[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-2245":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":16,"subscribersCount":16,"size":16,"stars1d":17,"stars7d":14,"stars30d":18,"stars90d":16,"forks30d":16,"starsTrendScore":19,"compositeScore":20,"rankGlobal":10,"rankLanguage":10,"license":21,"archived":22,"fork":22,"defaultBranch":23,"hasWiki":24,"hasPages":22,"topics":25,"createdAt":10,"pushedAt":10,"updatedAt":32,"readmeContent":33,"aiSummary":34,"trendingCount":16,"starSnapshotCount":16,"syncStatus":35,"lastSyncTime":36,"discoverSource":37},2245,"strix","usestrix\u002Fstrix","usestrix","Open-source AI hackers to find and fix your app’s vulnerabilities.","https:\u002F\u002Fstrix.ai",null,"Python",25944,2916,128,62,0,21,724,96,45,"Apache License 2.0",false,"main",true,[26,27,28,29,30,31],"agents","artificial-intelligence","cybersecurity","generative-ai","llm","penetration-testing","2026-06-12 02:00:39","\u003Cp align=\"center\">\n  \u003Ca href=\"https:\u002F\u002Fstrix.ai\u002F\">\n    \u003Cimg src=\"https:\u002F\u002Fgithub.com\u002Fusestrix\u002F.github\u002Fraw\u002Fmain\u002Fimgs\u002Fcover.png\" alt=\"Strix Banner\" width=\"100%\">\n  \u003C\u002Fa>\n\u003C\u002Fp>\n\n\u003Cdiv align=\"center\">\n\n# Strix\n\n### Open-source AI hackers to find and fix your app’s vulnerabilities.\n\n\u003Cbr\u002F>\n\n\n\u003Ca href=\"https:\u002F\u002Fdocs.strix.ai\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FDocs-docs.strix.ai-2b9246?style=for-the-badge&logo=gitbook&logoColor=white\" alt=\"Docs\">\u003C\u002Fa>\n\u003Ca href=\"https:\u002F\u002Fstrix.ai\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FWebsite-strix.ai-f0f0f0?style=for-the-badge&logoColor=000000\" alt=\"Website\">\u003C\u002Fa>\n[![](https:\u002F\u002Fdcbadge.limes.pink\u002Fapi\u002Fserver\u002Fstrix-ai)](https:\u002F\u002Fdiscord.gg\u002Fstrix-ai)\n\n\u003Ca href=\"https:\u002F\u002Fdeepwiki.com\u002Fusestrix\u002Fstrix\">\u003Cimg src=\"https:\u002F\u002Fdeepwiki.com\u002Fbadge.svg\" alt=\"Ask DeepWiki\">\u003C\u002Fa>\n\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fusestrix\u002Fstrix\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Fusestrix\u002Fstrix?style=flat-square\" alt=\"GitHub Stars\">\u003C\u002Fa>\n\u003Ca href=\"LICENSE\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FLicense-Apache%202.0-3b82f6?style=flat-square\" alt=\"License\">\u003C\u002Fa>\n\u003Ca href=\"https:\u002F\u002Fpypi.org\u002Fproject\u002Fstrix-agent\u002F\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fpypi\u002Fv\u002Fstrix-agent?style=flat-square\" alt=\"PyPI Version\">\u003C\u002Fa>\n\n\n\u003Ca href=\"https:\u002F\u002Fdiscord.gg\u002Fstrix-ai\">\u003Cimg src=\"https:\u002F\u002Fgithub.com\u002Fusestrix\u002F.github\u002Fraw\u002Fmain\u002Fimgs\u002FDiscord.png\" height=\"40\" alt=\"Join Discord\">\u003C\u002Fa>\n\u003Ca href=\"https:\u002F\u002Fx.com\u002Fstrix_ai\">\u003Cimg src=\"https:\u002F\u002Fgithub.com\u002Fusestrix\u002F.github\u002Fraw\u002Fmain\u002Fimgs\u002FX.png\" height=\"40\" alt=\"Follow on X\">\u003C\u002Fa>\n\n\n\u003Ca href=\"https:\u002F\u002Ftrendshift.io\u002Frepositories\u002F15362\" target=\"_blank\">\u003Cimg src=\"https:\u002F\u002Ftrendshift.io\u002Fapi\u002Fbadge\u002Frepositories\u002F15362\" alt=\"usestrix\u002Fstrix | Trendshift\" width=\"250\" height=\"55\"\u002F>\u003C\u002Fa>\n\n\u003C\u002Fdiv>\n\n\n> [!TIP]\n> **New!