Marketplace

vuln-scout

VulnScout plugins for AI-assisted whitebox security review, deterministic local quick scans, evidence-backed verification, portable reports, and one-release whitebox-pentest compatibility aliases.

npx claudepluginhub allsmog/vuln-scout

README

View full README on GitHub

1 Plugin

vuln-scout

18·

AI-powered whitebox penetration testing plugin for Claude Code. 9 languages, 27 skills, 8 autonomous agents. STRIDE threat modeling, hotspot-aware findings, SARIF output, and polyglot monorepo support.

1mo

v1.4.0

allsmog

Related Marketplaces

antigravity-awesome-skills

38.6K

0plugins

Claude Code marketplace entries for the plugin-safe Antigravity Awesome Skills library and its compatible editorial bundles.

claude-code-workflows

35.9K

0plugins

Production-ready workflow orchestration with 83 marketplace plugins, 191 local specialized agents, and 155 local skills - optimized for granular installation and minimal token usage

claude-plugins-official

27.2K

0plugins

Directory of popular Claude Code extensions including development tools, productivity plugins, and MCP integrations

Stats

Plugins1

Stars18

UpdatedMay 22, 2026

Links

View on GitHub View Marketplace JSON

Help us improve

Share bugs, ideas, or general feedback.

Stats

Links

Help us improve

Share bugs, ideas, or general feedback.

VulnScout

AI-powered whitebox penetration testing for Claude Code.

One command. Full audit. Any codebase.

/whitebox-pentest:full-audit /path/to/code

VulnScout is a Claude Code plugin that turns Claude into an autonomous security reviewer. It brings battle-tested pentesting methodology (HTB Academy, OffSec AWAE/OSWE) into your terminal with STRIDE threat modeling, evidence-first findings, and support for 9 languages including Solidity smart contracts.

Tested end-to-end on OWASP Juice Shop v17.1.1 -- 62 findings across SQL injection, XSS, path traversal, SSTI, SSRF, hardcoded secrets, and more.

Why VulnScout?

Traditional SAST tools find patterns. VulnScout understands your application.

Automated scan pipeline -- Semgrep + Joern CPG + secret scanning in one command, with SARIF and Markdown output
Threat models first, then hunts -- STRIDE analysis identifies what matters before scanning
Traces data flow, not just patterns -- follows user input from source to sink across files and services
15 CPG verification scripts -- proves exploitability through Code Property Graph analysis, not just pattern matching
CVSS 3.1 auto-scoring -- every finding gets a CVSS vector and numeric score
Handles massive codebases -- language-aware compression (Go: 97% reduction, Python: 90%) lets it audit million-token monorepos
Chains vulnerabilities -- finds SSRF-to-SSTI-to-RCE attack chains that single-pattern scanners miss
Polyglot-native -- audits Go + Python + TypeScript microservices as one interconnected system

Quick Start

# Option 1: Symlink into your project's plugin directory
mkdir -p .claude/plugins
ln -s /path/to/vuln-scout/whitebox-pentest .claude/plugins/whitebox-pentest

# Option 2: Copy into your project
cp -r /path/to/vuln-scout/whitebox-pentest .claude/plugins/whitebox-pentest

# Run a full audit
/whitebox-pentest:full-audit .

# Or start with threat modeling
/whitebox-pentest:threats

Note: .claude/plugins/ is relative to your project root. Claude Code automatically discovers plugins in this directory.

Standalone Scan Pipeline

VulnScout includes Python scripts that run independently of Claude Code:

# Scan with Semgrep + secret scanning
python3 scripts/scan_orchestrator.py /path/to/code --tools semgrep --secrets --format sarif

# Create a Joern CPG (cached by content hash)
python3 scripts/create_cpg.py /path/to/code

# Batch-verify findings with Joern CPG analysis
python3 scripts/batch_verify.py --findings .claude/findings.json --cpg .joern/*.cpg

# Render HTML or Markdown from an existing findings artifact
python3 scripts/report.py .claude/findings.json --format html --output security-report.html

# CI gate: fail on high-severity findings
python3 scripts/scan_orchestrator.py . --tools semgrep --fail-on high --format sarif --output findings.sarif

What You Get

13 Commands

Command	What it does
`/whitebox-pentest:full-audit`	One command does everything -- scopes, threat models, audits, reports
`/whitebox-pentest:threats`	STRIDE threat modeling with data flow diagrams
`/whitebox-pentest:sinks`	Find dangerous functions across 9 languages
`/whitebox-pentest:trace`	Follow data from source to sink
`/whitebox-pentest:scan`	Run Semgrep, CodeQL, and Joern into a shared findings artifact
`/whitebox-pentest:scope`	Handle large codebases with smart compression
`/whitebox-pentest:propagate`	Found one bug? Find every instance of the pattern
`/whitebox-pentest:verify`	CPG-based false positive elimination
`/whitebox-pentest:report`	Render Markdown, JSON, SARIF, or HTML from the shared findings artifact
`/whitebox-pentest:diff`	Compare security posture between git refs and highlight regressions
`/whitebox-pentest:auto-fix`	Auto-remediate verified findings with generated patches
`/whitebox-pentest:create-rule`	Generate a custom Semgrep rule from a confirmed vulnerability pattern
`/whitebox-pentest:mutate`	Mutation-test security controls to find detection gaps

8 Autonomous Agents

Agents run independently and return detailed analysis:

app-mapper -- Maps architecture and trust boundaries
threat-modeler -- STRIDE analysis and data flow diagrams (consumes app-mapper output)
code-reviewer -- Proactive vulnerability identification
local-tester -- Dynamic testing guidance (hands off to poc-developer)
poc-developer -- Proof of concept development
patch-advisor -- Specific remediation with code patches
false-positive-verifier -- Evidence-based verification with NEEDS_REVIEW resolution path
attack-researcher -- Autonomous attack vector exploration beyond pattern matching

vuln-scout

README

1 Plugin

vuln-scout

Related Marketplaces

antigravity-awesome-skills

claude-code-workflows

claude-plugins-official

Help us improve

Help us improve

Find plugins for your project

vuln-scout

README

VulnScout

Why VulnScout?

Quick Start

Standalone Scan Pipeline

What You Get

13 Commands

8 Autonomous Agents

15 Joern CPG Verification Scripts

1 Plugin

vuln-scout

Related Marketplaces

antigravity-awesome-skills

claude-code-workflows

claude-plugins-official

Help us improve

VulnScout

Why VulnScout?

Quick Start

Standalone Scan Pipeline

What You Get

13 Commands

8 Autonomous Agents

15 Joern CPG Verification Scripts