Share
## https://sploitus.com/exploit?id=476F5B7F-4D61-5F52-84BB-5FC86A15ACB7
# β‘ ShadowStrike
### AI-Powered Advanced Security Testing Platform
> **ShadowStrike** is an advanced AI-powered security testing platform built on top of [Strix](https://github.com/Hafiz380/shadowstrike). It combines autonomous AI hacking agents with static analysis, memory systems, exploit chaining, and professional reporting β all in one tool.
---
## π Quick Start
```bash
# Clone
git clone https://github.com/Hafiz380/shadowstrike.git
cd shadowstrike
# Install with advanced features
pip install -e ".[advanced]"
# Verify installation
strix-advanced info
```
## β‘ What's Inside
ShadowStrike includes **everything from Strix** plus these advanced capabilities:
- **Auto-fix & reporting** to accelerate remediation
## Use Cases
- **Application Security Testing** - Detect and validate critical vulnerabilities in your applications
- **Rapid Penetration Testing** - Get penetration tests done in hours, not weeks, with compliance reports
- **Bug Bounty Automation** - Automate bug bounty research and generate PoCs for faster reporting
- **CI/CD Integration** - Run tests in CI/CD to block vulnerabilities before reaching production
## π Quick Start
**Prerequisites:**
- Docker (running)
- An LLM API key from any [supported provider](https://docs.shadowstrike.dev/llm-providers/overview) (OpenAI, Anthropic, Google, etc.)
### Installation & First Scan
```bash
# Install Strix
curl -sSL https://shadowstrike.dev/install | bash
# Configure your AI provider
export STRIX_LLM="openai/gpt-5.4"
export LLM_API_KEY="your-api-key"
# Run your first security assessment
strix --target ./app-directory
```
> [!NOTE]
> First run automatically pulls the sandbox Docker image. Results are saved to `strix_runs/`
---
## βοΈ Strix Platform
Try the Strix full-stack security platform at **[app.shadowstrike.dev](https://app.shadowstrike.dev)** - sign up for free, connect your repos and domains, and launch a pentest in minutes.
- **Validated findings with PoCs** and reproduction steps
- **One-click autofix** as ready-to-merge pull requests
- **Continuous monitoring** across code, cloud, and infrastructure
- **Integrations** with GitHub, Slack, Jira, Linear, and CI/CD pipelines
- **Continuous learning** that builds on past findings and remediations
[**Start your first pentest β**](https://app.shadowstrike.dev)
---
## β¨ Features
### Agentic Security Tools
Strix agents come equipped with a comprehensive security testing toolkit:
- **Full HTTP Proxy** - Full request/response manipulation and analysis
- **Browser Automation** - Multi-tab browser for testing of XSS, CSRF, auth flows
- **Terminal Environments** - Interactive shells for command execution and testing
- **Python Runtime** - Custom exploit development and validation
- **Reconnaissance** - Automated OSINT and attack surface mapping
- **Code Analysis** - Static and dynamic analysis capabilities
- **Knowledge Management** - Structured findings and attack documentation
### Comprehensive Vulnerability Detection
Strix can identify and validate a wide range of security vulnerabilities:
- **Access Control** - IDOR, privilege escalation, auth bypass
- **Injection Attacks** - SQL, NoSQL, command injection
- **Server-Side** - SSRF, XXE, deserialization flaws
- **Client-Side** - XSS, prototype pollution, DOM vulnerabilities
- **Business Logic** - Race conditions, workflow manipulation
- **Authentication** - JWT vulnerabilities, session management
- **Infrastructure** - Misconfigurations, exposed services
### Graph of Agents
Advanced multi-agent orchestration for comprehensive security testing:
- **Distributed Workflows** - Specialized agents for different attacks and assets
- **Scalable Testing** - Parallel execution for fast comprehensive coverage
- **Dynamic Coordination** - Agents collaborate and share discoveries
---
## Usage Examples
### Basic Usage
```bash
# Scan a local codebase
strix --target ./app-directory
# Security review of a GitHub repository
strix --target https://github.com/org/repo
# Black-box web application assessment
strix --target https://your-app.com
```
### Advanced Testing Scenarios
```bash
# Grey-box authenticated testing
strix --target https://your-app.com --instruction "Perform authenticated testing using credentials: user:pass"
# Multi-target testing (source code + deployed app)
strix -t https://github.com/org/app -t https://your-app.com
# White-box source-aware scan (local repository)
strix --target ./app-directory --scan-mode standard
# Focused testing with custom instructions
strix --target api.your-app.com --instruction "Focus on business logic flaws and IDOR vulnerabilities"
# Provide detailed instructions through file (e.g., rules of engagement, scope, exclusions)
strix --target api.your-app.com --instruction-file ./instruction.md
# Force PR diff-scope against a specific base branch
strix -n --target ./ --scan-mode quick --scope-mode diff --diff-base origin/main
```
### Headless Mode
Run Strix programmatically without interactive UI using the `-n/--non-interactive` flag-perfect for servers and automated jobs. The CLI prints real-time vulnerability findings, and the final report before exiting. Exits with non-zero code when vulnerabilities are found.
