields.io/github/stars/usestrix/strix?style=flat-square&#34; alt=&#34;GitHub Stars&#34;&gt;&lt;/a&gt;
&lt;a href=&#34;LICENSE&#34;&gt;&lt;img src=&#34;https://img.shields.io/badge/License-Apache%202.0-3b82f6?style=flat-square&#34; alt=&#34;License&#34;&gt;&lt;/a&gt;
&lt;a href=&#34;https://pypi.org/project/strix-agent/&#34;&gt;&lt;img src=&#34;https://img.shields.io/pypi/v/strix-agent?style=flat-square&#34; alt=&#34;PyPI Version&#34;&gt;&lt;/a&gt;&lt;/p&gt;
&lt;p&gt;&lt;a href=&#34;https://discord.gg/strix-ai&#34;&gt;&lt;img src=&#34;https://github.com/usestrix/.github/raw/main/imgs/Discord.png&#34; height=&#34;40&#34; alt=&#34;Join Discord&#34;&gt;&lt;/a&gt;
&lt;a href=&#34;https://x.com/strix_ai&#34;&gt;&lt;img src=&#34;https://github.com/usestrix/.github/raw/main/imgs/X.png&#34; height=&#34;40&#34; alt=&#34;Follow on X&#34;&gt;&lt;/a&gt;&lt;/p&gt;
&lt;p&gt;&lt;a href=&#34;https://trendshift.io/repositories/15362&#34; target=&#34;_blank&#34;&gt;&lt;img src=&#34;https://trendshift.io/api/badge/repositories/15362&#34; alt=&#34;usestrix/strix | Trendshift&#34; width=&#34;250&#34; height=&#34;55&#34;/&gt;&lt;/a&gt;&lt;/p&gt;
&lt;/div&gt;
&lt;blockquote&gt;
&lt;p&gt;[!TIP]
&lt;strong&gt;New!&lt;/strong&gt; Strix integrates seamlessly with GitHub Actions and CI/CD pipelines. Automatically scan for vulnerabilities on every pull request and block insecure code before it reaches production - &lt;a class=&#34;link&#34; href=&#34;https://app.strix.ai&#34;  target=&#34;_blank&#34; rel=&#34;noopener&#34;
    &gt;Get started with no setup required&lt;/a&gt;.&lt;/p&gt;
&lt;/blockquote&gt;
&lt;hr&gt;
&lt;h2 id=&#34;strix-overview&#34;&gt;Strix Overview
&lt;/h2&gt;&lt;p&gt;Strix are autonomous AI penetration testing agents that act just like real hackers - they run your code dynamically, find vulnerabilities, and validate them through actual proof-of-concepts. Built for developers and security teams who need fast, accurate security testing without the overhead of manual pentesting or the false positives of static analysis tools.&lt;/p&gt;
&lt;p&gt;&lt;strong&gt;Key Capabilities:&lt;/strong&gt;&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;&lt;strong&gt;Full pentesting toolkit&lt;/strong&gt; - reconnaissance, exploitation, and validation out of the box&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Multi-agent orchestration&lt;/strong&gt; - teams of AI pentesters that collaborate and scale&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Real exploit validation&lt;/strong&gt; - working PoCs, not false positives like legacy vulnerability scanners&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Developer‑first CLI&lt;/strong&gt; - actionable findings with remediation guidance&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Auto‑fix &amp;amp; reporting&lt;/strong&gt; - generate patches and compliance-ready pentest reports&lt;/li&gt;
&lt;/ul&gt;
&lt;br&gt;
&lt;div align=&#34;center&#34;&gt;
  &lt;a href=&#34;https://strix.ai&#34;&gt;
    &lt;img src=&#34;.github/screenshot.png&#34; alt=&#34;Strix Demo&#34; width=&#34;1000&#34; style=&#34;border-radius: 16px;&#34;&gt;
  &lt;/a&gt;
&lt;/div&gt;
&lt;h2 id=&#34;use-cases&#34;&gt;Use Cases
&lt;/h2&gt;&lt;ul&gt;
&lt;li&gt;&lt;strong&gt;Application Security Testing&lt;/strong&gt; - Detect and validate critical vulnerabilities in your applications&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Rapid Penetration Testing&lt;/strong&gt; - Get penetration tests done in hours, not weeks, with compliance reports&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Bug Bounty Automation&lt;/strong&gt; - Automate bug bounty research and generate PoCs for faster reporting&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;CI/CD Integration&lt;/strong&gt; - Run tests in CI/CD to block vulnerabilities before reaching production&lt;/li&gt;
&lt;/ul&gt;
&lt;h2 id=&#34;-quick-start&#34;&gt;🚀 Quick Start
&lt;/h2&gt;&lt;p&gt;&lt;strong&gt;Prerequisites:&lt;/strong&gt;&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;Docker (running)&lt;/li&gt;
