English | ไธญๆ | ๐ v2 ่ฎพ่ฎกๅฒๅญฆ
โ ๏ธ Architecture Change: Strix v2 has been fundamentally redesigned.
- โ Removed: Agent loops, Docker/Sandbox, LLM-controlled flow, CLI/TUI
- โ Added: Server + Engine + Plugin architecture with human control
Strix v2 is an open-source, plugin-based security scanning system. Unlike v1's autonomous agent approach, v2 puts humans in control while leveraging security tools for comprehensive vulnerability detection.
# Clone repository
git clone https://github.com/your-org/strix.git
cd strix
# One-click launch (backend + web UI)
./start.sh
# Or run server directly
uvicorn strix.server.app:app --host 0.0.0.0 --port 8000
# Frontend (separate terminal)
cd desktop && pnpm devAccess:
- ๐ Web UI: http://localhost:5173
- ๐ก API: http://localhost:8000
- ๐ API Docs: http://localhost:8000/docs
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ Desktop UI (React + Tauri) โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ FastAPI Server (REST + WS) โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ Scan Engine โ
โ โโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโ โ
โ โ Event Bus โPhase Manager โ Result Collector โ โ
โ โโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโโโโโโโ โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ Plugin Registry โ
โ โโโโโโโโโโ โโโโโโโโโโ โโโโโโโโโโ โโโโโโโโโโ โโโโโโโโโโ โ
โ โ Nuclei โ โ HTTPX โ โ ffuf โ โ Katana โ โ SQLMap โ โ
โ โโโโโโโโโโ โโโโโโโโโโ โโโโโโโโโโ โโโโโโโโโโ โโโโโโโโโโ โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโค
โ SQLite Storage โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
| Component | Description |
|---|---|
| Server | FastAPI backend with REST API and WebSocket for real-time updates |
| Engine | ScanEngine orchestrates phases, EventBus distributes events |
| Plugins | Security tools (Nuclei, httpx, ffuf, katana, sqlmap) |
| Storage | SQLite database for scans, findings, and configurations |
| Desktop 8000 | Tauri + React frontend for visual scan management |
Strix v2 uses proven security tools as plugins:
| Plugin | Phase | Description |
|---|---|---|
| nuclei | Vulnerability Scan | Template-based vulnerability scanning (10,000+ templates) |
| httpx | Reconnaissance | HTTP probing, technology detection |
| ffuf | Enumeration | Directory brute-forcing, parameter fuzzing |
| katana | Reconnaissance | Web crawling, endpoint discovery |
| sqlmap | Exploitation | SQL injection detection and exploitation |
Strix v2 follows a deterministic, code-controlled workflow:
RECONNAISSANCE โ ENUMERATION โ VULNERABILITY_SCAN โ VALIDATION โ REPORTING
| Phase | Plugins | Output |
|---|---|---|
| Reconnaissance | httpx, katana | Discovered endpoints, technologies |
| Enumeration | ffuf | Hidden paths, parameters |
| Vulnerability Scan | nuclei, sqlmap | Detected vulnerabilities |
| Validation | nuclei | Verified findings |
| Reporting | - | JSON, Markdown, SARIF reports |
- Code controls flow - Phase transitions are deterministic, not LLM-decided
- Plugins execute - Security tools run natively, no Docker/sandbox
- Humans review - All results require human analysis
- Python 3.12+: Required for the backend
- Node.js 18+: Required for the desktop UI
- Security Tools: Required for scanning
# Go tools (requires Go 1.21+)
go install github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest
go install github.com/projectdiscovery/httpx/cmd/httpx@latest
go install github.com/ffuf/ffuf/v2@latest
go install github.com/projectdiscovery/katana/cmd/katana@latest
# Python tools
pipx install sqlmap
# Verify installation
nuclei -version
httpx -version
ffuf -version
katana -version
sqlmap --version# Clone repository
git clone https://github.com/your-org/strix.git
cd strix
# Backend
python3 -m venv .venv
source .venv/bin/activate
pip install -e .
