Share
## https://sploitus.com/exploit?id=9F54131A-00B4-5351-A521-172F0A85FD53
# โก Strix-Advanced
**AI-Powered Security Testing Platform**
An enhanced fork of [Strix](https://github.com/usestrix/strix) with advanced capabilities inspired by:
- [Shannon](https://github.com/KeygraphHQ/shannon) โ White-box analysis & static-dynamic correlation
- [Hermes Agent](https://github.com/nousresearch/hermes-agent) โ Self-improving learning loop & memory
- [Everything Claude Code](https://github.com/affaan-m/everything-claude-code) โ Continuous learning & skill evolution
---
## ๐ Quick Start
```bash
# Clone
git clone https://github.com/Hafiz380/strix-advanced.git
cd strix-advanced
# Setup
python setup.py
# Run
python cli.py info
python cli.py scan https://target.com
```
---
## ๐ฆ Modules
### Step 2: Static Analysis Engine (`core/static_analyzer/`)
- **CPG Builder** โ tree-sitter based Code Property Graph (6 languages)
- **Data Flow Analyzer** โ Source โ Sink taint tracing
- **Sanitizer Analyzer** โ LLM-guided sanitizer effectiveness validation
- **20+ vulnerability types** with CWE/OWASP/CVSS mappings
### Step 3: Memory & Learning System (`core/memory/`)
- **Scan Memory** โ Per-scan SQLite storage
- **Global Memory** โ Cross-scan knowledge accumulation
- **Dedup Engine** โ Finding deduplication across scans
- **Skill Generator** โ Auto-generate skills from scan experience
### Step 4: Advanced Exploitation Engine (`core/exploitation/`)
- **Exploit Chain Builder** โ Multi-vulnerability chaining (10 known patterns + novel discovery)
- **Auth Automator** โ 2FA/TOTP/SSO/OAuth2/JWT handling
- **Race Condition Detector** โ Concurrent request engine for TOCTOU bugs
- **Logic Fuzzer** โ Business logic invariant testing
- **WAF Bypass** โ 15+ evasion techniques for SQLi, XSS, SSRF, Path Traversal
### Step 5: Specialized Agent System (`agents/`)
- **Recon Agent** โ Subdomain enum, DNS, tech fingerprinting, endpoint discovery
- **Exploit Agent** โ SQLi, XSS, SSRF, RCE, SSTI, Path Traversal exploitation
- **Analysis Agent** โ Static analysis integration
- **Report Agent** โ Professional security reports with executive summary
- **Coordinator Agent** โ Full scan orchestration pipeline
### Step 6: Unique Features (`core/recon/`)
- **API Discovery** โ Swagger/OpenAPI parsing, GraphQL introspection, brute-force, JS extraction
- **Supply Chain** โ npm/pip/go/cargo dependency scanning, typosquat detection
- **Infrastructure** โ DNS, SSL/TLS, security headers, CORS, cookies, cloud storage
- **Custom Rules** โ 15+ built-in rules, YAML/JSON rule loading, directory scanning
---
## ๐ง CLI Usage
```bash
# Full security scan
python cli.py scan https://target.com
# Code-only scan (white-box)
python cli.py scan https://target.com --code ./src --type code
# Quick scan
python cli.py scan https://target.com --type quick --depth quick
# Static analysis only
python cli.py analyze ./src
# Reconnaissance only
python cli.py recon https://target.com --depth deep
# Custom rules
python cli.py rules list
python cli.py rules scan ./code
python cli.py rules export --output rules.yaml
# System info
python cli.py info
```
---
## ๐ Vulnerability Coverage
| Vuln Type | CWE | OWASP |
|-----------|-----|-------|
| SQL Injection | CWE-89 | A03 |
| XSS | CWE-79 | A03 |
| RCE | CWE-78 | A03 |
| SSTI | CWE-1336 | A03 |
| SSRF | CWE-918 | A10 |
| Path Traversal | CWE-22 | A01 |
| IDOR | CWE-639 | A01 |
| CSRF | CWE-352 | A01 |
| XXE | CWE-611 | A05 |
| Deserialization | CWE-502 | A08 |
| Open Redirect | CWE-601 | - |
| NoSQL Injection | CWE-943 | A03 |
| Auth Bypass | CWE-287 | A07 |
| Race Condition | CWE-362 | A04 |
---
## ๐งช Testing
```bash
pytest tests/ -v
```
---
## ๐ Project Structure
```
strix-advanced/
โโโ cli.py # Command-line interface
โโโ setup.py # Setup & dependency installation
โโโ pyproject.toml # Project config
โโโ core/
โ โโโ static_analyzer/ # White-box analysis engine
โ โโโ memory/ # Learning & memory system
โ โโโ exploitation/ # Advanced exploitation engine
โ โโโ recon/ # API discovery, supply chain, infra, rules
โโโ agents/ # Specialized agent system
โโโ tests/ # Test suite
โโโ examples/ # Usage examples
โโโ .github/workflows/ # CI/CD
```
---
## ๐ Status
- [x] Step 1: Architecture Analysis & Gap Report
- [x] Step 2: Static Analysis Engine
- [x] Step 3: Memory & Learning System
- [x] Step 4: Advanced Exploitation Engine
- [x] Step 5: Specialized Agent System
- [x] Step 6: Unique Features
- [x] Step 7: Integration & Polish (CLI, CI/CD, Tests, Setup)
**๐ All steps complete!**
---
## ๐ License
Based on Strix (see original LICENSE). Enhancements are additive.
---
*Built with โก by Hafiz & Zaid*