** Strix integrates seamlessly with GitHub Actions and CI\u002FCD pipelines. Automatically scan for vulnerabilities on every pull request and block insecure code before it reaches production - [Get started with no setup required](https:\u002F\u002Fapp.strix.ai).\n\n---\n\n\n## Strix Overview\n\nStrix are autonomous AI agents that act just like real hackers - they run your code dynamically, find vulnerabilities, and validate them through actual proof-of-concepts. Built for developers and security teams who need fast, accurate security testing without the overhead of manual pentesting or the false positives of static analysis tools.\n\n**Key Capabilities:**\n\n- **Full hacker toolkit** out of the box\n- **Teams of agents** that collaborate and scale\n- **Real validation** with PoCs, not false positives\n- **Developer‑first** CLI with actionable reports\n- **Auto‑fix & reporting** to accelerate remediation\n\n\n\u003Cbr>\n\n\n\u003Cdiv align=\"center\">\n  \u003Ca href=\"https:\u002F\u002Fstrix.ai\">\n    \u003Cimg src=\".github\u002Fscreenshot.png\" alt=\"Strix Demo\" width=\"1000\" style=\"border-radius: 16px;\">\n  \u003C\u002Fa>\n\u003C\u002Fdiv>\n\n\n## Use Cases\n\n- **Application Security Testing** - Detect and validate critical vulnerabilities in your applications\n- **Rapid Penetration Testing** - Get penetration tests done in hours, not weeks, with compliance reports\n- **Bug Bounty Automation** - Automate bug bounty research and generate PoCs for faster reporting\n- **CI\u002FCD Integration** - Run tests in CI\u002FCD to block vulnerabilities before reaching production\n\n## 🚀 Quick Start\n\n**Prerequisites:**\n- Docker (running)\n- An LLM API key from any [supported provider](https:\u002F\u002Fdocs.strix.ai\u002Fllm-providers\u002Foverview) (OpenAI, Anthropic, Google, etc.)\n\n### Installation & First Scan\n\n```bash\n# Install Strix\ncurl -sSL https:\u002F\u002Fstrix.ai\u002Finstall | bash\n\n# Configure your AI provider\nexport STRIX_LLM=\"openai\u002Fgpt-5.4\"\nexport LLM_API_KEY=\"your-api-key\"\n\n# Run your first security assessment\nstrix --target .\u002Fapp-directory\n```\n\n> [!NOTE]\n> First run automatically pulls the sandbox Docker image. Results are saved to `strix_runs\u002F\u003Crun-name>`\n\n---\n\n## ☁️ Strix Platform\n\nTry the Strix full-stack security platform at **[app.strix.ai](https:\u002F\u002Fapp.strix.ai)** — sign up for free, connect your repos and domains, and launch a pentest in minutes.\n\n- **Validated findings with PoCs** and reproduction steps\n- **One-click autofix** as ready-to-merge pull requests\n- **Continuous monitoring** across code, cloud, and infrastructure\n- **Integrations** with GitHub, Slack, Jira, Linear, and CI\u002FCD pipelines\n- **Continuous learning** that builds on past findings and remediations\n\n[**Start your first pentest →**](https:\u002F\u002Fapp.strix.ai)\n\n---\n\n## ✨ Features\n\n### Agentic Security Tools\n\nStrix agents come equipped with a comprehensive security testing toolkit:\n\n- **Full HTTP Proxy** - Full request\u002Fresponse manipulation and analysis\n- **Browser Automation** - Multi-tab browser for testing of XSS, CSRF, auth flows\n- **Terminal Environments** - Interactive shells for command execution and testing\n- **Python Runtime** - Custom exploit development and validation\n- **Reconnaissance** - Automated OSINT and