AI-powered penetration testing using the Claude CLI tool. This is a companion to Strix that lets you run security assessments using the Claude CLI instead of direct API calls.
Strix Claude Code provides:
- TUI Dashboard: Terminal UI for managing multiple scans
- A Docker sandbox with Kali Linux and comprehensive security tools
- MCP (Model Context Protocol) server exposing pen testing tools to Claude
- System prompts optimized for security assessment
- Interactive sessions with Claude for guided penetration testing
- Docker: Install and run Docker Desktop
- Claude CLI: Install and authenticate
npm install -g @anthropic-ai/claude-cli claude login
- Python 3.11+: Required for the wrapper
- screen: Required for TUI (usually pre-installed on Linux/macOS)
# Ubuntu/Debian sudo apt install screen # macOS brew install screen
cd strix-claude-code
pip install -e .The easiest way to use Strix Claude Code is through the TUI (Terminal User Interface):
strix-claude-tuiThis launches an interactive dashboard where you can:
- Start new scans with a guided wizard
- View all running and completed scans
- Attach to running scans to watch Claude work
- View scan logs and details
- Stop or delete scans
| Key | Action |
|---|---|
n |
New scan - launch the scan wizard |
a <num> |
Attach to a running scan (e.g., a 1) |
v <num> |
View scan details and logs |
s <num> |
Stop a running scan |
d <num> |
Delete a scan |
r |
Refresh the scan list |
q |
Quit the TUI |
When attached to a scan, press Ctrl+A then D to detach and return to the TUI.
For direct command-line usage without the TUI:
# Full penetration test on a target
strix-claude-cli -t https://example.com
# Quick scan for CI/CD
strix-claude-cli -t https://example.com -m quick
# Standard scan with custom instructions
strix-claude-cli -t https://example.com -m standard --instruction "Focus on authentication bypass"-t, --target Target URL, domain, IP, or local path (required, can specify multiple)
-m, --scan-mode Scan mode: quick, standard, deep (default: deep)
-o, --output Output file for vulnerability report (default: ~/strix_report_<timestamp>.md)
--instruction Custom instructions for the scan
--instruction-file File containing custom instructions
--image Custom Docker sandbox image
--keep-container Keep container running after scan
-v, --verbose Verbose output
You can scan multiple targets (URLs, domains, local code) in a single session:
# Scan a web app and its source code (whitebox + blackbox)
strix-claude-cli -t https://myapp.com -t ./myapp-source
# Scan multiple endpoints
strix-claude-cli -t https://api.example.com -t https://admin.example.com
# Clone and scan a GitHub repo
strix-claude-cli -t https://github.com/user/repo -m deep- quick: Fast assessment for CI/CD. Basic scans, critical vulns only.
- standard: Balanced coverage. Automated + targeted manual testing.
- deep: Exhaustive assessment. Full reconnaissance, comprehensive testing, vulnerability chaining.
- Sandbox Setup: Starts a Docker container with Kali Linux and security tools
- MCP Server: Exposes penetration testing tools via Model Context Protocol
- Claude CLI: Runs Claude with the MCP tools and pen testing system prompt
- Interactive Session: You interact with Claude, which uses the tools autonomously
Claude has access to these tools in the sandbox:
terminal_execute: Run shell commands (nmap, nuclei, sqlmap, ffuf, etc.)
python_execute: Run custom Python scripts for exploits and automation
browser_action: Control Playwright browser for web testing
list_requests: View captured HTTP trafficview_request: Inspect request/response detailssend_request: Send custom HTTP requestsrepeat_request: Modify and replay requests
file_edit: Read/write files in /workspace
create_vulnerability_report: Document confirmed vulnerabilities
The Docker sandbox includes:
Reconnaissance & Scanning:
- nmap, subfinder, httpx, gospider, katana
Vulnerability Scanning:
- nuclei, sqlmap, zaproxy, wapiti, trivy
Fuzzing & Discovery:
- ffuf, dirsearch, arjun
Code Analysis:
- semgrep, bandit, trufflehog
Specialized:
- jwt_tool, wafw00f, interactsh-client
$ strix-claude-cli -t https://vulnerable-app.example.com -m deep
Strix Claude Code - Penetration Testing
Target: https://vulnerable-app.example.com
Scan Mode: deep
Custom Instructions: No
Starting Docker sandbox...
Sandbox ready!
Container: strix-claude-cli-scan-abc123
Tool server: http://127.0.0.1:54321
Starting Claude CLI...
============================================================
# Claude takes over here, running tools autonomously:
# - Runs nmap for port scanning
# - Uses nuclei for vulnerability scanning
# - Tests for SQL injection with sqlmap
# - Fuzzes parameters with ffuf
# - Creates vulnerability reports for findings
============================================================
Scan session ended.
Sandbox stopped.- Use the TUI: The TUI dashboard is the easiest way to manage scans
- Be specific: Provide clear targets and instructions
- Let it work: Claude will run many steps autonomously
- Check reports: Vulnerability reports are saved to your home directory (or custom path with
-o) - Keep container: Use
--keep-containerto examine findings after the session - Whitebox testing: Point to local source code for deeper analysis (
-t ./your-code)
Make sure Docker Desktop is installed and running.
Install with: npm install -g @anthropic-ai/claude-cli
Check if the strix sandbox image is available:
docker pull ghcr.io/usestrix/strix-sandbox:0.1.10The tool server inside the container may need more time to start. Try running with -v for verbose output.
Based on Strix by OmniSecure Labs.