&lt;li&gt;An LLM API key from any &lt;a class=&#34;link&#34; href=&#34;https://docs.strix.ai/llm-providers/overview&#34;  target=&#34;_blank&#34; rel=&#34;noopener&#34;
    &gt;supported provider&lt;/a&gt; (OpenAI, Anthropic, Google, etc.)&lt;/li&gt;
&lt;/ul&gt;
&lt;h3 id=&#34;installation--first-scan&#34;&gt;Installation &amp;amp; First Scan
&lt;/h3&gt;&lt;div class=&#34;highlight&#34;&gt;&lt;div class=&#34;chroma&#34;&gt;
&lt;table class=&#34;lntable&#34;&gt;&lt;tr&gt;&lt;td class=&#34;lntd&#34;&gt;
&lt;pre tabindex=&#34;0&#34; class=&#34;chroma&#34;&gt;&lt;code&gt;&lt;span class=&#34;lnt&#34;&gt;1
&lt;/span&gt;&lt;span class=&#34;lnt&#34;&gt;2
&lt;/span&gt;&lt;span class=&#34;lnt&#34;&gt;3
&lt;/span&gt;&lt;span class=&#34;lnt&#34;&gt;4
&lt;/span&gt;&lt;span class=&#34;lnt&#34;&gt;5
&lt;/span&gt;&lt;span class=&#34;lnt&#34;&gt;6
&lt;/span&gt;&lt;span class=&#34;lnt&#34;&gt;7
&lt;/span&gt;&lt;span class=&#34;lnt&#34;&gt;8
&lt;/span&gt;&lt;span class=&#34;lnt&#34;&gt;9
&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/td&gt;
&lt;td class=&#34;lntd&#34;&gt;
&lt;pre tabindex=&#34;0&#34; class=&#34;chroma&#34;&gt;&lt;code class=&#34;language-bash&#34; data-lang=&#34;bash&#34;&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;c1&#34;&gt;# Install Strix&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;curl -sSL https://strix.ai/install &lt;span class=&#34;p&#34;&gt;|&lt;/span&gt; bash
&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;c1&#34;&gt;# Configure your AI provider&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;nb&#34;&gt;export&lt;/span&gt; &lt;span class=&#34;nv&#34;&gt;STRIX_LLM&lt;/span&gt;&lt;span class=&#34;o&#34;&gt;=&lt;/span&gt;&lt;span class=&#34;s2&#34;&gt;&amp;#34;openai/gpt-5.4&amp;#34;&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;nb&#34;&gt;export&lt;/span&gt; &lt;span class=&#34;nv&#34;&gt;LLM_API_KEY&lt;/span&gt;&lt;span class=&#34;o&#34;&gt;=&lt;/span&gt;&lt;span class=&#34;s2&#34;&gt;&amp;#34;your-api-key&amp;#34;&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;c1&#34;&gt;# Run your first security assessment&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;strix --target ./app-directory
&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/td&gt;&lt;/tr&gt;&lt;/table&gt;
&lt;/div&gt;
&lt;/div&gt;&lt;blockquote&gt;
&lt;p&gt;[!NOTE]
First run automatically pulls the sandbox Docker image. Results are saved to &lt;code&gt;strix_runs/&amp;lt;run-name&amp;gt;&lt;/code&gt;&lt;/p&gt;
&lt;/blockquote&gt;
&lt;hr&gt;
&lt;h2 id=&#34;-strix-platform&#34;&gt;☁️ Strix Platform
&lt;/h2&gt;&lt;p&gt;Try the Strix full-stack penetration testing platform at &lt;strong&gt;&lt;a class=&#34;link&#34; href=&#34;https://app.strix.ai&#34;  target=&#34;_blank&#34; rel=&#34;noopener&#34;
    &gt;app.strix.ai&lt;/a&gt;&lt;/strong&gt; - sign up for free, connect your repos and domains, and launch a pentest in minutes.&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;&lt;strong&gt;Validated findings with PoCs&lt;/strong&gt; - every vulnerability includes a working proof-of-concept exploit and reproduction steps&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;One-click autofix&lt;/strong&gt; - AI-generated security patches as ready-to-merge pull requests&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Continuous pentesting&lt;/strong&gt; - always-on vulnerability scanning that keeps pace with your deployments&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;DevSecOps integrations&lt;/strong&gt; - GitHub, GitLab, Bitbucket, Slack, Jira, Linear, and CI/CD pipelines&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Continuous learning&lt;/strong&gt; - AI that builds on past findings, adapts to your codebase, and reduces false positives over time&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;&lt;a class=&#34;link&#34; href=&#34;https://app.strix.ai&#34;  target=&#34;_blank&#34; rel=&#34;noopener&#34;
    &gt;&lt;strong&gt;Start your first pentest →&lt;/strong&gt;&lt;/a&gt;&lt;/p&gt;
&lt;hr&gt;
&lt;h2 id=&#34;-features&#34;&gt;✨ Features