attack surface mapping\n- **Code Analysis** - Static and dynamic analysis capabilities\n- **Knowledge Management** - Structured findings and attack documentation\n\n### Comprehensive Vulnerability Detection\n\nStrix can identify and validate a wide range of security vulnerabilities:\n\n- **Access Control** - IDOR, privilege escalation, auth bypass\n- **Injection Attacks** - SQL, NoSQL, command injection\n- **Server-Side** - SSRF, XXE, deserialization flaws\n- **Client-Side** - XSS, prototype pollution, DOM vulnerabilities\n- **Business Logic** - Race conditions, workflow manipulation\n- **Authentication** - JWT vulnerabilities, session management\n- **Infrastructure** - Misconfigurations, exposed services\n\n### Graph of Agents\n\nAdvanced multi-agent orchestration for comprehensive security testing:\n\n- **Distributed Workflows** - Specialized agents for different attacks and assets\n- **Scalable Testing** - Parallel execution for fast comprehensive coverage\n- **Dynamic Coordination** - Agents collaborate and share discoveries\n\n---\n\n## Usage Examples\n\n### Basic Usage\n\n```bash\n# Scan a local codebase\nstrix --target .\u002Fapp-directory\n\n# Security review of a GitHub repository\nstrix --target https:\u002F\u002Fgithub.com\u002Forg\u002Frepo\n\n# Black-box web application assessment\nstrix --target https:\u002F\u002Fyour-app.com\n```\n\n### Advanced Testing Scenarios\n\n```bash\n# Grey-box authenticated testing\nstrix --target https:\u002F\u002Fyour-app.com --instruction \"Perform authenticated testing using credentials: user:pass\"\n\n# Multi-target testing (source code + deployed app)\nstrix -t https:\u002F\u002Fgithub.com\u002Forg\u002Fapp -t https:\u002F\u002Fyour-app.com\n\n# White-box source-aware scan (local repository)\nstrix --target .\u002Fapp-directory --scan-mode standard\n\n# Focused testing with custom instructions\nstrix --target api.your-app.com --instruction \"Focus on business logic flaws and IDOR vulnerabilities\"\n\n# Provide detailed instructions through file (e.g., rules of engagement, scope, exclusions)\nstrix --target api.your-app.com --instruction-file .\u002Finstruction.md\n\n# Force PR diff-scope against a specific base branch\nstrix -n --target .\u002F --scan-mode quick --scope-mode diff --diff-base origin\u002Fmain\n```\n\n### Headless Mode\n\nRun Strix programmatically without interactive UI using the `-n\u002F--non-interactive` flag—perfect for servers and automated jobs. The CLI prints real-time vulnerability findings, and the final report before exiting. Exits with non-zero code when vulnerabilities are found.\n\n```bash\nstrix -n --target https:\u002F\u002Fyour-app.com\n```\n\n### CI\u002FCD (GitHub Actions)\n\nStrix can be added to your pipeline to run a security test on pull requests with a lightweight GitHub Actions workflow:\n\n```yaml\nname: strix-penetration-test\n\non:\n  pull_request:\n\njobs:\n  security-scan:\n    runs-on: ubuntu-latest\n    steps:\n      - uses: actions\u002Fcheckout@v6\n        with:\n          fetch-depth: 0\n\n      - name: Install Strix\n        run: curl -sSL https:\u002F\u002Fstrix.ai\u002Finstall | bash\n\n      - name: Run Strix\n        env:\n          STRIX_LLM: ${{ secrets.STRIX_LLM }}\n          LLM_API_KEY: ${{ secrets.LLM_API_KEY }}\n\n        run: strix -n -t .\u002F --scan-mode quick\n```\n\n> [!TIP]\n> In CI pull request runs, Strix automatically scopes quick reviews to changed files.