Cyberstrike Agent
The cyberstrike agent is the default primary agent. It provides AI-powered offensive security testing with full tool access and can delegate to specialized subagents for domain-specific tasks.
Overview
When you run cyberstrike without specifying an agent, the cyberstrike agent starts automatically. It is a general-purpose offensive security agent designed to handle a wide range of tasks — from reconnaissance and vulnerability assessment to exploitation and reporting.
Agent Configuration
| Property | Value |
|---|---|
| Agent ID | cyberstrike |
| Mode | primary |
| Tool Access | Full (all tools allowed) |
| Can Ask Questions | Yes |
Launch the Agent
Since cyberstrike is the default agent, no flag is required:
# Start with the default cyberstrike agentcyberstrike
# Explicitly specify the agentcyberstrike --agent cyberstrike
# One-time runcyberstrike run "scan target.example.com for web vulnerabilities"Capabilities
The cyberstrike agent has access to all available tools and is not restricted to a specific security domain. It can:
- Perform web application security testing
- Conduct cloud infrastructure audits
- Execute network penetration testing
- Run automated scans with tools like Nuclei, Nmap, and SQLMap
- Browse and interact with web applications
- Read, write, and analyze files
- Ask clarifying questions when the task is ambiguous
Delegating to Specialized Agents
When a task requires deep domain expertise, the cyberstrike agent can invoke specialized subagents:
| Subagent | When Used |
|---|---|
web-application | OWASP WSTG methodology, browser-based testing |
cloud-security | AWS, Azure, GCP infrastructure audits |
internal-network | Active Directory attacks, network pivoting |
proxy-agent | HTTP proxy-based vulnerability testing |
general | Research, multi-step parallel tasks |
explore | Codebase and file system exploration |
Delegation happens automatically based on the task. You can also invoke agents directly with @agent-name:
@web-application test the login form for injection vulnerabilities@cloud-security audit the AWS S3 buckets for public accessPermission Model
The cyberstrike agent uses the broadest permission set:
- All tools are allowed by default
- Can ask clarifying questions (
question: allow) .envfiles require confirmation before reading- External directory access outside the project requires confirmation
- User-configured
denyrules incyberstrike.jsonare always respected
Example Session
You: Test the web application at https://app.example.com for common vulnerabilities
Agent: I'll start with reconnaissance and then test for OWASP Top 10 vulnerabilities.
[Fingerprinting web server...]Server: Apache/2.4.51Framework: PHP/LaravelAuthentication: JWT-based
[Launching web-application subagent for WSTG testing...]
[Scanning with Nuclei...]Found 3 medium-severity findings:- Missing Content-Security-Policy header- Server version disclosure in headers- X-Frame-Options not set
[Testing authentication...]⚠ FINDING: JWT Algorithm ConfusionLocation: Authorization headerSeverity: Critical (CVSS 9.8)Configuration
Set as Default Agent
The cyberstrike agent is the default and requires no configuration. To explicitly set it:
{ "agent": "cyberstrike"}Custom Instructions
Add project-specific context:
{ "agent": "cyberstrike", "instructions": "This is a Node.js REST API. Focus on authentication, IDOR, and injection vulnerabilities."}Related Documentation
- Web Application Agent - Specialized OWASP WSTG testing
- Cloud Security Agent - Cloud infrastructure auditing
- Internal Network Agent - Network and AD attacks
- Proxy Agent - HTTP proxy-based testing
- Custom Agents - Create your own agents