&lt;/h2&gt;&lt;h3 id=&#34;agentic-pentesting-tools&#34;&gt;Agentic Pentesting Tools
&lt;/h3&gt;&lt;p&gt;Strix agents come equipped with a comprehensive offensive security toolkit - the same tools used by professional penetration testers and ethical hackers:&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;&lt;strong&gt;HTTP Interception Proxy&lt;/strong&gt; - Full request/response manipulation and analysis with Caido&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Browser Exploitation&lt;/strong&gt; - Automated browser for testing XSS, CSRF, clickjacking, and auth bypass flows&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Shell &amp;amp; Command Execution&lt;/strong&gt; - Interactive terminal for exploit development and post-exploitation&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Custom Exploit Runtime&lt;/strong&gt; - Python sandbox for writing and validating proof-of-concept exploits&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Reconnaissance &amp;amp; OSINT&lt;/strong&gt; - Automated attack surface mapping, subdomain enumeration, and fingerprinting&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Static &amp;amp; Dynamic Code Analysis&lt;/strong&gt; - SAST + DAST capabilities for comprehensive application security testing&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Vulnerability Knowledge Base&lt;/strong&gt; - Structured findings with CVSS scoring and OWASP classification&lt;/li&gt;
&lt;/ul&gt;
&lt;h3 id=&#34;comprehensive-vulnerability-scanner&#34;&gt;Comprehensive Vulnerability Scanner
&lt;/h3&gt;&lt;p&gt;Strix identifies, validates, and exploits a wide range of security vulnerabilities across the OWASP Top 10 and beyond:&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;&lt;strong&gt;Broken Access Control&lt;/strong&gt; - IDOR, privilege escalation, auth bypass&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Injection Attacks&lt;/strong&gt; - SQL injection, NoSQL injection, OS command injection, SSTI&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Server-Side Vulnerabilities&lt;/strong&gt; - SSRF, XXE, insecure deserialization, RCE&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Client-Side Attacks&lt;/strong&gt; - XSS (stored/reflected/DOM), prototype pollution, CSRF&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Business Logic Flaws&lt;/strong&gt; - Race conditions, payment manipulation, workflow bypass&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Authentication &amp;amp; Session&lt;/strong&gt; - JWT attacks, session fixation, credential stuffing vectors&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Infrastructure &amp;amp; Cloud&lt;/strong&gt; - Misconfigurations, exposed services, cloud security issues&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;API Security&lt;/strong&gt; - Broken authentication, mass assignment, rate limiting bypass&lt;/li&gt;
&lt;/ul&gt;
&lt;h3 id=&#34;graph-of-agents-multi-agent-pentesting&#34;&gt;Graph of Agents (Multi-Agent Pentesting)
&lt;/h3&gt;&lt;p&gt;Advanced multi-agent orchestration for comprehensive automated penetration testing:&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;&lt;strong&gt;Distributed Pentesting&lt;/strong&gt; - Specialized AI agents for recon, exploitation, and post-exploitation&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Scalable Security Testing&lt;/strong&gt; - Parallel execution across multiple targets for fast, comprehensive coverage&lt;/li&gt;
&lt;li&gt;&lt;strong&gt;Dynamic Coordination&lt;/strong&gt; - Agents share discoveries, chain vulnerabilities, and collaborate like a red team&lt;/li&gt;
&lt;/ul&gt;
&lt;hr&gt;
&lt;h2 id=&#34;usage-examples&#34;&gt;Usage Examples
&lt;/h2&gt;&lt;h3 id=&#34;basic-usage&#34;&gt;Basic Usage
&lt;/h3&gt;&lt;div class=&#34;highlight&#34;&gt;&lt;div class=&#34;chroma&#34;&gt;
&lt;table class=&#34;lntable&#34;&gt;&lt;tr&gt;&lt;td class=&#34;lntd&#34;&gt;
&lt;pre tabindex=&#34;0&#34; class=&#34;chroma&#34;&gt;&lt;code&gt;&lt;span class=&#34;lnt&#34;&gt;1
&lt;/span&gt;&lt;span class=&#34;lnt&#34;&gt;2
&lt;/span&gt;&lt;span class=&#34;lnt&#34;&gt;3
