Overview
You specify the scan mode using the--scan-mode or -m flag:
quick- Fast CI/CD checks (5-15 minutes)standard- Routine testing (30-60 minutes)deep- Thorough security reviews (2-4 hours)
The default scan mode is
deep, which provides the most comprehensive security assessment.Quick Mode
Best for: CI/CD pipelines, rapid feedback, pre-commit checksCharacteristics
- Duration: 5-15 minutes
- Coverage: Critical and high-severity vulnerabilities
- Depth: Surface-level analysis with automated validation
- Agent behavior: Focused on common attack patterns
- Reasoning effort: Medium (optimized for speed)
What Quick Mode Tests
Authentication & Access Control
Authentication & Access Control
- Authentication bypass attempts
- Basic privilege escalation checks
- Common IDOR patterns
Injection Vulnerabilities
Injection Vulnerabilities
- SQL injection (common payloads)
- Command injection
- Basic XSS detection
Security Misconfigurations
Security Misconfigurations
- Exposed sensitive endpoints
- Common security header issues
- Default credentials
Known Vulnerabilities
Known Vulnerabilities
- Dependency scanning
- Known CVEs in libraries
- Outdated component detection
Example: Quick CI/CD Check
Standard Mode
Best for: Regular development testing, staged environment validation, weekly security checksCharacteristics
- Duration: 30-60 minutes
- Coverage: All common vulnerability classes
- Depth: Moderate analysis with thorough validation
- Agent behavior: Explores multiple attack vectors
- Reasoning effort: High (balanced approach)
What Standard Mode Tests
Everything in Quick Mode, plus:Business Logic Flaws
Business Logic Flaws
- Race conditions
- Workflow manipulation
- Payment and transaction logic
- State management issues
Advanced Injection
Advanced Injection
- NoSQL injection
- XML injection and XXE
- Template injection
- LDAP injection
Session Management
Session Management
- JWT vulnerabilities
- Session fixation
- Cookie security
- Token manipulation
Client-Side Security
Client-Side Security
- DOM-based XSS
- Prototype pollution
- CSRF vulnerabilities
- Clickjacking
Example: Staging Environment Test
Deep Mode
Best for: Pre-production security reviews, compliance requirements, comprehensive assessmentsCharacteristics
- Duration: 2-4 hours
- Coverage: Comprehensive vulnerability detection
- Depth: Exhaustive analysis with multi-stage validation
- Agent behavior: Multi-agent collaboration, creative exploitation
- Reasoning effort: High (maximum thoroughness)
What Deep Mode Tests
Everything in Standard Mode, plus:Advanced Server-Side Attacks
Advanced Server-Side Attacks
- Server-Side Request Forgery (SSRF)
- Deserialization vulnerabilities
- File inclusion (LFI/RFI)
- Path traversal
Complex Business Logic
Complex Business Logic
- Multi-step workflow vulnerabilities
- Advanced race conditions
- Complex state manipulation
- Financial transaction security
Infrastructure Security
Infrastructure Security
- Container escape attempts
- Cloud misconfigurations
- Network segmentation issues
- Service exposure analysis
Chain Exploits
Chain Exploits
- Multi-vulnerability chains
- Privilege escalation paths
- Cross-service attack vectors
- Defense bypass techniques
Example: Comprehensive Security Review
Deep mode uses the highest reasoning effort and most thorough agent collaboration. This is the recommended mode for security reviews before production deployments.
Choosing the Right Mode
Identify your use case
Consider your time constraints and security requirements:
- Need results in minutes? Use quick mode
- Regular development testing? Use standard mode
- Pre-production security review? Use deep mode
Consider your environment
Match the mode to your testing environment:
- CI/CD pipeline: Quick mode
- Staging environment: Standard mode
- Production-like environment: Deep mode
Scan Mode Comparison
| Feature | Quick | Standard | Deep |
|---|---|---|---|
| Duration | 5-15 min | 30-60 min | 2-4 hours |
| Coverage | Critical only | Common classes | Comprehensive |
| Agent depth | Surface-level | Moderate | Exhaustive |
| Best for | CI/CD | Development | Pre-production |
| Reasoning | Medium | High | High |
| Chain exploits | No | Limited | Yes |
CI/CD Integration Example
Use quick mode in your GitHub Actions workflow:Performance Tuning
You can further optimize scan performance with environment variables:none- Minimal reasoning (fastest)minimal- Basic reasoninglow- Light reasoningmedium- Moderate reasoning (recommended for quick scans)high- Thorough reasoning (default)xhigh- Maximum reasoning (experimental)
Next Steps
Custom Instructions
Guide Strix to focus on specific areas regardless of scan mode
Advanced Testing
Learn about authenticated testing and complex scenarios