```bash
strix -n --target https://your-app.com
```
### CI/CD (GitHub Actions)
Strix can be added to your pipeline to run a security test on pull requests with a lightweight GitHub Actions workflow:
```yaml
name: strix-penetration-test
on:
pull_request:
jobs:
security-scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
with:
fetch-depth: 0
- name: Install Strix
run: curl -sSL https://shadowstrike.dev/install | bash
- name: Run Strix
env:
STRIX_LLM: ${{ secrets.STRIX_LLM }}
LLM_API_KEY: ${{ secrets.LLM_API_KEY }}
run: strix -n -t ./ --scan-mode quick
```
> [!TIP]
> In CI pull request runs, Strix automatically scopes quick reviews to changed files.
> If diff-scope cannot resolve, ensure checkout uses full history (`fetch-depth: 0`) or pass
> `--diff-base` explicitly.
### Configuration
```bash
export STRIX_LLM="openai/gpt-5.4"
export LLM_API_KEY="your-api-key"
# Optional
export LLM_API_BASE="your-api-base-url" # if using a local model, e.g. Ollama, LMStudio
export PERPLEXITY_API_KEY="your-api-key" # for search capabilities
export STRIX_REASONING_EFFORT="high" # control thinking effort (default: high, quick scan: medium)
```
> [!NOTE]
> Strix automatically saves your configuration to `~/.strix/cli-config.json`, so you don't have to re-enter it on every run.
**Recommended models for best results:**
- [OpenAI GPT-5.4](https://openai.com/api/) - `openai/gpt-5.4`
- [Anthropic Claude Sonnet 4.6](https://claude.com/platform/api) - `anthropic/claude-sonnet-4-6`
- [Google Gemini 3 Pro Preview](https://cloud.google.com/vertex-ai) - `vertex_ai/gemini-3-pro-preview`
See the [LLM Providers documentation](https://docs.shadowstrike.dev/llm-providers/overview) for all supported providers including Vertex AI, Bedrock, Azure, and local models.
## Enterprise
Get the same Strix experience with [enterprise-grade](https://shadowstrike.dev/demo) controls: SSO (SAML/OIDC), custom compliance reports, dedicated support & SLA, custom deployment options (VPC/self-hosted), BYOK model support, and tailored agents optimized for your environment. [Learn more](https://shadowstrike.dev/demo).