&lt;/span&gt;&lt;span class=&#34;lnt&#34;&gt;4
&lt;/span&gt;&lt;span class=&#34;lnt&#34;&gt;5
&lt;/span&gt;&lt;span class=&#34;lnt&#34;&gt;6
&lt;/span&gt;&lt;span class=&#34;lnt&#34;&gt;7
&lt;/span&gt;&lt;span class=&#34;lnt&#34;&gt;8
&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/td&gt;
&lt;td class=&#34;lntd&#34;&gt;
&lt;pre tabindex=&#34;0&#34; class=&#34;chroma&#34;&gt;&lt;code class=&#34;language-bash&#34; data-lang=&#34;bash&#34;&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;c1&#34;&gt;# Scan a local codebase&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;strix --target ./app-directory
&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;c1&#34;&gt;# Security review of a GitHub repository&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;strix --target https://github.com/org/repo
&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;c1&#34;&gt;# Black-box web application assessment&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;strix --target https://your-app.com
&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/td&gt;&lt;/tr&gt;&lt;/table&gt;
&lt;/div&gt;
&lt;/div&gt;&lt;h3 id=&#34;advanced-testing-scenarios&#34;&gt;Advanced Testing Scenarios
&lt;/h3&gt;&lt;div class=&#34;highlight&#34;&gt;&lt;div class=&#34;chroma&#34;&gt;
&lt;table class=&#34;lntable&#34;&gt;&lt;tr&gt;&lt;td class=&#34;lntd&#34;&gt;
&lt;pre tabindex=&#34;0&#34; class=&#34;chroma&#34;&gt;&lt;code&gt;&lt;span class=&#34;lnt&#34;&gt; 1
&lt;/span&gt;&lt;span class=&#34;lnt&#34;&gt; 2
&lt;/span&gt;&lt;span class=&#34;lnt&#34;&gt; 3
&lt;/span&gt;&lt;span class=&#34;lnt&#34;&gt; 4
&lt;/span&gt;&lt;span class=&#34;lnt&#34;&gt; 5
&lt;/span&gt;&lt;span class=&#34;lnt&#34;&gt; 6
&lt;/span&gt;&lt;span class=&#34;lnt&#34;&gt; 7
&lt;/span&gt;&lt;span class=&#34;lnt&#34;&gt; 8
&lt;/span&gt;&lt;span class=&#34;lnt&#34;&gt; 9
&lt;/span&gt;&lt;span class=&#34;lnt&#34;&gt;10
&lt;/span&gt;&lt;span class=&#34;lnt&#34;&gt;11
&lt;/span&gt;&lt;span class=&#34;lnt&#34;&gt;12
&lt;/span&gt;&lt;span class=&#34;lnt&#34;&gt;13
&lt;/span&gt;&lt;span class=&#34;lnt&#34;&gt;14
&lt;/span&gt;&lt;span class=&#34;lnt&#34;&gt;15
&lt;/span&gt;&lt;span class=&#34;lnt&#34;&gt;16
&lt;/span&gt;&lt;span class=&#34;lnt&#34;&gt;17
&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/td&gt;
&lt;td class=&#34;lntd&#34;&gt;
&lt;pre tabindex=&#34;0&#34; class=&#34;chroma&#34;&gt;&lt;code class=&#34;language-bash&#34; data-lang=&#34;bash&#34;&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;c1&#34;&gt;# Grey-box authenticated testing&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;strix --target https://your-app.com --instruction &lt;span class=&#34;s2&#34;&gt;&amp;#34;Perform authenticated testing using credentials: user:pass&amp;#34;&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;c1&#34;&gt;# Multi-target testing (source code + deployed app)&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;strix -t https://github.com/org/app -t https://your-app.com
&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;c1&#34;&gt;# White-box source-aware scan (local repository)&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;strix --target ./app-directory --scan-mode standard
&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;c1&#34;&gt;# Focused testing with custom instructions&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;strix --target api.your-app.com --instruction &lt;span class=&#34;s2&#34;&gt;&amp;#34;Focus on business logic flaws and IDOR vulnerabilities&amp;#34;&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;c1&#34;&gt;# Provide detailed instructions through file (e.g., rules of engagement, scope, exclusions)&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;strix --target api.your-app.com --instruction-file ./instruction.md
&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;c1&#34;&gt;# Force PR diff-scope against a specific base branch&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;strix -n --target ./ --scan-mode quick --scope-mode diff --diff-base origin/main
