strix icon indicating copy to clipboard operation
strix copied to clipboard
Published 1 week ago verified publisher icon usestrix

feat(agent): add Target Complexity Index (TCI) + adaptive ScanPlanner for dynamic vulnerability scanning

Open alsayerofficial opened this issue 1 month ago • 0 comments

Summary

This development proposal introduces a Target Complexity Index (TCI) and an adaptive ScanPlanner to generate dynamic, context-aware vulnerability scanning plans for the Strix agent. The change moves the agent from static checklist execution to tactical, prioritized scanning driven by target fingerprinting and analysis.

Motivation

The proposed change is a strategic, expert-level improvement for agent-based security tooling. It enables the agent to reason about targets before running intrusive tests, reducing wasted effort and improving detection accuracy by focusing on the most likely attack vectors.

Key ideas & benefits

  1. Adaptive planning instead of fixed algorithms

    • Traditional scanners rely on static checklists or hard-coded algorithms. Adding TCI + ScanPlanner upgrades Strix into a planner that performs lightweight, real-time threat modeling (ports, tech stack, auth, API surface, etc.) and generates a focused scan plan.
    • Automated Threat Modeling: The agent synthesizes fingerprint data to identify the most probable vectors before launching tests.
    • Contextual Customization: Prevents running irrelevant tests (e.g., JWT checks when JWT isn’t used) by tailoring the plan to the target's tech/context.

  2. Operational efficiency & resource optimization

    • In LLM-driven agents, token usage and runtime matter. Dynamic planning reduces the search space for prompt modules and executor agents, reducing LLM "context distraction" and improving response quality.
    • Cost & time savings: Avoiding unnecessary tests reduces both LLM calls and sandbox execution time, lowering scan time and cost.

  3. Increased detection accuracy

    • Quality over quantity: The agent can spend more depth on high-value, complex tests instead of shallowly covering everything.
    • Fewer false positives: Context-aware, specialized prompts and validation reduce noisy findings.

Proposed design (high level)

  • TCI (0..100) computed from a target fingerprint: open ports, protocols, auth patterns, API surface size, front-end technologies, WAF/CDN presence, data sensitivity, patch posture, etc.
  • ScanPlanner maps TCI -> structured plan (priority tiers, ordered steps, module selection, safe_mode flags, timeouts, quotas).
  • Component boundaries:
    • strix/core/tci.py — TCI calculation, weights configurable.
    • strix/agents/planner.py — plan generation from TCI.
    • strix/modules/registry.py — accept priority metadata, quotas and safe_mode hints.
  • Communication payload example (JSON):
{
  "target": "https://api.example.local",
  "fingerprint": { /* metadata */ },
  "tci": 78.3,
  "plan": [
    {"step": 1, "module": "auth-enum", "priority": "high", "safe_mode": true},
    {"step": 2, "module": "id_or", "priority": "high", "safe_mode": true},
    {"step": 3, "module": "sqli-fuzz", "priority": "medium", "safe_mode": true}
  ]
}

alsayerofficial avatar Oct 30 '25 21:10 alsayerofficial