# Frontend
cd desktop
pnpm installexport STRIX_LLM="openai/gpt-4o"
export LLM_API_KEY="sk-..."Note: LLM integration is optional in v2. The core scanning workflow is fully functional without LLM.
./start.shFeatures:
- ๐ Real-time scan progress with phase visualization
- ๐ Plugin management (install/enable/disable)
- ๐ Vulnerability dashboard with severity breakdown
- ๐ Export reports (JSON, Markdown, SARIF)
- ๐ Dark/Light theme support
# Create scan
curl -X POST http://localhost:8000/api/scans \
-H "Content-Type: application/json" \
-d '{"target": "https://example.com"}'
# Get scan status
curl http://localhost:8000/api/scans/{scan_id}
# List vulnerabilities
curl http://localhost:8000/api/results/{scan_id}/vulnerabilitiesConnect to ws://localhost:8000/ws/{client_id} for real-time updates:
// Subscribe to scan updates
ws.send(JSON.stringify({ action: "subscribe", scan_id: "abc123" }))
// Receive events
// - scan.started
// - phase.started / phase.completed
// - plugin.started / plugin.output / plugin.completed
// - vulnerability.found
// - scan.completed / scan.failed# plugins/my-scanner/manifest.yaml
name: my-scanner
version: "1.0.0"
display_name: "My Custom Scanner"
description: "Custom vulnerability scanner"
author: "Your Name"
phases:
- VULNERABILITY_SCAN
capabilities:
- WEB_SCANNING
executable:
binary: my-scanner
install_method: go
install_command: "go install github.com/example/my-scanner@latest"# plugins/my-scanner/plugin.py
from strix.plugins.base import BasePlugin, ScanPhase, PluginCapability
class MyScanner(BasePlugin):
name = "my-scanner"
version = "1.0.0"
phases = [ScanPhase.VULNERABILITY_SCAN]
capabilities = [PluginCapability.WEB_SCANNING]
async def execute(self, target, phase, parameters):
async for event in self.stream_command(
["my-scanner", "-target", target],
phase,
line_parser=self._parse_output,
):
yield eventThe following v1 features have been permanently removed:
| Removed Feature | Reason |
|---|---|
| Agent loops | LLM should advise, not control |
| Docker/Sandbox runtime | Tools run natively for transparency |
| CLI/TUI interface | Replaced by Web UI + API |
| LLM-controlled tool selection | Code determines workflow |
| MCP gateway | Agent-specific, not needed |
| Scope configuration files | Replaced by ScanConfig API |
| Multi-agent orchestration | Single deterministic engine |
| Autonomous scanning | Human-in-the-loop required |
See v2 ่ฎพ่ฎกๅฒๅญฆ for the architectural rationale.
strix/
โโโ desktop/ # Tauri + React frontend
โโโ plugins/ # Security tool plugins
โ โโโ nuclei/
โ โโโ httpx/
โ โโโ ffuf/
โ โโโ katana/
โ โโโ sqlmap/
โโโ strix/
โ โโโ server/ # FastAPI backend
โ โ โโโ app.py # Main application
โ โ โโโ routes/ # API endpoints
โ โโโ engine/ # Scan engine
โ โ โโโ scan_engine.py
โ โ โโโ phase_manager.py
โ โ โโโ event_bus.py
โ โ โโโ result_collector.py
โ โโโ plugins/ # Plugin infrastructure
โ โ โโโ base.py
โ โ โโโ registry.py
โ โ โโโ loader.py
โ โโโ storage/ # SQLite persistence
โ โ โโโ database.py
โ โ โโโ models.py
โ โโโ llm/ # LLM integration (optional)
โโโ docs/
โ โโโ strix-v2-philosophy.md
โโโ start.sh # One-click launcher
โโโ pyproject.toml
See CONTRIBUTING.md for guidelines.
Key principle: Any change must align with the v2 ่ฎพ่ฎกๅฒๅญฆ.
Apache 2.0 - See LICENSE
- ProjectDiscovery for Nuclei, httpx, katana
- ffuf for web fuzzing
- sqlmap for SQL injection testing