&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/td&gt;&lt;/tr&gt;&lt;/table&gt;
&lt;/div&gt;
&lt;/div&gt;&lt;h3 id=&#34;headless-mode&#34;&gt;Headless Mode
&lt;/h3&gt;&lt;p&gt;Run Strix programmatically without interactive UI using the &lt;code&gt;-n/--non-interactive&lt;/code&gt; flag - perfect for servers and automated jobs. The CLI prints real-time vulnerability findings, and the final report before exiting. Exits with non-zero code when vulnerabilities are found.&lt;/p&gt;
&lt;div class=&#34;highlight&#34;&gt;&lt;div class=&#34;chroma&#34;&gt;
&lt;table class=&#34;lntable&#34;&gt;&lt;tr&gt;&lt;td class=&#34;lntd&#34;&gt;
&lt;pre tabindex=&#34;0&#34; class=&#34;chroma&#34;&gt;&lt;code&gt;&lt;span class=&#34;lnt&#34;&gt;1
&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/td&gt;
&lt;td class=&#34;lntd&#34;&gt;
&lt;pre tabindex=&#34;0&#34; class=&#34;chroma&#34;&gt;&lt;code class=&#34;language-bash&#34; data-lang=&#34;bash&#34;&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;strix -n --target https://your-app.com
&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/td&gt;&lt;/tr&gt;&lt;/table&gt;
&lt;/div&gt;
&lt;/div&gt;&lt;h3 id=&#34;cicd-github-actions&#34;&gt;CI/CD (GitHub Actions)
&lt;/h3&gt;&lt;p&gt;Strix can be added to your pipeline to run a security test on pull requests with a lightweight GitHub Actions workflow:&lt;/p&gt;
&lt;div class=&#34;highlight&#34;&gt;&lt;div class=&#34;chroma&#34;&gt;
&lt;table class=&#34;lntable&#34;&gt;&lt;tr&gt;&lt;td class=&#34;lntd&#34;&gt;
&lt;pre tabindex=&#34;0&#34; class=&#34;chroma&#34;&gt;&lt;code&gt;&lt;span class=&#34;lnt&#34;&gt; 1
&lt;/span&gt;&lt;span class=&#34;lnt&#34;&gt; 2
&lt;/span&gt;&lt;span class=&#34;lnt&#34;&gt; 3
&lt;/span&gt;&lt;span class=&#34;lnt&#34;&gt; 4
&lt;/span&gt;&lt;span class=&#34;lnt&#34;&gt; 5
&lt;/span&gt;&lt;span class=&#34;lnt&#34;&gt; 6
&lt;/span&gt;&lt;span class=&#34;lnt&#34;&gt; 7
&lt;/span&gt;&lt;span class=&#34;lnt&#34;&gt; 8
&lt;/span&gt;&lt;span class=&#34;lnt&#34;&gt; 9
&lt;/span&gt;&lt;span class=&#34;lnt&#34;&gt;10
&lt;/span&gt;&lt;span class=&#34;lnt&#34;&gt;11
&lt;/span&gt;&lt;span class=&#34;lnt&#34;&gt;12
&lt;/span&gt;&lt;span class=&#34;lnt&#34;&gt;13
&lt;/span&gt;&lt;span class=&#34;lnt&#34;&gt;14
&lt;/span&gt;&lt;span class=&#34;lnt&#34;&gt;15
&lt;/span&gt;&lt;span class=&#34;lnt&#34;&gt;16
&lt;/span&gt;&lt;span class=&#34;lnt&#34;&gt;17
&lt;/span&gt;&lt;span class=&#34;lnt&#34;&gt;18
&lt;/span&gt;&lt;span class=&#34;lnt&#34;&gt;19
&lt;/span&gt;&lt;span class=&#34;lnt&#34;&gt;20
&lt;/span&gt;&lt;span class=&#34;lnt&#34;&gt;21
&lt;/span&gt;&lt;span class=&#34;lnt&#34;&gt;22
&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/td&gt;
&lt;td class=&#34;lntd&#34;&gt;
&lt;pre tabindex=&#34;0&#34; class=&#34;chroma&#34;&gt;&lt;code class=&#34;language-yaml&#34; data-lang=&#34;yaml&#34;&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;nt&#34;&gt;name&lt;/span&gt;&lt;span class=&#34;p&#34;&gt;:&lt;/span&gt;&lt;span class=&#34;w&#34;&gt; &lt;/span&gt;&lt;span class=&#34;l&#34;&gt;strix-penetration-test&lt;/span&gt;&lt;span class=&#34;w&#34;&gt;
&lt;/span&gt;&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;w&#34;&gt;
&lt;/span&gt;&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;nt&#34;&gt;on&lt;/span&gt;&lt;span class=&#34;p&#34;&gt;:&lt;/span&gt;&lt;span class=&#34;w&#34;&gt;
&lt;/span&gt;&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;w&#34;&gt;  &lt;/span&gt;&lt;span class=&#34;nt&#34;&gt;pull_request&lt;/span&gt;&lt;span class=&#34;p&#34;&gt;:&lt;/span&gt;&lt;span class=&#34;w&#34;&gt;
&lt;/span&gt;&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;w&#34;&gt;
&lt;/span&gt;&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;nt&#34;&gt;jobs&lt;/span&gt;&lt;span class=&#34;p&#34;&gt;:&lt;/span&gt;&lt;span class=&#34;w&#34;&gt;
&lt;/span&gt;&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;w&#34;&gt;  &lt;/span&gt;&lt;span class=&#34;nt&#34;&gt;security-scan&lt;/span&gt;&lt;span class=&#34;p&#34;&gt;:&lt;/span&gt;&lt;span class=&#34;w&#34;&gt;
