Skip to main content
Agents are the core of CyberStrike. Each agent is a domain specialist that arrives pre-loaded with testing methodology, tool knowledge, and vulnerability patterns for its area. You don’t configure them — you select one and describe your target.

Switching agents

Press Tab in the terminal UI to cycle through available agents. The current agent name is shown in the status bar.

Primary agent

cyberstrike

The default agent. Full tool access — bash, browser, file operations, web search, and vulnerability reporting. Orchestrates specialized sub-agents for domain work. Follows a structured Thought → Action → Observation cycle for every step. Use this when you want CyberStrike to direct the engagement end-to-end.

Specialist agents

These agents are sub-agents that the primary cyberstrike agent can delegate to, and can also be activated directly from the TUI or CLI.

web-application

OWASP Top 10, WSTG methodology, API security testing. Covers 120+ individual test cases across 12 WSTG categories.

mobile-application

Android and iOS security testing. OWASP MASTG/MASVS compliance. Static analysis, dynamic instrumentation with Frida and Objection, certificate pinning bypass.

cloud-security

AWS, Azure, and GCP security assessment. IAM misconfiguration review, CIS benchmark checks, exposed resource discovery, and Kubernetes security.

internal-network

Active Directory attacks, Kerberos exploitation, lateral movement, and pivoting. Uses BloodHound, Impacket, NetExec, and Responder.

Proxy tester agents

Eight specialized agents that intercept HTTP traffic from your browser and run targeted vulnerability tests on each intercepted request. The proxy-agent orchestrates them automatically.

proxy-agent + 8 testers

Intercept → analyze → select testers → execute → report. Covers IDOR, authorization bypass, mass assignment, injection, authentication, business logic, SSRF, and file attacks.
AgentVulnerability class
proxy-agentOrchestrator — routes each request to appropriate testers
proxy-tester-idorInsecure Direct Object References
proxy-tester-authzAuthorization bypass and broken access control
proxy-tester-mass-assignmentParameter injection and privilege escalation via extra fields
proxy-tester-injectionSQL, NoSQL, XSS, SSTI, XXE, command, and LDAP injection
proxy-tester-authnAuthentication bypass, JWT flaws, session attacks
proxy-tester-business-logicPrice manipulation, workflow bypass, rate limit abuse
proxy-tester-ssrfServer-Side Request Forgery including cloud metadata
proxy-tester-file-attacksFile upload validation, path traversal, file inclusion

Internal agents

These agents run as infrastructure for the platform and are not visible in the agent switcher.
AgentPurpose
exploreFast codebase search and analysis sub-agent
generalGeneral-purpose parallel task execution
proxy-analyzerExtracts architecture context from intercepted requests
compactionContext window management
summarySession summarization
titleSession title generation
normalize-requestRequest normalization

Creating custom agents

You can define your own agents in ~/.config/cyberstrike/config.json. Custom agents can have their own system prompt, model, temperature, tool permissions, and skills. 
{
  "agent": {
    "my-agent": {
      "prompt": "You are a specialist in GraphQL security testing...",
      "description": "GraphQL security specialist",
      "model": "anthropic/claude-sonnet-4-5"
    }
  }
}
See Custom agents for the full configuration reference, including how to restrict tool permissions, load skills, and set a custom model per agent.

Build docs developers (and LLMs) love

Get started for freeTalk to us