Description

#strix #AI Security Testing #Automated Penetration Testing #Code Security #Vulnerability Detection #Open Source Tool #Docker #CICD Strix is an open-source AI security testing tool aimed at developers and independent project maintainers, focusing on automated penetration and vulnerability verification. It does not simply label code as "potentially risky"; instead, it runs applications in a Docker sandbox, combining HTTP interception proxies, browser automation, and Python PoC sandbox to perform real validation on issues such as XSS, privilege escalation, SSRF, JWT, deserialization, RCE, and business logic vulnerabilities, outputting reproducible steps, exploit examples, and CVSS scores to make security issues easier to identify and fix.

Software Features

- Automated Penetration Testing: Runs target applications in an isolated environment, automatically simulating attack processes and verifying whether vulnerabilities truly exist.
- Reproducible Vulnerability Reports: Not only alerts risks but also generates exploitable PoC, reproducible steps, and CVSS scores.
- Covers Common High-Risk Vulnerabilities: Supports detection of XSS, SSRF, SQL injection, JWT issues, deserialization RCE, privilege escalation, race conditions, payment tampering, and other security risks.
- Multi-Agent Collaboration: Multiple AI agents can perform testing, analysis, exploitation, and remediation tasks collaboratively, improving security testing efficiency.
- HTTP Interception and Modification: With capabilities similar to Caido, it can intercept, modify, and replay requests, suitable for uncovering complex business vulnerabilities.
- Automatic Patch Generation: After testing, it can generate patches and support PR submissions, helping developers complete vulnerability fixes faster.
- CI/CD Integration: Can be integrated into automated pipelines to conduct security checks before each commit or release.
- Open Source and Self-Deployable: Operates under the Apache 2.0 license, can run after configuring the LLM Key, suitable for personal projects and small teams.