## π¦ Features
ShadowStrike combines capabilities from [Strix](https://github.com/usestrix/strix), [strix-advanced](https://github.com/Hafiz380/strix-advanced), and concepts from [Shannon](https://github.com/KeygraphHQ/shannon):
### π¬ Static Analysis Engine
- **CPG Builder** β tree-sitter based Code Property Graph (6 languages: Python, JS, TS, Go, Java, PHP)
- **Data Flow Analyzer** β Source β Sink taint tracing
- **Sanitizer Analyzer** β LLM-guided sanitizer effectiveness validation
- **20+ vulnerability types** with CWE/OWASP/CVSS mappings
### π§ Memory & Learning System
- **Scan Memory** β Per-scan SQLite storage
- **Global Memory** β Cross-scan knowledge accumulation
- **Dedup Engine** β Finding deduplication across scans
- **Skill Generator** β Auto-generate skills from scan experience
### π₯ Advanced Exploitation
- **Exploit Chain Builder** β Multi-vulnerability chaining (10 known patterns + novel discovery)
- **Auth Automator** β 2FA/TOTP/SSO/OAuth2/JWT handling
- **Race Condition Detector** β Concurrent request engine for TOCTOU bugs
- **Logic Fuzzer** β Business logic invariant testing
- **WAF Bypass** β 15+ evasion techniques for SQLi, XSS, SSRF, Path Traversal
### π€ Specialized Agents
- **Recon Agent** β Subdomain enum, DNS, tech fingerprinting, endpoint discovery
- **Exploit Agent** β SQLi, XSS, SSRF, RCE, SSTI, Path Traversal exploitation
- **Analysis Agent** β Static analysis integration
- **Report Agent** β Professional security reports with executive summary
- **Coordinator Agent** β Full scan orchestration pipeline
### π Parallel Pipeline (from Shannon)
- **5 Vuln Classes in Parallel** β Injection, XSS, Auth, Authorization, SSRF run concurrently
- **VulnβExploit Pairs** β Each class has sequential analysisβexploitation
- **Static-Dynamic Correlation** β Static findings fed to dynamic exploitation agents
- **Workspace System** β Checkpoint/resume interrupted scans (SQLite-backed)
- **Deliverable System** β Structured intermediate reports per pipeline phase
### π Additional Features
- **API Discovery** β Swagger/OpenAPI parsing, GraphQL introspection, brute-force, JS extraction
- **Supply Chain** β npm/pip/go/cargo dependency scanning, typosquat detection
- **Infrastructure** β DNS, SSL/TLS, security headers, CORS, cookies, cloud storage
- **Custom Rules** β 15+ built-in rules, YAML/JSON rule loading, directory scanning
### Usage (Advanced Commands)
```bash
# Install with advanced dependencies
pip install shadowstrike[advanced]
# Full security scan
strix-advanced scan https://target.com
# Code-only scan (white-box)
strix-advanced scan https://target.com --code ./src --type code
# Quick scan
strix-advanced scan https://target.com --type quick --depth quick
# Static analysis only
strix-advanced analyze ./src
# Reconnaissance only
strix-advanced recon https://target.com --depth deep
# Custom rules
strix-advanced rules list
strix-advanced rules scan ./code
strix-advanced rules export --output rules.yaml
# System info
strix-advanced info
# Parallel vulnerability pipeline (Shannon-inspired)
strix-advanced pipeline https://target.com
strix-advanced pipeline https://target.com --classes injection xss ssrf
strix-advanced pipeline https://target.com --code ./src --workspace my-audit
strix-advanced pipeline https://target.com --no-exploit
# Workspace management
strix-advanced workspace list
strix-advanced workspace resume my-audit
strix-advanced workspace delete my-audit
```
### Vulnerability Types (Advanced)
| Vuln Type | CWE | OWASP |
|---|---|---|
| SQL Injection | CWE-89 | A03 |
| XSS | CWE-79 | A03 |
| RCE | CWE-78 | A03 |
| SSTI | CWE-1336 | A03 |
| SSRF | CWE-918 | A10 |
| Path Traversal | CWE-22 | A01 |
| IDOR | CWE-639 | A01 |
| CSRF | CWE-352 | A01 |
| XXE | CWE-611 | A05 |
| Deserialization | CWE-502 | A08 |
| Open Redirect | CWE-601 | - |
| NoSQL Injection | CWE-943 | A03 |
| Auth Bypass | CWE-287 | A07 |
| Race Condition | CWE-362 | A04 |
## Documentation
Full documentation is available at **[docs.shadowstrike.dev](https://docs.shadowstrike.dev)** - including detailed guides for usage, CI/CD integrations, skills, and advanced configuration.
## Contributing
We welcome contributions of code, docs, and new skills - check out our [Contributing Guide](https://docs.shadowstrike.dev/contributing) to get started or open a [pull request](https://github.com/Hafiz380/shadowstrike/pulls)/[issue](https://github.com/Hafiz380/shadowstrike/issues).
## Join Our Community
Have questions? Found a bug? Want to contribute? **[Join our Discord!](https://discord.gg/shadowstrike.dev)**
## Support the Project
**Love Strix?** Give us a β on GitHub!
## Acknowledgements
Strix builds on the incredible work of open-source projects like [LiteLLM](https://github.com/BerriAI/litellm), [Caido](https://github.com/caido/caido), [Nuclei](https://github.com/projectdiscovery/nuclei), [Playwright](https://github.com/microsoft/playwright), and [Textual](https://github.com/Textualize/textual). Huge thanks to their maintainers!
> [!WARNING]
> Only test apps you own or have permission to test. You are responsible for using Strix ethically and legally.