Strix Advanced Tools
EN
Open to community tools

Build a tool. Make it part of Strix.

Strix is a suite, not a walled garden. If you've built an open-source privacy or security tool that lives by the same rules — offline by default, zero telemetry, genuinely auditable — you can propose it. Once it passes the same security review and hardening pass every Strix tool goes through, it ships under the Strix umbrella: its own repository, a page on this site in 13 languages, and checksummed, attested releases.

Last updated

How it works

Four steps from your repository to a released Strix tool — and you keep authorship and the copyright the whole way through.

  1. 01

    Build your tool

    Write it in any language, for Windows and/or Linux, under an MIT-compatible license. Meet the criteria below: offline, no telemetry, one job done well.

  2. 02

    Open a submission

    File a submission issue on GitHub with a link to your repo, what it does, the platforms it targets, and how it touches the network — if at all. No account with us is needed; just GitHub.

  3. 03

    Security review & hardening

    We run the same gate every Strix tool passed: static analysis, a dependency and supply-chain audit, an adversarial code review, and a hardening pass. You get the findings and we work them through together.

  4. 04

    It ships as Strix

    On acceptance your tool gets its own repository under the Strix organization, a localized landing page on this site, and releases with SHA-256 checksums and a build-provenance attestation.

What a Strix tool must be

These are non-negotiable — they are the promises the whole suite is built on. If your tool already lives by them, it will feel right at home.

Open source

Public source under the MIT license (or an MIT-compatible permissive license). Nothing hidden, nothing obfuscated.

Offline by default

No network calls of its own for a desktop tool. If networking is the tool's whole purpose (recon/OSINT), it must be key-less, consent-gated and clearly scoped.

Zero telemetry

No analytics SDKs, no phone-home, no accounts. The user's data never leaves their machine.

One job, done well

A focused utility with sensible defaults, a clear scope, and an explicit statement of what it deliberately does not do.

Documented & testable

A README, a SECURITY.md with a threat model, and regression tests for anything safety-critical.

Least privilege

No shell-outs, no dynamic code execution, argv-only subprocess calls, absolute-path tool resolution, and elevation only where genuinely required.

The security review every submission goes through

The same gate the existing tools cleared before launch. Nothing ships until it passes.

What you keep — and what you get

Contributing to Strix doesn't mean signing your work away.

Your authorship & copyright

You stay the author. The MIT copyright is yours; Strix distributes and co-maintains it with you.

A real audience

A localized landing page in 13 languages, SEO/GEO wiring, and a place in the tool grid and downloads.

A trusted release pipeline

Checksums, attestation, an eventual code-signing path (SignPath Foundation), and a security-disclosure process — set up for you.

Co-maintenance

Issues, PRs and security reports flow through the same process as the rest of the suite. You are not on your own.

Ready to submit?

Open a submission issue with your repository link and a short description. We'll pick it up, run the review, and work with you from there. Not ready yet? Read the full contribution guide first.

Submitting needs only a GitHub account. There is no fee, no contributor agreement that takes your rights, and no obligation — you can withdraw any time before release.

FAQ

Do I lose ownership of my tool?

No. You keep authorship and the MIT copyright. Strix co-maintains and distributes it with you, and you can withdraw before release.

What languages or frameworks are allowed?

Any. The existing suite spans Python, C#, PowerShell and more — what matters is the license, the offline/no-telemetry rules, and passing the security review, not the stack.

What if my tool needs the network?

That's fine only if networking is its actual purpose (like the recon/OSINT tools). It must then be key-less, gated behind explicit consent, clearly scoped, and authorized-use-only — never silent or background traffic.

How long does the review take?

It depends on the size of the tool and how many findings surface. Small, already-hardened tools move quickly; anything touching destructive operations or elevation gets extra scrutiny.

What happens if it doesn't pass?

You get the full findings and can address them and resubmit. A review that finds issues is the process working — the same happened to the tools already in the suite.