&lt;/span&gt;&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;w&#34;&gt;    &lt;/span&gt;&lt;span class=&#34;nt&#34;&gt;runs-on&lt;/span&gt;&lt;span class=&#34;p&#34;&gt;:&lt;/span&gt;&lt;span class=&#34;w&#34;&gt; &lt;/span&gt;&lt;span class=&#34;l&#34;&gt;ubuntu-latest&lt;/span&gt;&lt;span class=&#34;w&#34;&gt;
&lt;/span&gt;&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;w&#34;&gt;    &lt;/span&gt;&lt;span class=&#34;nt&#34;&gt;steps&lt;/span&gt;&lt;span class=&#34;p&#34;&gt;:&lt;/span&gt;&lt;span class=&#34;w&#34;&gt;
&lt;/span&gt;&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;w&#34;&gt;      &lt;/span&gt;- &lt;span class=&#34;nt&#34;&gt;uses&lt;/span&gt;&lt;span class=&#34;p&#34;&gt;:&lt;/span&gt;&lt;span class=&#34;w&#34;&gt; &lt;/span&gt;&lt;span class=&#34;l&#34;&gt;actions/checkout@v6&lt;/span&gt;&lt;span class=&#34;w&#34;&gt;
&lt;/span&gt;&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;w&#34;&gt;        &lt;/span&gt;&lt;span class=&#34;nt&#34;&gt;with&lt;/span&gt;&lt;span class=&#34;p&#34;&gt;:&lt;/span&gt;&lt;span class=&#34;w&#34;&gt;
&lt;/span&gt;&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;w&#34;&gt;          &lt;/span&gt;&lt;span class=&#34;nt&#34;&gt;fetch-depth&lt;/span&gt;&lt;span class=&#34;p&#34;&gt;:&lt;/span&gt;&lt;span class=&#34;w&#34;&gt; &lt;/span&gt;&lt;span class=&#34;m&#34;&gt;0&lt;/span&gt;&lt;span class=&#34;w&#34;&gt;
&lt;/span&gt;&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;w&#34;&gt;
&lt;/span&gt;&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;w&#34;&gt;      &lt;/span&gt;- &lt;span class=&#34;nt&#34;&gt;name&lt;/span&gt;&lt;span class=&#34;p&#34;&gt;:&lt;/span&gt;&lt;span class=&#34;w&#34;&gt; &lt;/span&gt;&lt;span class=&#34;l&#34;&gt;Install Strix&lt;/span&gt;&lt;span class=&#34;w&#34;&gt;
&lt;/span&gt;&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;w&#34;&gt;        &lt;/span&gt;&lt;span class=&#34;nt&#34;&gt;run&lt;/span&gt;&lt;span class=&#34;p&#34;&gt;:&lt;/span&gt;&lt;span class=&#34;w&#34;&gt; &lt;/span&gt;&lt;span class=&#34;l&#34;&gt;curl -sSL https://strix.ai/install | bash&lt;/span&gt;&lt;span class=&#34;w&#34;&gt;
&lt;/span&gt;&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;w&#34;&gt;
&lt;/span&gt;&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;w&#34;&gt;      &lt;/span&gt;- &lt;span class=&#34;nt&#34;&gt;name&lt;/span&gt;&lt;span class=&#34;p&#34;&gt;:&lt;/span&gt;&lt;span class=&#34;w&#34;&gt; &lt;/span&gt;&lt;span class=&#34;l&#34;&gt;Run Strix&lt;/span&gt;&lt;span class=&#34;w&#34;&gt;
&lt;/span&gt;&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;w&#34;&gt;        &lt;/span&gt;&lt;span class=&#34;nt&#34;&gt;env&lt;/span&gt;&lt;span class=&#34;p&#34;&gt;:&lt;/span&gt;&lt;span class=&#34;w&#34;&gt;
&lt;/span&gt;&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;w&#34;&gt;          &lt;/span&gt;&lt;span class=&#34;nt&#34;&gt;STRIX_LLM&lt;/span&gt;&lt;span class=&#34;p&#34;&gt;:&lt;/span&gt;&lt;span class=&#34;w&#34;&gt; &lt;/span&gt;&lt;span class=&#34;l&#34;&gt;${{ secrets.STRIX_LLM }}&lt;/span&gt;&lt;span class=&#34;w&#34;&gt;
&lt;/span&gt;&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;w&#34;&gt;          &lt;/span&gt;&lt;span class=&#34;nt&#34;&gt;LLM_API_KEY&lt;/span&gt;&lt;span class=&#34;p&#34;&gt;:&lt;/span&gt;&lt;span class=&#34;w&#34;&gt; &lt;/span&gt;&lt;span class=&#34;l&#34;&gt;${{ secrets.LLM_API_KEY }}&lt;/span&gt;&lt;span class=&#34;w&#34;&gt;
&lt;/span&gt;&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;w&#34;&gt;
&lt;/span&gt;&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;w&#34;&gt;        &lt;/span&gt;&lt;span class=&#34;nt&#34;&gt;run&lt;/span&gt;&lt;span class=&#34;p&#34;&gt;:&lt;/span&gt;&lt;span class=&#34;w&#34;&gt; &lt;/span&gt;&lt;span class=&#34;l&#34;&gt;strix -n -t ./ --scan-mode quick&lt;/span&gt;&lt;span class=&#34;w&#34;&gt;
&lt;/span&gt;&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/td&gt;&lt;/tr&gt;&lt;/table&gt;
&lt;/div&gt;
&lt;/div&gt;&lt;blockquote&gt;
&lt;p&gt;[!TIP]
In CI pull request runs, Strix automatically scopes quick reviews to changed files.