\n> If diff-scope cannot resolve, ensure checkout uses full history (`fetch-depth: 0`) or pass\n> `--diff-base` explicitly.\n\n### Configuration\n\n```bash\nexport STRIX_LLM=\"openai\u002Fgpt-5.4\"\nexport LLM_API_KEY=\"your-api-key\"\n\n# Optional\nexport LLM_API_BASE=\"your-api-base-url\"  # if using a local model, e.g. Ollama, LMStudio\nexport PERPLEXITY_API_KEY=\"your-api-key\"  # for search capabilities\nexport STRIX_REASONING_EFFORT=\"high\"  # control thinking effort (default: high, quick scan: medium)\n```\n\n> [!NOTE]\n> Strix automatically saves your configuration to `~\u002F.strix\u002Fcli-config.json`, so you don't have to re-enter it on every run.\n\n**Recommended models for best results:**\n\n- [OpenAI GPT-5.4](https:\u002F\u002Fopenai.com\u002Fapi\u002F) — `openai\u002Fgpt-5.4`\n- [Anthropic Claude Sonnet 4.6](https:\u002F\u002Fclaude.com\u002Fplatform\u002Fapi) — `anthropic\u002Fclaude-sonnet-4-6`\n- [Google Gemini 3 Pro Preview](https:\u002F\u002Fcloud.google.com\u002Fvertex-ai) — `vertex_ai\u002Fgemini-3-pro-preview`\n\nSee the [LLM Providers documentation](https:\u002F\u002Fdocs.strix.ai\u002Fllm-providers\u002Foverview) for all supported providers including Vertex AI, Bedrock, Azure, and local models.\n\n## Enterprise\n\nGet the same Strix experience with [enterprise-grade](https:\u002F\u002Fstrix.ai\u002Fdemo) controls: SSO (SAML\u002FOIDC), custom compliance reports, dedicated support & SLA, custom deployment options (VPC\u002Fself-hosted), BYOK model support, and tailored agents optimized for your environment. [Learn more](https:\u002F\u002Fstrix.ai\u002Fdemo).\n\n## Documentation\n\nFull documentation is available at **[docs.strix.ai](https:\u002F\u002Fdocs.strix.ai)** — including detailed guides for usage, CI\u002FCD integrations, skills, and advanced configuration.\n\n## Contributing\n\nWe welcome contributions of code, docs, and new skills - check out our [Contributing Guide](https:\u002F\u002Fdocs.strix.ai\u002Fcontributing) to get started or open a [pull request](https:\u002F\u002Fgithub.com\u002Fusestrix\u002Fstrix\u002Fpulls)\u002F[issue](https:\u002F\u002Fgithub.com\u002Fusestrix\u002Fstrix\u002Fissues).\n\n## Join Our Community\n\nHave questions? Found a bug? Want to contribute? **[Join our Discord!](https:\u002F\u002Fdiscord.gg\u002Fstrix-ai)**\n\n## Support the Project\n\n**Love Strix?** Give us a ⭐ on GitHub!\n\n## Acknowledgements\n\nStrix builds on the incredible work of open-source projects like [LiteLLM](https:\u002F\u002Fgithub.com\u002FBerriAI\u002Flitellm), [Caido](https:\u002F\u002Fgithub.com\u002Fcaido\u002Fcaido), [Nuclei](https:\u002F\u002Fgithub.com\u002Fprojectdiscovery\u002Fnuclei), [Playwright](https:\u002F\u002Fgithub.com\u002Fmicrosoft\u002Fplaywright), and [Textual](https:\u002F\u002Fgithub.com\u002FTextualize\u002Ftextual). Huge thanks to their maintainers!\n\n\n> [!WARNING]\n> Only test apps you own or have permission to test. You are responsible for using Strix ethically and legally.\n\n\u003C\u002Fdiv>\n","Strix 是一个开源的 AI 黑客工具，用于发现和修复应用程序中的漏洞。它利用人工智能技术动态运行代码、识别漏洞并通过实际的概念验证（PoC）来验证这些漏洞，从而提供比传统静态分析工具更准确的结果。其核心功能包括完整的黑客工具包、协作式多代理系统、真实有效的验证机制以及面向开发者的命令行界面，支持自动生成修复建议和报告。此外，Strix 能够无缝集成到 GitHub Actions 和 CI\u002FCD 流水线中，实现每次拉取请求时自动扫描并阻止不安全代码进入生产环境。适用于需要快速且精准的安全测试的应用场景，如应用安全测试、快速渗透测试等。",2,"2026-06-11 02:49:05","top_language"]