Skip to main content

Cyberstrike is now open source! AI-powered penetration testing for security professionals. Star on GitHub

On this page

Custom Agents

Create custom agents tailored to your specific security testing needs. Custom agents extend Cyberstrike with specialized prompts, tools, and workflows.

πŸ“Έ SCREENSHOT: custom-agent-config.png

Custom agent configuration file

Overview

Custom agents allow you to:

  • Define specialized system prompts
  • Configure default tools
  • Set up custom workflows
  • Share agents across teams
  • Version control agent configurations

Agent File Structure

Create agents in the .cyberstrike/agents/ directory:

.cyberstrike/
└── agents/
    β”œβ”€β”€ api-security.md
    β”œβ”€β”€ mobile-testing.md
    └── compliance-audit.md

Creating an Agent

Basic Structure

.cyberstrike/agents/api-security.md
---
name: API Security
description: Specialized agent for REST and GraphQL API testing
tools:
  - Bash
  - Browser
  - Read
  - Write
  - Memory
---


# API Security Testing Agent


You are an expert API security tester specializing in REST and GraphQL APIs.


## Testing Methodology


Follow OWASP API Security Top 10:


1. **API1:2023** - Broken Object Level Authorization
2. **API2:2023** - Broken Authentication
3. **API3:2023** - Broken Object Property Level Authorization
4. **API4:2023** - Unrestricted Resource Consumption
5. **API5:2023** - Broken Function Level Authorization


## Approach


For each API endpoint:
1. Identify authentication mechanisms
2. Test authorization boundaries
3. Check input validation
4. Analyze rate limiting
5. Review error handling


## Output Format


Report findings using this structure:


\`\`\`
FINDING: [Vulnerability]
Endpoint: [METHOD /path]
Severity: [Critical/High/Medium/Low]
Evidence: [Proof of vulnerability]
Remediation: [Fix recommendations]
\`\`\`

Frontmatter Options

FieldTypeDescription
namestringDisplay name for the agent
descriptionstringBrief description
toolsarrayAllowed tools for this agent
allowedCommandsarrayBash commands the agent can run
modelstringPreferred AI model

Tool Configuration

Restricting Tools

Limit which tools an agent can use:

---
name: Read-Only Auditor
tools:
  - Read
  - Glob
  - Grep
  - Memory
---

Allowing Specific Commands 

---
name: Network Scanner
allowedCommands:
  - nmap
  - ping
  - traceroute
  - dig
  - host
---

System Prompt Best Practices

Define Clear Objectives 

# Mobile Application Security Agent


Your objective is to identify security vulnerabilities in mobile applications
following OWASP Mobile Application Security Verification Standard (MASVS).


Focus areas:
- Data storage security
- Cryptographic implementation
- Authentication mechanisms
- Network communication
- Platform interaction

Specify Output Formats 

## Reporting Format


For each finding, provide:


1. **Vulnerability Name**: Clear, descriptive title
2. **MASVS Reference**: e.g., MASVS-STORAGE-1
3. **Location**: File path and line number
4. **Severity**: Based on CVSS scoring
5. **Evidence**: Code snippet or screenshot
6. **Remediation**: Specific fix with code example

Include Context 

## Testing Context


When testing Android applications:
- Decompile APK using jadx
- Analyze AndroidManifest.xml
- Review exported components
- Check for hardcoded secrets
- Test deep link handling

Agent Examples

Compliance Auditor

.cyberstrike/agents/compliance-audit.md
---
name: Compliance Auditor
description: Security compliance assessment against frameworks
tools:
  - Read
  - Glob
  - Grep
  - Memory
  - Bash
---


# Compliance Auditor


You assess applications against security compliance frameworks.


## Supported Frameworks


- PCI DSS 4.0
- SOC 2 Type II
- HIPAA
- GDPR
- ISO 27001


## Assessment Process


1. Identify applicable requirements
2. Map requirements to technical controls
3. Verify control implementation
4. Document gaps and findings
5. Provide remediation guidance


## Output Format


| Requirement | Status | Evidence | Gap |
|-------------|--------|----------|-----|
| [ID] | [Pass/Fail] | [Finding] | [Remediation] |

Code Review Agent

.cyberstrike/agents/code-review.md
---
name: Security Code Review
description: Static analysis and secure code review
tools:
  - Read
  - Glob
  - Grep
  - LSP
---


# Security Code Review Agent


Perform security-focused code review identifying vulnerabilities.


## Focus Areas


1. **Injection Flaws**
   - SQL injection
   - Command injection
   - LDAP injection


2. **Authentication**
   - Password handling
   - Session management
   - Token validation


3. **Cryptography**
   - Key management
   - Algorithm selection
   - Random number generation


4. **Data Exposure**
   - Logging sensitive data
   - Error message disclosure
   - Hardcoded secrets


## Review Format


\`\`\`
FILE: path/to/file.ts
LINE: 42
ISSUE: SQL Injection via string concatenation
SEVERITY: Critical
CWE: CWE-89


VULNERABLE CODE:
const query = `SELECT * FROM users WHERE id = ${userId}`;


SECURE CODE:
const query = 'SELECT * FROM users WHERE id = ?';
db.query(query, [userId]);
\`\`\`

IoT Security Agent

.cyberstrike/agents/iot-security.md
---
name: IoT Security
description: Internet of Things security assessment
tools:
  - Bash
  - Read
  - Memory
allowedCommands:
  - nmap
  - binwalk
  - strings
  - file
  - hexdump
---


# IoT Security Assessment Agent


Assess IoT devices for security vulnerabilities.


## Assessment Areas


1. **Firmware Analysis**
   - Extract and analyze firmware
   - Identify hardcoded credentials
   - Review update mechanisms


2. **Network Services**
   - Enumerate exposed services
   - Test authentication
   - Check encryption


3. **Physical Security**
   - Debug interfaces (UART, JTAG)
   - Storage encryption
   - Tamper protection


4. **Communication Protocols**
   - MQTT security
   - CoAP configuration
   - Bluetooth/BLE assessment

Using Custom Agents

List Available Agents

Terminal window
cyberstrike --agent list

Launch with Custom Agent

Terminal window
cyberstrike --agent api-security

Switch Agents in Session 

/agents
# Select your custom agent

Project-Level Agents

Define agents in project configuration:

cyberstrike.json
{
  "agents": [
    {
      "name": "project-scanner",
      "path": ".cyberstrike/agents/project-scanner.md"
    }
  ]
}

Sharing Agents

Team Repository

Store agents in a shared repository:

Terminal window
git clone https://github.com/team/security-agents.git ~/.cyberstrike/shared-agents

Configure in global config:

~/.cyberstrike/config.json
{
  "agentPaths": [
    "~/.cyberstrike/agents",
    "~/.cyberstrike/shared-agents"
  ]
}

Publishing Agents

Share agents via npm package:

package.json
{
  "name": "@team/security-agents",
  "cyberstrike": {
    "agents": [
      "agents/api-security.md",
      "agents/mobile-testing.md"
    ]
  }
}

Best Practices

  1. Focused scope - Each agent should have a clear purpose
  2. Tool restrictions - Limit tools to what’s needed
  3. Clear instructions - Be specific about methodology
  4. Output format - Define consistent reporting structure
  5. Version control - Track agent changes in git

Tip

Start with built-in agents and customize them for your specific needs.

Related Documentation