Skip to main content
This page provides detailed information about every command-line option available in Strix.

Target Options

—target, -t

Required. Specifies the target to test. You can provide this option multiple times to scan multiple targets simultaneously.
--target
string
required
The target to test. Strix automatically detects the target type:Web Applications
strix --target https://example.com
strix --target http://localhost:3000
GitHub Repositories
strix --target https://github.com/user/repo
strix --target [email protected]:user/repo.git
Local Code
strix --target ./my-project
strix --target /absolute/path/to/code
Domain Names
strix --target example.com
IP Addresses
strix --target 192.168.1.42
strix --target 10.0.0.1
Multiple Targets (White-box testing)
strix --target ./source-code --target https://staging.example.com --target https://prod.example.com

Instruction Options

—instruction

Provide inline custom instructions to guide the penetration test.
--instruction
string
Custom instructions as a string. Use this to:
  • Focus on specific vulnerabilities 
    strix --target example.com --instruction "Focus on authentication vulnerabilities"
  • Provide test credentials 
    strix --target example.com --instruction "Use credentials: admin:password123 to test the admin panel"
  • Specify testing approach 
    strix --target example.com --instruction "Perform thorough API security testing"
  • Highlight specific endpoints 
    strix --target example.com --instruction "Check /api/users endpoint for IDOR vulnerabilities"
Cannot be used together with --instruction-file.

—instruction-file

Provide custom instructions from a file for lengthy or complex requirements.
--instruction-file
string
Path to a text or markdown file containing instructions.
strix --target example.com --instruction-file ./instructions.txt
strix --target https://app.com --instruction-file /path/to/detailed_instructions.md
Example instruction file:
# Security Testing Instructions

## Focus Areas
- Authentication and session management
- API authorization controls
- Input validation on user forms

## Test Credentials
- Regular user: [email protected] / password123
- Admin user: [email protected] / admin456

## Known Issues to Verify
- Check if password reset tokens expire
- Verify CORS configuration on API endpoints
The file must not be empty. Cannot be used together with --instruction.

Mode Options

—non-interactive, -n

Run in non-interactive mode without the TUI.
--non-interactive
boolean
default:"false"
When enabled, Strix runs in headless mode:
  • No text-based UI (TUI) is displayed
  • Output is printed directly to stdout
  • Process exits automatically when scan completes
  • Suitable for CI/CD pipelines and automation
  • Exit code 2 is returned if vulnerabilities are found
strix --target example.com --non-interactive
See Non-Interactive Mode for details.

—scan-mode, -m

Control the depth and thoroughness of the scan.
--scan-mode
string
default:"deep"
Choose from three scan modes:quick - Fast CI/CD checks
  • Fastest execution time
  • Basic vulnerability coverage
  • Ideal for commit checks and pull requests
strix --target example.com --scan-mode quick
standard - Routine testing
  • Balanced speed and coverage
  • Good for regular security reviews
strix --target example.com --scan-mode standard
deep - Thorough security reviews (default)
  • Most comprehensive testing
  • Maximum vulnerability coverage
  • Best for pre-release security audits
strix --target example.com --scan-mode deep
See Scan Modes for detailed comparison.

Configuration Options

—config

Use a custom configuration file instead of the default.
--config
string
Path to a JSON configuration file.By default, Strix uses ~/.strix/cli-config.json. This option allows you to maintain multiple configuration profiles.
strix --target example.com --config ./custom-config.json
Example configuration file:
{
  "strix_llm": "openai/gpt-4",
  "llm_api_base": "https://api.openai.com/v1",
  "llm_timeout": 300,
  "strix_reasoning_effort": "high"
}
The file must exist and contain valid JSON.

Version Option

—version, -v

Display version information and exit.
--version
boolean
Prints the installed Strix version.
strix --version
# Output: strix 1.0.0

Option Combinations

White-Box Testing

Combine local source code with deployed application targets: 
strix --target ./my-app --target https://staging.example.com --target https://prod.example.com

Focused CI/CD Testing

Quick scan with specific instructions: 
strix --target https://example.com \
  --scan-mode quick \
  --instruction "Focus on authentication" \
  --non-interactive

Comprehensive Pre-Release Audit

Deep scan with detailed instructions: 
strix --target ./source-code \
  --target https://staging.example.com \
  --scan-mode deep \
  --instruction-file ./security-requirements.md

See Also

Build docs developers (and LLMs) love

Get started for freeTalk to us