If diff-scope cannot resolve, ensure checkout uses full history (&lt;code&gt;fetch-depth: 0&lt;/code&gt;) or pass
&lt;code&gt;--diff-base&lt;/code&gt; explicitly.&lt;/p&gt;
&lt;/blockquote&gt;
&lt;h3 id=&#34;configuration&#34;&gt;Configuration
&lt;/h3&gt;&lt;div class=&#34;highlight&#34;&gt;&lt;div class=&#34;chroma&#34;&gt;
&lt;table class=&#34;lntable&#34;&gt;&lt;tr&gt;&lt;td class=&#34;lntd&#34;&gt;
&lt;pre tabindex=&#34;0&#34; class=&#34;chroma&#34;&gt;&lt;code&gt;&lt;span class=&#34;lnt&#34;&gt;1
&lt;/span&gt;&lt;span class=&#34;lnt&#34;&gt;2
&lt;/span&gt;&lt;span class=&#34;lnt&#34;&gt;3
&lt;/span&gt;&lt;span class=&#34;lnt&#34;&gt;4
&lt;/span&gt;&lt;span class=&#34;lnt&#34;&gt;5
&lt;/span&gt;&lt;span class=&#34;lnt&#34;&gt;6
&lt;/span&gt;&lt;span class=&#34;lnt&#34;&gt;7
&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/td&gt;
&lt;td class=&#34;lntd&#34;&gt;
&lt;pre tabindex=&#34;0&#34; class=&#34;chroma&#34;&gt;&lt;code class=&#34;language-bash&#34; data-lang=&#34;bash&#34;&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;nb&#34;&gt;export&lt;/span&gt; &lt;span class=&#34;nv&#34;&gt;STRIX_LLM&lt;/span&gt;&lt;span class=&#34;o&#34;&gt;=&lt;/span&gt;&lt;span class=&#34;s2&#34;&gt;&amp;#34;openai/gpt-5.4&amp;#34;&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;nb&#34;&gt;export&lt;/span&gt; &lt;span class=&#34;nv&#34;&gt;LLM_API_KEY&lt;/span&gt;&lt;span class=&#34;o&#34;&gt;=&lt;/span&gt;&lt;span class=&#34;s2&#34;&gt;&amp;#34;your-api-key&amp;#34;&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;c1&#34;&gt;# Optional&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;nb&#34;&gt;export&lt;/span&gt; &lt;span class=&#34;nv&#34;&gt;LLM_API_BASE&lt;/span&gt;&lt;span class=&#34;o&#34;&gt;=&lt;/span&gt;&lt;span class=&#34;s2&#34;&gt;&amp;#34;your-api-base-url&amp;#34;&lt;/span&gt;  &lt;span class=&#34;c1&#34;&gt;# if using a local model, e.g. Ollama, LMStudio&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;nb&#34;&gt;export&lt;/span&gt; &lt;span class=&#34;nv&#34;&gt;PERPLEXITY_API_KEY&lt;/span&gt;&lt;span class=&#34;o&#34;&gt;=&lt;/span&gt;&lt;span class=&#34;s2&#34;&gt;&amp;#34;your-api-key&amp;#34;&lt;/span&gt;  &lt;span class=&#34;c1&#34;&gt;# for search capabilities&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;span class=&#34;line&#34;&gt;&lt;span class=&#34;cl&#34;&gt;&lt;span class=&#34;nb&#34;&gt;export&lt;/span&gt; &lt;span class=&#34;nv&#34;&gt;STRIX_REASONING_EFFORT&lt;/span&gt;&lt;span class=&#34;o&#34;&gt;=&lt;/span&gt;&lt;span class=&#34;s2&#34;&gt;&amp;#34;high&amp;#34;&lt;/span&gt;  &lt;span class=&#34;c1&#34;&gt;# control thinking effort (default: high, quick scan: medium)&lt;/span&gt;
&lt;/span&gt;&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;&lt;/td&gt;&lt;/tr&gt;&lt;/table&gt;
&lt;/div&gt;
&lt;/div&gt;&lt;blockquote&gt;
&lt;p&gt;[!NOTE]
Strix automatically saves your configuration to &lt;code&gt;~/.strix/cli-config.json&lt;/code&gt;, so you don&amp;rsquo;t have to re-enter it on every run.&lt;/p&gt;
&lt;/blockquote&gt;
&lt;p&gt;&lt;strong&gt;Recommended models for best results:&lt;/strong&gt;&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;&lt;a class=&#34;link&#34; href=&#34;https://openai.com/api/&#34;  target=&#34;_blank&#34; rel=&#34;noopener&#34;
    &gt;OpenAI GPT-5.4&lt;/a&gt; - &lt;code&gt;openai/gpt-5.4&lt;/code&gt;&lt;/li&gt;
&lt;li&gt;&lt;a class=&#34;link&#34; href=&#34;https://claude.com/platform/api&#34;  target=&#34;_blank&#34; rel=&#34;noopener&#34;
    &gt;Anthropic Claude Sonnet 4.6&lt;/a&gt; - &lt;code&gt;anthropic/claude-sonnet-4-6&lt;/code&gt;&lt;/li&gt;
&lt;li&gt;&lt;a class=&#34;link&#34; href=&#34;https://cloud.google.com/vertex-ai&#34;  target=&#34;_blank&#34; rel=&#34;noopener&#34;
    &gt;Google Gemini 3 Pro Preview&lt;/a&gt; - &lt;code&gt;vertex_ai/gemini-3-pro-preview&lt;/code&gt;&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;See the &lt;a class=&#34;link&#34; href=&#34;https://docs.strix.ai/llm-providers/overview&#34;  target=&#34;_blank&#34; rel=&#34;noopener&#34;
    &gt;LLM Providers documentation&lt;/a&gt; for all supported providers including Vertex AI, Bedrock, Azure, and local models.&lt;/p&gt;
&lt;h2 id=&#34;enterprise-pentesting&#34;&gt;Enterprise Pentesting
&lt;/h2&gt;&lt;p&gt;Get the same Strix experience with &lt;a class=&#34;link&#34; href=&#34;https://strix.ai/demo&#34;  target=&#34;_blank&#34; rel=&#34;noopener&#34;
    &gt;enterprise-grade&lt;/a&gt; controls: SSO (SAML/OIDC), custom compliance-ready penetration testing reports (SOC 2, ISO 27001, PCI DSS), dedicated support &amp;amp; SLA, custom deployment options (VPC/self-hosted), BYOK model support, and tailored AI pentesting agents optimized for your environment. &lt;a class=&#34;link&#34; href=&#34;https://strix.ai/demo&#34;  target=&#34;_blank&#34; rel=&#34;noopener&#34;
    &gt;Learn more&lt;/a&gt;.&lt;/p&gt;
&lt;h2 id=&#34;documentation&#34;&gt;Documentation
&lt;/h2&gt;&lt;p&gt;Full documentation is available at &lt;strong&gt;&lt;a class=&#34;link&#34; href=&#34;https://docs.strix.ai&#34;  target=&#34;_blank&#34; rel=&#34;noopener&#34;
    &gt;docs.strix.ai&lt;/a&gt;&lt;/strong&gt; - including detailed guides for usage, CI/CD integrations, skills, and advanced configuration.&lt;/p&gt;
&lt;h2 id=&#34;contributing&#34;&gt;Contributing
&lt;/h2&gt;&lt;p&gt;We welcome contributions of code, docs, and new skills - check out our &lt;a class=&#34;link&#34; href=&#34;https://docs.strix.ai/contributing&#34;  target=&#34;_blank&#34; rel=&#34;noopener&#34;
    &gt;Contributing Guide&lt;/a&gt; to get started or open a &lt;a class=&#34;link&#34; href=&#34;https://github.com/usestrix/strix/pulls&#34;  target=&#34;_blank&#34; rel=&#34;noopener&#34;
    &gt;pull request&lt;/a&gt;/&lt;a class=&#34;link&#34; href=&#34;https://github.com/usestrix/strix/issues&#34;  target=&#34;_blank&#34; rel=&#34;noopener&#34;
    &gt;issue&lt;/a&gt;.&lt;/p&gt;
&lt;h2 id=&#34;join-our-community&#34;&gt;Join Our Community
&lt;/h2&gt;&lt;p&gt;Have questions? Found a bug? Want to contribute? &lt;strong&gt;&lt;a class=&#34;link&#34; href=&#34;https://discord.gg/strix-ai&#34;  target=&#34;_blank&#34; rel=&#34;noopener&#34;
    &gt;Join our Discord!&lt;/a&gt;&lt;/strong&gt;&lt;/p&gt;
&lt;h2 id=&#34;support-the-project&#34;&gt;Support the Project
&lt;/h2&gt;&lt;p&gt;&lt;strong&gt;Love Strix?&lt;/strong&gt; Give us a ⭐ on GitHub!&lt;/p&gt;
&lt;h2 id=&#34;acknowledgements&#34;&gt;Acknowledgements
&lt;/h2&gt;&lt;p&gt;Strix builds on the incredible work of open-source projects like &lt;a class=&#34;link&#34; href=&#34;https://github.com/BerriAI/litellm&#34;  target=&#34;_blank&#34; rel=&#34;noopener&#34;
    &gt;LiteLLM&lt;/a&gt;, &lt;a class=&#34;link&#34; href=&#34;https://github.com/caido/caido&#34;  target=&#34;_blank&#34; rel=&#34;noopener&#34;
    &gt;Caido&lt;/a&gt;, &lt;a class=&#34;link&#34; href=&#34;https://github.com/projectdiscovery/nuclei&#34;  target=&#34;_blank&#34; rel=&#34;noopener&#34;
    &gt;Nuclei&lt;/a&gt;, &lt;a class=&#34;link&#34; href=&#34;https://github.com/microsoft/playwright&#34;  target=&#34;_blank&#34; rel=&#34;noopener&#34;
    &gt;Playwright&lt;/a&gt;, and &lt;a class=&#34;link&#34; href=&#34;https://github.com/Textualize/textual&#34;  target=&#34;_blank&#34; rel=&#34;noopener&#34;
    &gt;Textual&lt;/a&gt;. Huge thanks to their maintainers!&lt;/p&gt;
&lt;blockquote&gt;
&lt;p&gt;[!WARNING]
Only test apps you own or have permission to test. You are responsible for using Strix ethically and legally.&lt;/p&gt;
&lt;/blockquote&gt;
&lt;/div&gt;
</description>
        </item>
        
    </channel>
</rss>
